External-dns: Ability to exclude a namespace
Right now it is possible to either use all namespaces or just a single namespace - In certain scenarios, it would be nice to be able to exclude kube-system or my-ops-area or whichever name I use.
Being able to blacklist more than one, comma separated perhaps, would be ideal.
helgi
All 27 comments
Makes sense. How do you want to specify this?
I see two three options:
- have two flags for
--include-namespace=foo,barand--exclude-namespace=kube-system - have only one flag
--namespace=foo,bar,!kube-systemsimilar to https://github.com/linki/chaoskube#filtering-targets - define a regexp that describes all valid namespaces
[edited]
- added the third possibility via regexps
linki
on 2 Jun 2017
I prefer option 2, using ! as it flows more naturally and is more concise.
In case people are confused by that (not sure why) and you went with option one then I would use --namespace like now for inclusion
helgi
on 2 Jun 2017
Just my two cents: this use case (include/exclude a list of items) often appears in software and I generally prefer something with regular expressions as this allows use cases such as "only work on all namespaces ending with '-test'" (namespaces might be dynamically created and not known at deployment time of external-dns).
hjacobs
on 5 Jun 2017
@hjacobs while I agree with the flexibility then from experience I can say that supporting full regex can lead to weird errors and potential security issues (less here perhaps) :) For your scenario adding support for * would suffice? *-test, most languages have that and some smarts string replace + start/ends with like functions can be used.
I digress tho - Either way I would be happy but I would prefer the simple/easier to test solution ;-)
helgi
on 5 Jun 2017
I would also just go with a regexp. However, at least in Go, excluding things turns out to be more involved. AFAIK "include all namespaces that don't have production in their name" in a single flag is tricky. If you know how to do it, let me know.
linki
on 5 Jun 2017
@linki @helgi @hjacobs Thank you for your inputs that's what i was looking for to "exclude the specific namespace (kube-system)" to send logs to Elastisearch so that i don't see logs from "kube-system" in Kibana. I have researched a lot and spent lot of my time but didn't get a proper answer on how to iterate the configuration in td-agent.conf to make it work. I used the below but it didn't work... appreciate any suggestions:
<match kubernetes.var.log.containers.**_kube-system_**>
@type null
</match>
Can anyone please give me an example within using regexp.
Thanks in advance!
viquar22
on 3 Nov 2017
Any news on this? I use a FQDN template, and would like to exclude services from the kube-system namespace, as well as a few others from being sync'd.
HeWhoWas
on 11 Jan 2019
I think this wasn't picked up, PRs are welcome.
Raffo
on 11 Jan 2019
On macOS I've been using this alias as a workaround, expanded from a stack overflow answer:
alias ka='f(){ kubectl "$@" --all-namespaces | grep -v kube-system; unset -f f; }; f'
-v inverts the grep matching, when I ka get po I generally want to see all my namespaces and exclude the system one
jmooo
on 14 Mar 2019
I looked into this issue but fixing it in code is a bit more involved than I thought.
How are others working around this? Would running multiple external-dns instances in the allowed namespaces with the --namespace flag work? Are there any anticipated side effects with this approach?
ameir
on 20 Mar 2019
Hi @ameir
I run separate instance for every namespaces I need. It is important to use different EXTERNAL_DNS_TXT_OWNER_ID and EXTERNAL_DNS_TXT_PREFIX as I may understand. Also I use different EXTERNAL_DNS_DOMAIN_FILTER by namespaces.
maximsnezhkov
on 21 Mar 2019
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 19 Jun 2019
/remove-lifecycle stale
ramnes
on 19 Jun 2019
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 17 Sep 2019
/remove-lifecycle stale
sstarcher
on 25 Sep 2019
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 24 Dec 2019
Sorry to revive this stale issue - but I can not find any documentation around limiting external-dns to a particular namespace - only by source type (ingress or service). I would like to isolate the namespaces it scans to only use those in a particular namespace.
ukphillips
on 3 Jan 2020
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 2 Feb 2020
/remove-lifecycle rotten
Raffo
on 4 Feb 2020
For multi-tenant clusters, this feature would be extremely useful.
JustinPlute
on 28 Feb 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 29 May 2020
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 28 Jun 2020
/remove-lifecycle rotten
Raffo
on 28 Jun 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 26 Sep 2020
/remove-lifecycle stale
seanmalloy
on 27 Sep 2020
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 26 Dec 2020
/remove-lifecycle stale
seanmalloy
on 29 Dec 2020
Related issues
placydo
路
5Comments
lemaral
路
4Comments
szuecs
路
4Comments
njuettner
路
4Comments
Fettah
路
4Comments
Most helpful comment
Just my two cents: this use case (include/exclude a list of items) often appears in software and I generally prefer something with regular expressions as this allows use cases such as "only work on all namespaces ending with '-test'" (namespaces might be dynamically created and not known at deployment time of
external-dns).