Applying Filters While Monitoring Kubernetes Resources (New)
Last updated on 27 March, 2023You can add resource filters in the Argus configuration files under the filter parameters. The rule engine evaluates rules sequentially; when the first rule is met and is evaluated as true, the rule engine breaks the rules evaluation, and the resource is excluded.
Following is the sample configuration:
| Filters | Description |
'type in ("pod", "deployment") && name =~ "nginx"' | If the name of the pods and deployments contain nginx, those pods and deployments will get excluded. |
'!(type == "pod" && namespace == "kube-system")' | Negates rule to simplify as whitelist rule; only pods of kube-system namespace are monitored, remaining are excluded. |
'namespace == "default"' | Excludes all resources of the default namespace. |
'!(type != "replicaset" && ns == "logicmonitor")' | Excludes replicasets of LogicMonitor namespace – remaining resources are included. In addition, this rule is equivalent to 'type == "replicaset" && ns == "logicmonitor" |
LogicMonitor uses the open-source Govaluate library for evaluating the filter expressions. For more information on the syntax of the filter expressions, see the Govaluate expressions manual.
Rule Engine Variables
You can write filter rules using the following variables that are made available to the rule engine:
| Variable Name | Value | Value Datatype | Comments |
| type | Resource Type | string | The following operators work on type variable: “==”, “!=”, “in”Note: (known issues): in operator on type variable doesn’t work when the array has only one element. |
| name | Resource Name | String | |
| namespace | Resource Namespace | String | Empty, if the resource is not namespace scoped. |
| Resource labels with their keys as variable names | Resource Labels values against its keys | String | Note: As per the Govaluate documentation, you need to escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets around it. |
| Resource annotations with their keys as variable names | Resource Annotations values against its keys | String | Note: As per the Govaluate documentation, you need to escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets. |
Note: If the same key is used for annotations and labels, the label value gets higher priority and is used for evaluation.
Rule Writing Guidelines
1. Rules must be written in single-quoted strings to avoid parsing errors across YAML conversions.
2. There must be no distinction, such as include rules and exclude rules. If the rule is evaluated as true that means resources are excluded.
Note: In some cases, if you want to simplify the rule, write the include rule and invert its value to make an exclude rule.
Example 1:
To monitor only resources of a single namespace frontend, use the ruleis'!(ns == "frontend")'
Note: As per the Govaluate documentation, escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets around it.
Example 2:
You have added the web service label on resources having their respective value. If you want to monitor only the user web service resources while excluding the remaining resources of all remaining services, then you can write the rule as '!([web-service] == "user")' – here square brackets define everything within it as a variable name while parsing the rule. If you miss surrounding the web-service variable, then Govaluate makes it a mathematical expression web -(minus) service – which will not exclude the resources as expected.
Available Operators to Write Rules
| Operator | Description | Comments | Examples |
| == | Equality | Exact string match | ns == "default" |
| != | Inequality | Is not equal to the exact string | name != "nginx" |
| =~ | Regex match | Regex having dot and hyphen may not work in some cases | name =~ "nginx"Resources having prefixes such as NGINX in their name, then the resources are excluded |
| !~ | Inverted regex pattern | Equivalent to !(<regex>) | name !~ “nginx” equivalent to !(name =~ “nginx”)Resources that do not have NGINX in the name will be excluded |
| && | Logical AND | Short circuits if the left side expression is false | ns == "default" && name =~ “nginx”. This will exclude resources of the default namespace that has NGINX in the name |
| || | Logical OR | Short circuits if the left side evaluates to true. Although the operator is available, you must write another rule if the left side and right side are not logically connected, as the set of rules are OR’ed. | |
| in | Membership in array | Performs equality == to check membership | ns in ("kube-system", "kube-public") This excludes the resources of mentioned namespaces |
| () | Parenthesis to group |
Argus discovers all Kubernetes resources that are monitored by LogicMonitor. In addition, you can use Argus to exclude resources from monitoring.
You can add resource filters in the Argus configuration files under the filter parameters. The rule engine evaluates rules sequentially; when the first rule is met and is evaluated as true, the rule engine breaks the rules evaluation, and the resource is excluded.
Following is the sample configuration:
| Filters | Description |
'type in ("pod", "deployment") && name =~ "nginx"' | If the name of the pods and deployments contain nginx, those pods and deployments will get excluded. |
'!(type == "pod" && namespace == "kube-system")' | Negates rule to simplify as whitelist rule; only pods of kube-system namespace are monitored, remaining are excluded. |
'namespace == "default"' | Excludes all resources of the default namespace. |
'!(type != "replicaset" && ns == "logicmonitor")' | Excludes replicasets of LogicMonitor namespace – remaining resources are included. In addition, this rule is equivalent to 'type == "replicaset" && ns == "logicmonitor" |
LogicMonitor uses the open-source Govaluate library for evaluating the filter expressions. For more information on the syntax of the filter expressions, see the Govaluate expressions manual.
Rule Engine Variables
You can write filter rules using the following variables that are made available to the rule engine:
| Variable Name | Value | Value Datatype | Comments |
| type | Resource Type | string | The following operators work on type variable: “==”, “!=”, “in”Note: (known issues): in operator on type variable doesn’t work when the array has only one element. |
| name | Resource Name | String | |
| namespace | Resource Namespace | String | Empty, if the resource is not namespace scoped. |
| Resource labels with their keys as variable names | Resource Labels values against its keys | String | Note: As per the Govaluate documentation, you need to escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets around it. |
| Resource annotations with their keys as variable names | Resource Annotations values against its keys | String | Note: As per the Govaluate documentation, you need to escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets. |
Note: If the same key is used for annotations and labels, the label value gets higher priority and is used for evaluation.
Rule Writing Guidelines
1. Rules must be written in single-quoted strings to avoid parsing errors across YAML conversions.
2. There must be no distinction, such as include rules and exclude rules. If the rule is evaluated as true that means resources are excluded.
Note: In some cases, if you want to simplify the rule, write the include rule and invert its value to make an exclude rule.
Example 1:
To monitor only resources of a single namespace frontend, use the ruleis'!(ns == "frontend")'
Note: As per the Govaluate documentation, escape variable names having special characters viz. dot (.), hyphen (-), etc. using square brackets around it.
Example 2:
You have added the web service label on resources having their respective value. If you want to monitor only the user web service resources while excluding the remaining resources of all remaining services, then you can write the rule as '!([web-service] == "user")' – here square brackets define everything within it as a variable name while parsing the rule. If you miss surrounding the web-service variable, then Govaluate makes it a mathematical expression web -(minus) service – which will not exclude the resources as expected.
Available Operators to Write Rules
| Operator | Description | Comments | Examples |
| == | Equality | Exact string match | ns == "default" |
| != | Inequality | Is not equal to the exact string | name != "nginx" |
| =~ | Regex match | Regex having dot and hyphen may not work in some cases | name =~ "nginx"Resources having prefixes such as NGINX in their name, then the resources are excluded |
| !~ | Inverted regex pattern | Equivalent to !(<regex>) | name !~ “nginx” equivalent to !(name =~ “nginx”)Resources that do not have NGINX in the name will be excluded |
| && | Logical AND | Short circuits if the left side expression is false | ns == "default" && name =~ “nginx”. This will exclude resources of the default namespace that has NGINX in the name |
| || | Logical OR | Short circuits if the left side evaluates to true. Although the operator is available, you must write another rule if the left side and right side are not logically connected, as the set of rules are OR’ed. | |
| in | Membership in array | Performs equality == to check membership | ns in ("kube-system", "kube-public") This excludes the resources of mentioned namespaces |
| () | Parenthesis to group |