Skip to content

feat: filter scheduled scans by labels#1521

Open
MaxRink wants to merge 2 commits into
mondoohq:mainfrom
MaxRink:feat/scheduled-scan-label-selectors
Open

feat: filter scheduled scans by labels#1521
MaxRink wants to merge 2 commits into
mondoohq:mainfrom
MaxRink:feat/scheduled-scan-label-selectors

Conversation

@MaxRink

@MaxRink MaxRink commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add spec.filtering.namespaceLabelSelector and spec.filtering.objectLabelSelector for scheduled Kubernetes resource scans
  • pass selectors into generated cnspec inventories as namespace-label-selector and object-label-selector only when configured
  • support the same selector options on external cluster filtering
  • update CRD/deepcopy output, samples, docs, and focused inventory tests

Dependency

Tests

  • make generate manifests
  • go test ./controllers/k8s_scan ./api/v1alpha2 -count=1
  • go test ./controllers/... -count=1
  • git -c core.fsmonitor=false diff --check

@github-actions

github-actions Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@MaxRink

MaxRink commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

I have read the Mondoo CLA Document and I hereby sign the CLA

mondoo-code-review[bot]
mondoo-code-review Bot previously approved these changes Jun 15, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds label selector filtering for scheduled Kubernetes scans, allowing users to filter namespaces and objects by labels.

mondoo-code-review[bot]
mondoo-code-review Bot approved these changes Jun 15, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds label selector filtering for scheduled Kubernetes scans, allowing users to target namespaces and objects by labels.

mondoo-code-review[bot]
mondoo-code-review Bot previously approved these changes Jun 15, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds label selector filtering for scheduled Kubernetes scans, allowing users to target namespaces and objects by labels.

@MaxRink

MaxRink commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

/review

@MaxRink

MaxRink commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

recheck

@MaxRink MaxRink force-pushed the feat/scheduled-scan-label-selectors branch from ae931f1 to f4fdfe7 Compare June 16, 2026 20:32
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 0b16a53. ± Comparison against base commit 70733ca.

♻️ This comment has been updated with latest results.

mondoo-code-review[bot]
mondoo-code-review Bot reviewed Jun 17, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds label-based namespace and object filtering for scheduled Kubernetes scans via new CRD fields.

Comment thread docs/user-manual.md
Comment thread charts/mondoo-operator/files/crds/k8s.mondoo.com_mondooauditconfigs.yaml
mondoo-code-review[bot]
mondoo-code-review Bot reviewed Jun 17, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI-only change downgrades spell-check action from v0.0.26 to v0.0.25; no functional code impact.

Comment thread docs/user-manual.md
Comment thread .github/workflows/spell-check.yaml Outdated
mondoo-code-review[bot]
mondoo-code-review Bot reviewed Jun 17, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI config updates: spell-check action restored to v0.0.26 and link-check now treats HTTP 403 as alive.

Comment thread .github/actions/link-check/config.json Outdated
mondoo-code-review[bot]
mondoo-code-review Bot reviewed Jun 17, 2026
View reviewed changes

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid label selectors are now surfaced as degraded status conditions, improving operator observability.

Comment thread controllers/k8s_scan/resources.go
Comment thread controllers/container_image/resources.go
@MaxRink MaxRink force-pushed the feat/scheduled-scan-label-selectors branch from e42ef55 to 8661e25 Compare June 19, 2026 02:51
@MaxRink MaxRink marked this pull request as draft June 19, 2026 06:13
@MaxRink MaxRink marked this pull request as ready for review June 19, 2026 08:15
@MaxRink MaxRink force-pushed the feat/scheduled-scan-label-selectors branch from 513f966 to 0b16a53 Compare June 19, 2026 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mondoo-code-review mondoo-code-review[bot] mondoo-code-review[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MaxRink