Exclude namespaces by regex

Author: Alan Clucas

README.md

@@ -59,26 +59,27 @@ Available Commands:
   version     Print the version number
 
 Flags:
-  -s, --api-server string        Kubernetes api-server url
-  -c, --config string            Configuration file (default "/etc/katafygio/katafygio.yaml")
-  -q, --context string           Kubernetes configuration context
-  -d, --dry-run                  Dry-run mode: don't store anything
-  -m, --dump-only                Dump mode: dump everything once and exit
-  -x, --exclude-kind strings     Ressource kind to exclude. Eg. 'deployment'
-  -y, --exclude-object strings   Object to exclude. Eg. 'configmap:kube-system/kube-dns'
-  -l, --filter string            Label filter. Select only objects matching the label
-  -t, --git-timeout duration     Git operations timeout (default 5m0s)
-  -g, --git-url string           Git repository URL
-  -p, --healthcheck-port int     Port for answering healthchecks on /health url
-  -h, --help                     help for katafygio
-  -k, --kube-config string       Kubernetes configuration path
-  -e, --local-dir string         Where to dump yaml files (default "./kubernetes-backup")
-  -v, --log-level string         Log level (default "info")
-  -o, --log-output string        Log output (default "stderr")
-  -r, --log-server string        Log server (if using syslog)
-  -a, --namespace string         Only dump objects from this namespace
-  -n, --no-git                   Don't version with git
-  -i, --resync-interval int      Full resync interval in seconds (0 to disable) (default 900)
+  -s, --api-server string            Kubernetes api-server url
+  -c, --config string                Configuration file (default "/etc/katafygio/katafygio.yaml")
+  -q, --context string               Kubernetes configuration context
+  -d, --dry-run                      Dry-run mode: don't store anything
+  -m, --dump-only                    Dump mode: dump everything once and exit
+  -x, --exclude-kind strings         Ressource kind to exclude. Eg. 'deployment'
+  -z, --exclude-namespaces strings   Namespaces to exclude. Eg. 'temp.*' as regexes. This collects all namespaces and then filters them. Don't use it with the namespace flag.
+  -y, --exclude-object strings       Object to exclude. Eg. 'configmap:kube-system/kube-dns'
+  -l, --filter string                Label filter. Select only objects matching the label
+  -t, --git-timeout duration         Git operations timeout (default 5m0s)
+  -g, --git-url string               Git repository URL
+  -p, --healthcheck-port int         Port for answering healthchecks on /health url
+  -h, --help                         help for katafygio
+  -k, --kube-config string           Kubernetes configuration path
+  -e, --local-dir string             Where to dump yaml files (default "./kubernetes-backup")
+  -v, --log-level string             Log level (default "info")
+  -o, --log-output string            Log output (default "stderr")
+  -r, --log-server string            Log server (if using syslog)
+  -a, --namespace string             Only dump objects from this namespace
+  -n, --no-git                       Don't version with git
+  -i, --resync-interval int          Full resync interval in seconds (0 to disable) (default 900)
 ```
 
 ## Configuration file and env variables

cmd/execute.go

@@ -70,7 +70,7 @@ func runE(cmd *cobra.Command, args []string) (err error) {
 	}
 
 	evts := event.New()
-	fact := controller.NewFactory(logger, filter, resyncInt, exclobj)
+	fact := controller.NewFactory(logger, filter, resyncInt, exclobj, exclnamespaces)
 	reco := recorder.New(logger, evts, localDir, resyncInt*2, dryRun).Start()
 	obsv := observer.New(logger, restcfg, evts, fact, exclkind, namespace).Start()
 

cmd/flags.go

@@ -9,25 +9,26 @@ import (
 )
 
 var (
-	cfgFile    string
-	apiServer  string
-	context    string
-	namespace  string
-	kubeConf   string
-	dryRun     bool
-	dumpMode   bool
-	logLevel   string
-	logOutput  string
-	logServer  string
-	filter     string
-	localDir   string
-	gitURL     string
-	gitTimeout time.Duration
-	healthP    int
-	resyncInt  int
-	exclkind   []string
-	exclobj    []string
-	noGit      bool
+	cfgFile        string
+	apiServer      string
+	context        string
+	namespace      string
+	exclnamespaces []string
+	kubeConf       string
+	dryRun         bool
+	dumpMode       bool
+	logLevel       string
+	logOutput      string
+	logServer      string
+	filter         string
+	localDir       string
+	gitURL         string
+	gitTimeout     time.Duration
+	healthP        int
+	resyncInt      int
+	exclkind       []string
+	exclobj        []string
+	noGit          bool
 )
 
 func bindPFlag(key string, cmd string) {
@@ -52,6 +53,9 @@ func init() {
 	RootCmd.PersistentFlags().StringVarP(&namespace, "namespace", "a", "", "Only dump objects from this namespace")
 	bindPFlag("namespace", "namespace")
 
+	RootCmd.PersistentFlags().StringSliceVarP(&exclnamespaces, "exclude-namespaces", "z", nil, "Namespaces to exclude. Eg. 'temp.*' as regexes. This collects all namespaces and then filters them. Don't use it with the namespace flag.")
+	bindPFlag("exclude-namespaces", "exclude-namespaces")
+
 	RootCmd.PersistentFlags().StringVarP(&kubeConf, "kube-config", "k", "", "Kubernetes configuration path")
 	bindPFlag("kube-config", "kube-config")
 
@@ -103,6 +107,7 @@ func bindConf(cmd *cobra.Command, args []string) {
 	apiServer = viper.GetString("api-server")
 	context = viper.GetString("context")
 	namespace = viper.GetString("namespace")
+	exclnamespaces = viper.GetStringSlice("exclude-namespaces")
 	kubeConf = viper.GetString("kube-config")
 	dryRun = viper.GetBool("dry-run")
 	dumpMode = viper.GetBool("dump-only")

pkg/controller/controller.go

@@ -7,6 +7,7 @@ package controller
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -43,24 +44,26 @@ type logger interface {
 
 // Factory generate controllers
 type Factory struct {
-	logger     logger
-	filter     string
-	resyncIntv time.Duration
-	excluded   []string
+	logger      logger
+	filter      string
+	resyncIntv  time.Duration
+	excludedobj []string
+	excludedns  []string
 }
 
 // Controller is a generic kubernetes controller
 type Controller struct {
-	name       string
-	stopCh     chan struct{}
-	doneCh     chan struct{}
-	syncCh     chan struct{}
-	notifier   event.Notifier
-	queue      workqueue.RateLimitingInterface
-	informer   cache.SharedIndexInformer
-	logger     logger
-	resyncIntv time.Duration
-	excluded   []string
+	name        string
+	stopCh      chan struct{}
+	doneCh      chan struct{}
+	syncCh      chan struct{}
+	notifier    event.Notifier
+	queue       workqueue.RateLimitingInterface
+	informer    cache.SharedIndexInformer
+	logger      logger
+	resyncIntv  time.Duration
+	excludedobj []string
+	excludedns  []*regexp.Regexp
 }
 
 // New return a kubernetes controller using the provided client
@@ -70,7 +73,8 @@ func New(client cache.ListerWatcher,
 	name string,
 	filter string,
 	resync time.Duration,
-	excluded []string,
+	excludedobj []string,
+	excludednamespace []string,
 ) *Controller {
 
 	selector := metav1.ListOptions{LabelSelector: filter, ResourceVersion: "0"}
@@ -113,17 +117,23 @@ func New(client cache.ListerWatcher,
 		},
 	})
 
+	exclnsre := make([]*regexp.Regexp, 0)
+	for _, ns := range excludednamespace {
+		exclnsre = append(exclnsre, regexp.MustCompile(ns))
+	}
+
 	return &Controller{
-		stopCh:     make(chan struct{}),
-		doneCh:     make(chan struct{}),
-		syncCh:     make(chan struct{}, 1),
-		notifier:   notifier,
-		name:       name,
-		queue:      queue,
-		informer:   informer,
-		logger:     log,
-		resyncIntv: resync,
-		excluded:   excluded,
+		stopCh:      make(chan struct{}),
+		doneCh:      make(chan struct{}),
+		syncCh:      make(chan struct{}, 1),
+		notifier:    notifier,
+		name:        name,
+		queue:       queue,
+		informer:    informer,
+		logger:      log,
+		resyncIntv:  resync,
+		excludedobj: excludedobj,
+		excludedns:  exclnsre,
 	}
 }
 
@@ -198,7 +208,7 @@ func (c *Controller) processItem(key string) error {
 		return fmt.Errorf("error fetching %s from store: %v", key, err)
 	}
 
-	for _, obj := range c.excluded {
+	for _, obj := range c.excludedobj {
 		if strings.Compare(strings.ToLower(obj), strings.ToLower(c.name+":"+key)) == 0 {
 			return nil
 		}
@@ -220,6 +230,16 @@ func (c *Controller) processItem(key string) error {
 		delete(md, attr)
 	}
 
+	if namespace, ok := md["namespace"].(string); ok {
+		for _, nsre := range c.excludedns {
+			if nsre.MatchString(namespace) {
+				// Rely on the background sync to delete these excluded files if
+				// we previously had aquired them
+				return nil
+			}
+		}
+	}
+
 	yml, err := yaml.Marshal(obj)
 	if err != nil {
 		return fmt.Errorf("failed to marshal %s: %v", key, err)
@@ -234,16 +254,17 @@ func (c *Controller) enqueue(notif *event.Notification) {
 }
 
 // NewFactory create a controller factory
-func NewFactory(logger logger, filter string, resync int, excluded []string) *Factory {
+func NewFactory(logger logger, filter string, resync int, excludedobj []string, excludedns []string) *Factory {
 	return &Factory{
-		logger:     logger,
-		filter:     filter,
-		resyncIntv: time.Duration(resync) * time.Second,
-		excluded:   excluded,
+		logger:      logger,
+		filter:      filter,
+		resyncIntv:  time.Duration(resync) * time.Second,
+		excludedobj: excludedobj,
+		excludedns:  excludedns,
 	}
 }
 
 // NewController create a controller.Controller
 func (f *Factory) NewController(client cache.ListerWatcher, notifier event.Notifier, name string) Interface {
-	return New(client, notifier, f.logger, name, f.filter, f.resyncIntv, f.excluded)
+	return New(client, notifier, f.logger, name, f.filter, f.resyncIntv, f.excludedobj, f.excludedns)
 }

pkg/controller/controller_test.go

@@ -121,7 +121,7 @@ func TestController(t *testing.T) {
 
 	evt := new(mockNotifier)
 	log := new(mockLog)
-	f := NewFactory(log, "label1=something", 60, []string{"pod:ns3/Bar3"})
+	f := NewFactory(log, "label1=something", 60, []string{"pod:ns3/Bar3"}, []string{})
 	ctrl := f.NewController(client, evt, "pod")
 
 	// this will trigger a deletion event