Feature request: namespaceToIgnore

[CapKenR]

I have a namespace that is very noisy, i.e. jobs and pods created, updated, and deleted every minute. This namespace is on every cluster is the same and I'd like to have one configuration that works on all clusters. I don't want to have to include every namespace but this one from every cluster in a namespaceToWatch list.

[arikalon1]

Hi @CapKenR

You can't do this in KubeWatch itself right now, but as a workaround you can do it via a Robusta playbook. Robusta is an open source project based on Kubewatch. Robusta provides message formatting, filtering and other advanced options.

Here's an example configuration:

customPlaybooks:
- triggers:
    - on_deployment_create:
        namespace_prefix: "default"
    - on_deployment_create:
        namespace_prefix: "stg-ns"
  actions:
    - create_finding:
        title: "Deployment named $name on namespace $namespace created"
        aggregation_key: "Deployment Created"
- triggers:
    - on_deployment_update:
        namespace_prefix: "default"
    - on_deployment_update:
        namespace_prefix: "stg-ns"
  actions:
    - create_finding:
        title: "Deployment named $name on namespace $namespace updated"
        aggregation_key: "Deployment Updated"
- triggers:
    - on_deployment_delete:
        namespace_prefix: "default"
    - on_deployment_delete:
        namespace_prefix: "stg-ns"
  actions:
    - create_finding:
        title: "Deployment named $name on namespace $namespace deleted"
        aggregation_key: "Deployment Deleted"

You can read more here.

There's also another robusta action you can use, that tracks changes here

Will that satisfy your requirements?

[CapKenR]

I was hoping to do this without introducing another tool, but I'll look at Robusta this weekend.

[pasztorl]

I think it would be great if we can specify ignore not just namespace but namespace:object level.

[aantn]

@pasztorl that's also the type of logic we're covering in Robusta:

- triggers:
    - on_deployment_create:
         namespace_prefix: "stg-ns"
          name_prefix: my-app-name
          labels_selector: app=my-app
  actions:
    - create_finding:
         title: "Deployment named $name on namespace $namespace created"
         aggregation_key: "Deployment Created"

The rationale for splitting this into two pods (KubeWatch and Robusta) is to split the Kubernetes event-listening logic from the general filtering, forwarding, and routing logic, which can be much more complex. E.g. you might want to forward certain namespaces to one Slack channel, but other namespaces to PagerDuty.