Argus discovers all Kubernetes resources that are monitored by LogicMonitor. In addition, you can use Argus to exclude resources from monitoring.
You can add resource filters in the Argus configuration files under the filter parameters. The rule engine evaluates rules sequentially; when the first rule is met and is evaluated as true, the rule engine breaks the rules evaluation, and the resource is excluded. A set of rules are grouped according to resource types.
Following is the sample configuration:
filters: pods: - name =~ "nginx" - namespace == "kube-system" deployment: - name =~ "nginx" - namespace == "default"
Rule Engine Variables
You can write filter rules using the following variables that are made available to the rule engine:
|Variable Name||Value||Value Datatype||Comments|
|namespace||Resource Namespace||String||Empty, if the resource is not namespace scoped|
|Resource labels with their keys as variable names||Resource Labels values against its keys||String|
|Resource annotations with their keys as variable names||Resource Annotations values against its keys||String||In case of the same key in annotations and labels, the label value gets higher precedence and is used for evaluation|
Rule Writing Guidelines
1. Rules must be written in single-quoted strings to avoid parsing errors across YAML conversions.
2. There must be no distinction such as include rules and exclude rules. If the rule is evaluated as true that means resources will get excluded.
Note: In some cases, if you want to simplify the rule, then you can write the include rule and invert its value to make it an exclude rule.
If you want to monitor only resources of a single namespace “frontend” then the rule
'!(ns == "frontend")'
Note: Regex expressions may not work in some cases, which include dots (.) and hyphens (-) in expressions.
Available Operators to Write Rules
|==||Equality||Exact string match|
|!=||Inequality||Is not equal to the exact string|
|=~||Regex match||Regex having dot and hyphen may not work in some cases|
Resources having prefixes as
|!~||Inverted regex pattern||Equivalent to !(<regex>)||name !~ “nginx” equivalent to !(name =~ “nginx”)|
Resources that do not have
|&&||Logical AND||Short circuits if the left side expression is false|
|||||Logical OR||Short circuits if the left side evaluates to true.Although the operator is available, you must write another rule if the left side and right side are not logically connected, as the set of rules are OR’ed.|
|in||Membership in array||Performs equality == to check membership|
This will exclude the resources of mentioned namespaces
|()||Parenthesis to group|