Skip to content

feat: exclude system namespaces from webhook interception#524

Open
kondracek-nr wants to merge 1 commit intomainfrom
kondracek/exclude-ns
Open

feat: exclude system namespaces from webhook interception#524
kondracek-nr wants to merge 1 commit intomainfrom
kondracek/exclude-ns

Conversation

@kondracek-nr
Copy link
Contributor

@kondracek-nr kondracek-nr commented Mar 5, 2026
edited
Loading

Description

Customers have noticed that gke complains about k8s-agents-operator intercepting pods in the kube-system namespace.

This change ignores 3 common k8s namespaces that shouldn't be of interest to customers, APM-wise. Users can add more namespaces to this list if they wish, or remove namespaces if they've deployed an app into one of them for some reason, which would be unusual.

Note that this is separate functionality from the user setting the namespaceLabelSelector in their instrumentation yaml. Before this change, the mpod webhook intercepted pods in every namespace and then used the namespaceLabelSelector (when indicated) from the customer-provided instrumentation yaml to decide whether to mutate the pod. This change prevents the webhook from intercepting pods in the ignored namespaces at all.

Type of change

  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • New feature / enhancement (non-breaking change which adds functionality)
  • Security fix
  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • Documentation has been updated
  • This change requires changes in testing:
    • unit tests
    • E2E tests

@codecov
Copy link

codecov bot commented Mar 6, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.74%. Comparing base (1f3bc47) to head (b8e4afe).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #524   +/-   ##
=======================================
  Coverage   68.74%   68.74%           
=======================================
  Files          53       53           
  Lines        3513     3513           
=======================================
  Hits         2415     2415           
  Misses        863      863           
  Partials      235      235

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kondracek-nr kondracek-nr force-pushed the kondracek/exclude-ns branch from c2b71cc to 8fdb5ae Compare March 11, 2026 21:01
@kondracek-nr kondracek-nr changed the title feat: exclude system namespaces feat: exclude system namespaces from webhook interception Mar 11, 2026
@kondracek-nr kondracek-nr marked this pull request as ready for review March 11, 2026 21:14
@kondracek-nr kondracek-nr requested a review from a team as a code owner March 11, 2026 21:14
@kondracek-nr kondracek-nr force-pushed the kondracek/exclude-ns branch from 8fdb5ae to b8e4afe Compare March 11, 2026 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Release/feat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kondracek-nr