Pediacluster support filter roles when sync resources

[wuyingjun-lucky]

What would you like to be added?

We want pediacluster support filter rules when sync resources

Why is this needed?

We want skip some namepace when resource syncd like kube-system

[Iceber]

Is this done to avoid sensitive resources being synced to the clusterpedia, or is there another purpose?

[wuyingjun-lucky]

Is this done to avoid sensitive resources being synced to the clusterpedia, or is there another purpose?

We have three clusters now and the workload name is different and namespace is same.
And the k8s or other control plane system and the resources on that namespace are same, we just want keep one copy and actually do not care about them. we just care about our workload
So we want add an optional api in pediacluster and that we can have a choice to avoid some resources being synced

[Iceber]

I have a few questions:

1. even if the resources in these control system namespaces are the same in multiple clusters, their status may still be different for various reasons, and if we don't synchronize them, then we will never be able to see the specific information of the resources in these namespaces within a specific cluster through the clusterpedia

2. Is it possible to ignore some namespaces when retrieving resources, for example by using the search label -search.clusterpedia.io/namespaces notin (a,b,c) or url query - ?ignoreNamespaces=a,b,c?

it is also possible to use raw query

Of course I don't have a proper reason to oppose this feature, but it might make users confused about not retrieving resources in certain namespaces.

[wuyingjun-lucky]

1. multiple

Two reasons
1 · Our app developer、 k8s developer and k8s SRE are different parts. Our team may just care about the resources we directly use. The SRE do not use clusterpedia to monitor the k8s clusters
2. we found when we use old version client-go to list and then watch （informers） the collection resources will hang up because duplicate resources

[Iceber]

I think we can implement this in 0.5.

To implement this we add a field in PediaCluster - ignoredNamespaces: [].

apiVersion: cluster.clusterpedia.io/v1alpha1
kind: PediaClusteer
metadata:
  name: example
spec:
  syncResources:
  - group: ""
     resources:
     - "pods"
  ignoredNamespaces:
  - "kube-system"

Global settings, not specific to a resource, What do you think?

[wuyingjun-lucky]

I think we can implement this in 0.5.

To implement this we add a field in PediaCluster - ignoredNamespaces: [].

apiVersion: cluster.clusterpedia.io/v1alpha1
kind: PediaClusteer
metadata:
  name: example
spec:
  syncResources:
  - group: ""
     resources:
     - "pods"
  ignoredNamespaces:
  - "kube-system"

Global settings, not specific to a resource, What do you think?

Yeah， we can make it optional

[duanmengkk]

/assign

[cleverhu]

I have a question, what should we handle if the resource is cluster resource?

[cleverhu]

I have a question, what should we handle if the resource is cluster resource?

Sometimes we may have turned on collecting all Crd resources, which may contain cluster resources.

[wuyingjun-lucky]

Maybe we can pending the issue if we do not find the best scheme