clusterpedia icon indicating copy to clipboard operation
clusterpedia copied to clipboard

Published 20 hours ago verified publisher icon clusterpedia-io

Pediacluster support filter roles when sync resources

Open wuyingjun-lucky opened this issue 3 years ago • 10 comments

What would you like to be added?

We want pediacluster support filter rules when sync resources

Why is this needed?

We want skip some namepace when resource syncd like kube-system

wuyingjun-lucky avatar Jul 19 '22 10:07 wuyingjun-lucky

Is this done to avoid sensitive resources being synced to the clusterpedia, or is there another purpose?

Iceber avatar Jul 19 '22 13:07 Iceber

Is this done to avoid sensitive resources being synced to the clusterpedia, or is there another purpose?

We have three clusters now and the workload name is different and namespace is same.
And the k8s or other control plane system and the resources on that namespace are same, we just want keep one copy and actually do not care about them. we just care about our workload So we want add an optional api in pediacluster and that we can have a choice to avoid some resources being synced

wuyingjun-lucky avatar Jul 19 '22 13:07 wuyingjun-lucky

I have a few questions:

  1. even if the resources in these control system namespaces are the same in multiple clusters, their status may still be different for various reasons, and if we don't synchronize them, then we will never be able to see the specific information of the resources in these namespaces within a specific cluster through the clusterpedia

  2. Is it possible to ignore some namespaces when retrieving resources, for example by using the search label -search.clusterpedia.io/namespaces notin (a,b,c) or url query - ?ignoreNamespaces=a,b,c?

it is also possible to use raw query

Of course I don't have a proper reason to oppose this feature, but it might make users confused about not retrieving resources in certain namespaces.

Iceber avatar Jul 20 '22 02:07 Iceber

  1. multiple

Two reasons 1 · Our app developer、 k8s developer and k8s SRE are different parts. Our team may just care about the resources we directly use. The SRE do not use clusterpedia to monitor the k8s clusters 2. we found when we use old version client-go to list and then watch (informers) the collection resources will hang up because duplicate resources

wuyingjun-lucky avatar Jul 20 '22 03:07 wuyingjun-lucky

I think we can implement this in 0.5.

To implement this we add a field in PediaCluster - ignoredNamespaces: [].

apiVersion: cluster.clusterpedia.io/v1alpha1
kind: PediaClusteer
metadata:
  name: example
spec:
  syncResources:
  - group: ""
     resources:
     - "pods"
  ignoredNamespaces:
  - "kube-system"

Global settings, not specific to a resource, What do you think?

Iceber avatar Jul 20 '22 03:07 Iceber

I think we can implement this in 0.5.

To implement this we add a field in PediaCluster - ignoredNamespaces: [].

apiVersion: cluster.clusterpedia.io/v1alpha1
kind: PediaClusteer
metadata:
  name: example
spec:
  syncResources:
  - group: ""
     resources:
     - "pods"
  ignoredNamespaces:
  - "kube-system"

Global settings, not specific to a resource, What do you think?

Yeah, we can make it optional

wuyingjun-lucky avatar Jul 21 '22 04:07 wuyingjun-lucky

/assign

duanmengkk avatar Jul 22 '22 03:07 duanmengkk

I have a question, what should we handle if the resource is cluster resource?

cleverhu avatar Aug 10 '22 15:08 cleverhu

I have a question, what should we handle if the resource is cluster resource?

Sometimes we may have turned on collecting all Crd resources, which may contain cluster resources.

cleverhu avatar Aug 10 '22 15:08 cleverhu

Maybe we can pending the issue if we do not find the best scheme

wuyingjun-lucky avatar Aug 11 '22 01:08 wuyingjun-lucky