Add EXCLUDED_NAMESPACES to ConfigMap (#1571)

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

cmd/tap.go

@@ -48,6 +48,7 @@ func init() {
 	tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
 	tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector")
+	tapCmd.Flags().StringSliceP(configStructs.ExcludedNamespacesLabel, "e", defaultTapConfig.ExcludedNamespaces, "Excluded namespaces")
 	tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 	tapCmd.Flags().Bool(configStructs.PersistentStorageLabel, defaultTapConfig.PersistentStorage, "Enable persistent storage (PersistentVolumeClaim)")
 	tapCmd.Flags().Bool(configStructs.PersistentStorageStaticLabel, defaultTapConfig.PersistentStorageStatic, "Persistent storage static provision")

cmd/tapRunner.go

@@ -437,6 +437,7 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
 	_, _ = kubernetes.SetSecret(kubernetesProvider, kubernetes.SECRET_LICENSE, config.Config.License)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_POD_REGEX, config.Config.Tap.PodRegexStr)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_NAMESPACES, strings.Join(config.Config.Tap.Namespaces, ","))
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_EXCLUDED_NAMESPACES, strings.Join(config.Config.Tap.ExcludedNamespaces, ","))
 
 	data, err := json.Marshal(config.Config.Scripting.Env)
 	if err != nil {

config/configStruct.go

@@ -16,6 +16,9 @@ const (
 func CreateDefaultConfig() ConfigStruct {
 	return ConfigStruct{
 		Tap: configStructs.TapConfig{
+			ExcludedNamespaces: []string{
+				"kube-system",
+			},
 			NodeSelectorTerms: []v1.NodeSelectorTerm{
 				{
 					MatchExpressions: []v1.NodeSelectorRequirement{

config/configStructs/tapConfig.go

@@ -17,6 +17,7 @@ const (
 	ProxyHubPortLabel            = "proxy-hub-port"
 	ProxyHostLabel               = "proxy-host"
 	NamespacesLabel              = "namespaces"
+	ExcludedNamespacesLabel      = "excludedNamespaces"
 	ReleaseNamespaceLabel        = "release-namespace"
 	PersistentStorageLabel       = "persistentStorage"
 	PersistentStorageStaticLabel = "persistentStorageStatic"
@@ -164,6 +165,7 @@ type TapConfig struct {
 	Proxy                        ProxyConfig           `yaml:"proxy" json:"proxy"`
 	PodRegexStr                  string                `yaml:"regex" json:"regex" default:".*"`
 	Namespaces                   []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	ExcludedNamespaces           []string              `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"`
 	BpfOverride                  string                `yaml:"bpfOverride" json:"bpfOverride" default:""`
 	Stopped                      bool                  `yaml:"stopped" json:"stopped" default:"false"`
 	Release                      ReleaseConfig         `yaml:"release" json:"release"`

helm-chart/templates/12-config-map.yaml

@@ -9,6 +9,7 @@ metadata:
 data:
     POD_REGEX: '{{ .Values.tap.regex }}'
     NAMESPACES: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
+    EXCLUDED_NAMESPACES: '{{ gt (len .Values.tap.excludedNamespaces) 0 | ternary (join "," .Values.tap.excludedNamespaces) "" }}'
     BPF_OVERRIDE: '{{ .Values.tap.bpfOverride }}'
     STOPPED: '{{ .Values.tap.stopped | ternary "true" "false" }}'
     SCRIPTING_SCRIPTS: '{}'

helm-chart/values.yaml

@@ -18,6 +18,8 @@ tap:
     host: 127.0.0.1
   regex: .*
   namespaces: []
+  excludedNamespaces:
+  - kube-system
   bpfOverride: ""
   stopped: false
   release:

kubernetes/config.go

@@ -15,6 +15,7 @@ const (
 	SECRET_LICENSE                    = "LICENSE"
 	CONFIG_POD_REGEX                  = "POD_REGEX"
 	CONFIG_NAMESPACES                 = "NAMESPACES"
+	CONFIG_EXCLUDED_NAMESPACES        = "EXCLUDED_NAMESPACES"
 	CONFIG_SCRIPTING_ENV              = "SCRIPTING_ENV"
 	CONFIG_INGRESS_ENABLED            = "INGRESS_ENABLED"
 	CONFIG_INGRESS_HOST               = "INGRESS_HOST"

kubernetes/provider.go

@@ -227,12 +227,24 @@ func (provider *Provider) GetKubernetesVersion() (*semver.SemVersion, error) {
 	return &serverVersionSemVer, nil
 }
 
-func (provider *Provider) GetNamespaces() []string {
+func (provider *Provider) GetNamespaces() (namespaces []string) {
 	if len(config.Config.Tap.Namespaces) > 0 {
-		return utils.Unique(config.Config.Tap.Namespaces)
+		namespaces = utils.Unique(config.Config.Tap.Namespaces)
 	} else {
-		return []string{K8sAllNamespaces}
+		namespaceList, err := provider.clientSet.CoreV1().Namespaces().List(context.TODO(), metav1.ListOptions{})
+		if err != nil {
+			log.Error().Err(err).Send()
+			return
+		}
+
+		for _, ns := range namespaceList.Items {
+			namespaces = append(namespaces, ns.Name)
+		}
 	}
+
+	namespaces = utils.Diff(namespaces, config.Config.Tap.ExcludedNamespaces)
+
+	return
 }
 
 func getClientSet(config *rest.Config) (*kubernetes.Clientset, error) {

utils/slice.go

@@ -37,3 +37,18 @@ func EqualStringSlices(slice1 []string, slice2 []string) bool {
 
 	return true
 }
+
+// Diff returns the elements in `a` that aren't in `b`.
+func Diff(a, b []string) []string {
+	mb := make(map[string]struct{}, len(b))
+	for _, x := range b {
+		mb[x] = struct{}{}
+	}
+	var diff []string
+	for _, x := range a {
+		if _, found := mb[x]; !found {
+			diff = append(diff, x)
+		}
+	}
+	return diff
+}