newrelic · marcsanmi · Jun 8, 2022 · May 24, 2022 · May 30, 2022 · May 30, 2022
@@ -8,7 +8,7 @@ sources:
   - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure
   - https://github.com/newrelic/infrastructure-agent/
 
-version: 3.5.3
+version: 3.5.4
 appVersion: 3.2.0
 
 dependencies:

@@ -15,6 +15,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             controlPlane:
               retries: 3
               timeout: 10s
@@ -38,6 +39,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             controlPlane:
               retries: 3
               timeout: 10s
@@ -71,6 +73,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             controlPlane:
               retries: 3
               timeout: 10s
@@ -142,6 +145,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             controlPlane:
               retries: 3
               timeout: 10s

@@ -34,6 +34,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             ksm:
               enabled: true
               port: 22
@@ -52,6 +53,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             ksm:
               enabled: true
               retries: 3
@@ -70,6 +72,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             ksm:
               enabled: true
               port: 22
@@ -94,6 +97,7 @@ tests:
           path: data.nri-kubernetes\.yml
           value: |-
             interval: 15s
+            namespaceSelector: {}
             ksm:
               distributed: true
               enabled: true

@@ -49,6 +49,9 @@ common:
     # behave properly. Any non-nil value will override the `lowDataMode` default.
     # @default -- `15s` (See [Low data mode](README.md#low-data-mode))
     interval:
+    # -- Config for filtering ksm and kubelet metrics by namespace.
+    namespaceSelector: {}
+
   # -- Config for the Infrastructure agent.
   # Will be used by the forwarder sidecars and the agent running integrations.
   # See: https://docs.newrelic.com/docs/infrastructure/install-infrastructure-agent/configuration/infrastructure-agent-configuration-settings/

@@ -1,9 +1,12 @@
 package config
 
 import (
+	"fmt"
+	"strconv"
 	"strings"
 	"time"
 
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 )
 
@@ -53,6 +56,9 @@ type Config struct {
 	Kubelet `mapstructure:"kubelet"`
 	// KSM defines config options for the kube-state-metrics scraper.
 	KSM `mapstructure:"ksm"`
+
+	// NamespaceSelector defines custom monitoring filtering for namespaces.
+	NamespaceSelector *NamespaceSelector `mapstructure:"namespaceSelector"`
 }
 
 // HTTPSink stores the configuration for the HTTP sink.
@@ -218,38 +224,83 @@ type MTLS struct {
 	TLSSecretNamespace string `mapstructure:"secretNamespace"`
 }
 
+// NamespaceSelector contains config options for filtering namespaces.
+type NamespaceSelector struct {
+	// MatchLabels is a list of labels to filter namespaces with.
+	MatchLabels map[string]string `mapstructure:"matchLabels"`
+	// MatchExpressions is a list of namespaces selector requirements.
+	MatchExpressions []Expression `mapstructure:"matchExpressions"`
+}
+
+// Expression hold the values to generate an expression to filter namespaces by MatchExpressions.
+type Expression struct {
+	// Key it the key of the label.
+	Key string `mapstructure:"key" json:"key"`
+	// Operator holds either an inclusion (NotIn) or exclusion (In) value.
+	Operator string `mapstructure:"operator" json:"operator"`
+	// Values is a slice of values related to the key.
+	Values []interface{} `mapstructure:"values" json:"values"`
+}
+
+func (e *Expression) String() string {
+	var values []string
+
+	for _, val := range e.Values {
+		var str string
+		switch v := val.(type) {
+		case string:
+			str = v
+		case bool:
+			str = strconv.FormatBool(v)
+		case int:
+			str = strconv.FormatInt(int64(v), 10)
+		case float32, float64:
+			str = fmt.Sprintf("%f", v)
+		default:
+			log.Errorf("parsing expression value: %v, type %v", val, v)
+			continue
+		}
+
+		values = append(values, str)
+	}
+
+	return fmt.Sprintf("%s %s (%s)", e.Key, strings.ToLower(e.Operator), strings.Join(values, ","))
+}
+
 func LoadConfig(filePath string, fileName string) (*Config, error) {
-	v := viper.New()
+	// Update default delimiter as with the new namespaceSelector config, some labels may come in the form of
+	// newrelic.com/scrape, so the key was split in a sub-map on a "." basis.
+	v := viper.NewWithOptions(viper.KeyDelimiter("|"))
 
 	// We need to assure that defaults have been set in order to bind env variables.
 	// https://github.com/spf13/viper/issues/584
 	v.SetDefault("clusterName", "cluster")
 	v.SetDefault("verbose", false)
-	v.SetDefault("kubelet.networkRouteFile", DefaultNetworkRouteFile)
+	v.SetDefault("kubelet|networkRouteFile", DefaultNetworkRouteFile)
 	v.SetDefault("nodeName", "node")
 	v.SetDefault("nodeIP", "node")
 
 	// Sane connection defaults
-	v.SetDefault("sink.type", SinkTypeHTTP)
-	v.SetDefault("sink.http.port", 0)
-	v.SetDefault("sink.http.timeout", DefaultAgentTimeout)
-	v.SetDefault("sink.http.retries", DefaultRetries)
+	v.SetDefault("sink|type", SinkTypeHTTP)
+	v.SetDefault("sink|http|port", 0)
+	v.SetDefault("sink|http|timeout", DefaultAgentTimeout)
+	v.SetDefault("sink|http|retries", DefaultRetries)
 
-	v.SetDefault("kubelet.timeout", DefaultTimeout)
-	v.SetDefault("kubelet.retries", DefaultRetries)
+	v.SetDefault("kubelet|timeout", DefaultTimeout)
+	v.SetDefault("kubelet|retries", DefaultRetries)
 
-	v.SetDefault("controlPlane.timeout", DefaultTimeout)
-	v.SetDefault("controlPlane.retries", DefaultRetries)
+	v.SetDefault("controlPlane|timeout", DefaultTimeout)
+	v.SetDefault("controlPlane|retries", DefaultRetries)
 
-	v.SetDefault("ksm.timeout", DefaultTimeout)
-	v.SetDefault("ksm.retries", DefaultRetries)
+	v.SetDefault("ksm|timeout", DefaultTimeout)
+	v.SetDefault("ksm|retries", DefaultRetries)
 
-	v.SetDefault("ksm.discovery.backoffDelay", 7*time.Second)
-	v.SetDefault("ksm.discovery.timeout", 60*time.Second)
+	v.SetDefault("ksm|discovery|backoffDelay", 7*time.Second)
+	v.SetDefault("ksm|discovery|timeout", 60*time.Second)
 
 	v.SetEnvPrefix("NRI_KUBERNETES")
 	v.AutomaticEnv()
-	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
+	v.SetEnvKeyReplacer(strings.NewReplacer("|", "_"))
 
 	// Config File
 	v.AddConfigPath(filePath)

@@ -32,6 +32,15 @@ func TestLoadConfig(t *testing.T) {
 			require.Equal(t, "fake-node", c.NodeName)
 		})
 	})
+	// This test checks that viper custom key delimiter is working as expected by using the old default dot delimiter
+	// as key.
+	t.Run("succeeds_when_dot_character_in_key", func(t *testing.T) {
+		t.Parallel()
+
+		c, err := config.LoadConfig(fakeDataDir, workingData)
+		require.NoError(t, err)
+		require.Equal(t, "1", c.NamespaceSelector.MatchLabels["newrelic.com/scrape"])
+	})
 	t.Run("fail_due_to_unexpected_data", func(t *testing.T) {
 		t.Parallel()
 

@@ -2,6 +2,10 @@ clusterName: dummy_cluster
 interval: 15
 verbose: true
 
+namespaceSelector:
+  matchLabels:
+    newrelic.com/scrape: true
+
 sink:
   http:
     port: 8081

@@ -0,0 +1,109 @@
+package discovery
+
+import (
+	"errors"
+
+	"github.com/newrelic/nri-kubernetes/v3/internal/config"
+
+	log "github.com/sirupsen/logrus"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/informers"
+	"k8s.io/client-go/kubernetes"
+	listersv1 "k8s.io/client-go/listers/core/v1"
+)
+
+// NamespaceFilterer provides an interface to filter namespaces.
+type NamespaceFilterer interface {
+	IsAllowed(namespace string) bool
+}
+
+// NamespaceFilter is a struct holding pointers to the config and the namespace lister.
+type NamespaceFilter struct {
+	c      *config.Config
+	lister listersv1.NamespaceLister
+	stopCh chan<- struct{}
+}
+
+// NewNamespaceFilter inits the namespace lister and returns a new NamespaceFilter.
+func NewNamespaceFilter(c *config.Config, client kubernetes.Interface, options ...informers.SharedInformerOption) *NamespaceFilter {
+	stopCh := make(chan struct{})
+
+	factory := informers.NewSharedInformerFactoryWithOptions(client, defaultResyncDuration, options...)
+
+	lister := factory.Core().V1().Namespaces().Lister()
+
+	factory.Start(stopCh)
+	factory.WaitForCacheSync(stopCh)
+
+	return &NamespaceFilter{
+		c:      c,
+		lister: lister,
+		stopCh: stopCh,
+	}
+}
+
+// IsAllowed checks given any namespace, if it's allowed to be scraped by using the NamespaceLister
+func (nf *NamespaceFilter) IsAllowed(namespace string) bool {
+	// By default, we scrape every namespace.
+	if nf.c.NamespaceSelector == nil {
+		return true
+	}
+
+	// Scrape namespaces by honoring the matchLabels values.
+	if nf.c.NamespaceSelector.MatchLabels != nil {
+		namespaceList, err := nf.lister.List(labels.SelectorFromSet(nf.c.NamespaceSelector.MatchLabels))
+		if err != nil {
+			log.Errorf("listing namespaces with MatchLabels: %v", err)
+			return true
+		}
+
+		return containsNamespace(namespace, namespaceList)
+	}
+
+	// Scrape namespaces by honoring the matchExpressions values.
+	// Multiple expressions are evaluated with a logical AND between them.
+	if nf.c.NamespaceSelector.MatchExpressions != nil {
+		for _, expression := range nf.c.NamespaceSelector.MatchExpressions {
+			selector, err := labels.Parse(expression.String())
+			if err != nil {
+				log.Errorf("parsing labels: %v", err)
+				return true
+			}
+
+			namespaceList, err := nf.lister.List(selector)
+			if err != nil {
+				log.Errorf("listing namespaces with MatchExpressions: %v", err)
+				return true
+			}
+
+			if !containsNamespace(namespace, namespaceList) {
+				return false
+			}
+		}
+	}
+
+	return true
+}
+
+// Close closes the stop channel and implements the Closer interface.
+func (nf *NamespaceFilter) Close() error {
+	if nf.stopCh == nil {
+		return errors.New("invalid channel")
+	}
+
+	close(nf.stopCh)
+
+	return nil
+}
+
+// containsNamespace checks if a namespaces is contained in a given list of namespaces.
+func containsNamespace(namespace string, namespaceList []*v1.Namespace) bool {
+	for _, n := range namespaceList {
+		if n.Name == namespace {
+			return true
+		}
+	}
+
+	return false
+}