Add namespace exclusion for watchers

README.md

@@ -46,6 +46,7 @@ You can customize the values of the helm deployment by using the following Value
 | `image.pullPolicy`                       | Container image pull policy                      | `IfNotPresent`                                                                                   |
 | `configuration.logging.minimumLevel`     | Logging minimum level                            | `Information`                                                                                    |
 | `configuration.watcher.timeout`          | Maximum watcher lifetime in seconds              | ``                                                                                               |
+| `configuration.watcher.excludedNamespaces` | Comma-separated list of namespace glob patterns to exclude from watching. Supports `*` (any characters) and `?` (single character). Example: `"ephie-*,kube-system,*-temp"` | ``                                                                                               |
 | `configuration.kubernetes.skipTlsVerify` | Skip TLS verify when connecting the the cluster  | `false`                                                                                          |
 | `rbac.enabled`                           | Create and use RBAC resources                    | `true`                                                                                           |
 | `serviceAccount.create`                  | Create ServiceAccount                            | `true`                                                                                           |

src/ES.Kubernetes.Reflector/Configuration/WatcherOptions.cs

@@ -3,4 +3,11 @@
 public class WatcherOptions
 {
     public int? Timeout { get; set; }
+
+    /// <summary>
+    ///     Comma-separated list of namespace patterns to exclude from watching.
+    ///     Supports glob wildcards: * (any characters), ? (single character).
+    ///     Example: "ephie-*,kube-system,*-temp"
+    /// </summary>
+    public string? ExcludedNamespaces { get; set; }
 }

src/ES.Kubernetes.Reflector/Watchers/Core/WatcherBackgroundService.cs

@@ -1,4 +1,5 @@
 using System.Diagnostics;
+using System.Text.RegularExpressions;
 using System.Threading.Channels;
 using ES.Kubernetes.Reflector.Configuration;
 using ES.Kubernetes.Reflector.Watchers.Core.Events;
@@ -36,9 +37,16 @@ protected override async Task ExecuteAsync(CancellationToken stoppingToken)
                 FullMode = BoundedChannelFullMode.Wait
             });
 
+            var excludedNamespacePatterns = ParseGlobPatterns(options.CurrentValue.Watcher?.ExcludedNamespaces);
+            long namespaceExcludedCount = 0;
             try
             {
-                logger.LogInformation("Requesting {type} resources", typeof(TResource).Name);
+                if (excludedNamespacePatterns.Length > 0)
+                    logger.LogInformation(
+                        "Requesting {type} resources (excluding namespaces matching: {patterns})",
+                        typeof(TResource).Name, options.CurrentValue.Watcher?.ExcludedNamespaces);
+                else
+                    logger.LogInformation("Requesting {type} resources", typeof(TResource).Name);
 
                 //Read using a separate task so the watcher doesn't get stuck waiting on subscribers to handle the event
                 _ = Task.Run(async () =>
@@ -62,6 +70,12 @@ await watcherEventHandler.Handle(new WatcherEvent
                 {
                     await foreach (var (type, item) in watchList)
                     {
+                        if (IsNamespaceExcluded(item.Metadata?.NamespaceProperty, excludedNamespacePatterns))
+                        {
+                            namespaceExcludedCount++;
+                            continue;
+                        }
+
                         if (await OnResourceIgnoreCheck(item)) continue;
                         await eventChannel.Writer.WriteAsync(new WatcherEvent
                         {
@@ -91,8 +105,13 @@ await eventChannel.Writer.WriteAsync(new WatcherEvent
 
                 var sessionElapsed = sessionStopwatch.Elapsed;
                 sessionStopwatch.Stop();
-                logger.LogInformation("Session closed. Duration: {duration}. Faulted: {faulted}.", sessionElapsed,
-                    sessionFaulted);
+                if (namespaceExcludedCount > 0)
+                    logger.LogInformation(
+                        "Session closed. Duration: {duration}. Faulted: {faulted}. Namespace-excluded events: {excluded}.",
+                        sessionElapsed, sessionFaulted, namespaceExcludedCount);
+                else
+                    logger.LogInformation("Session closed. Duration: {duration}. Faulted: {faulted}.",
+                        sessionElapsed, sessionFaulted);
 
                 foreach (var handler in watcherClosedHandlers)
                     await handler.Handle(new WatcherClosed
@@ -107,4 +126,25 @@ await handler.Handle(new WatcherClosed
     protected abstract IAsyncEnumerable<(WatchEventType, TResource)> OnGetWatcher(CancellationToken cancellationToken);
 
     protected virtual Task<bool> OnResourceIgnoreCheck(TResource item) => Task.FromResult(false);
+
+    /// <summary>
+    ///     Parses a comma-separated list of glob patterns into compiled Regex objects.
+    ///     Supports * (any characters) and ? (single character).
+    /// </summary>
+    private static Regex[] ParseGlobPatterns(string? patterns)
+    {
+        if (string.IsNullOrWhiteSpace(patterns)) return [];
+        return patterns.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+            .Where(p => !string.IsNullOrWhiteSpace(p))
+            .Select(p => new Regex(
+                "^" + Regex.Escape(p).Replace("\\*", ".*").Replace("\\?", ".") + "$",
+                RegexOptions.Compiled))
+            .ToArray();
+    }
+
+    private static bool IsNamespaceExcluded(string? ns, Regex[] patterns)
+    {
+        if (patterns.Length == 0 || string.IsNullOrEmpty(ns)) return false;
+        return patterns.Any(p => p.IsMatch(ns));
+    }
 }

src/helm/reflector/templates/cron.yaml

@@ -68,6 +68,8 @@ spec:
                   value: {{ .Values.configuration.logging.minimumLevel | quote }}
                 - name: ES_Reflector__Watcher__Timeout
                   value: {{ .Values.configuration.watcher.timeout | quote }}
+                - name: ES_Reflector__Watcher__ExcludedNamespaces
+                  value: {{ .Values.configuration.watcher.excludedNamespaces | quote }}
                 - name: ES_Ignite__KubernetesClient__SkipTlsVerify
                   value: {{ .Values.configuration.kubernetes.skipTlsVerify | quote }}
                 {{- with .Values.extraEnv }}

src/helm/reflector/templates/deployment.yaml

@@ -49,6 +49,8 @@ spec:
               value: {{ .Values.configuration.logging.minimumLevel | quote }}
             - name: ES_Reflector__Watcher__Timeout
               value: {{ .Values.configuration.watcher.timeout | quote }}
+            - name: ES_Reflector__Watcher__ExcludedNamespaces
+              value: {{ .Values.configuration.watcher.excludedNamespaces | quote }}
             - name: ES_Ignite__KubernetesClient__SkipTlsVerify
               value: {{ .Values.configuration.kubernetes.skipTlsVerify | quote }}
             {{- with .Values.extraEnv }}

src/helm/reflector/values.yaml

@@ -28,6 +28,10 @@ configuration:
     minimumLevel: Information
   watcher:
     timeout: ""
+    # Comma-separated list of namespace glob patterns to exclude from watching.
+    # Supports wildcards: * (any characters), ? (single character).
+    # Example: "kube-system,*-suffix,prefix-*"
+    excludedNamespaces: ""
   kubernetes:
     skipTlsVerify: false