Skip to content

refactor: clean up kyverno log filter by removing unnecessary error c… #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
filippolmt merged 3 commits into from
Feb 4, 2026
Merged

refactor: clean up kyverno log filter by removing unnecessary error c… #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
13ef84d
refactor: clean up kyverno log filter by removing unnecessary error c…
filippolmt Feb 4, 2026
e31641f
Update CHANGELOG.md
filippolmt Feb 4, 2026
b9efff9
refactor: rename error pattern for consistency in Kyverno log filter
filippolmt Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [0.13.0] - 2026-02-04

[Compare with previous version](https://github.com/sparkfabrik/terraform-google-services-monitoring/compare/0.12.0...0.13.0)

### Changed

- Adjust Kyverno log filter to reduce false positives from normal transient errors such as `i/o timeout` and `failed to acquire lease`, including removal of the explicit `failed to acquire lease` condition.
- Rename error pattern `list resources failed` to `failed to list resources` for consistency with other error patterns.

## [0.12.0] - 2026-01-28

[Compare with previous version](https://github.com/sparkfabrik/terraform-google-services-monitoring/compare/0.11.0...0.12.0)
Expand Down
6 changes: 2 additions & 4 deletions kyverno.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ locals {
kyverno_notification_channels = var.kyverno.notification_enabled ? (length(var.kyverno.notification_channels) > 0 ? var.kyverno.notification_channels : var.notification_channels) : []

kyverno_cluster_name = var.kyverno.cluster_name != null ? trimspace(var.kyverno.cluster_name) : ""

kyverno_log_filter = local.kyverno_cluster_name != "" ? (<<-EOT
resource.type="k8s_container"
AND resource.labels.project_id="${local.kyverno_project_id}"
Expand All @@ -21,16 +21,14 @@ locals {
OR jsonPayload.error=~"(?i)client-side throttling"
OR jsonPayload.error=~"(?i)failed to run warmup"
OR jsonPayload.error=~"(?i)schema not found"
OR jsonPayload.error=~"(?i)list resources failed"
OR jsonPayload.error=~"(?i)failed to list resources"
OR jsonPayload.error=~"(?i)failed to watch resource"
Comment thread
FabrizioCafolla marked this conversation as resolved.
OR jsonPayload.error=~"(?i)context deadline exceeded"
OR jsonPayload.error=~"(?i)i/o timeout"
OR jsonPayload.error=~"(?i)is forbidden"
OR jsonPayload.error=~"(?i)cannot list resource"
OR jsonPayload.error=~"(?i)cannot watch resource"
OR jsonPayload.error=~"(?i)RBAC.*denied"
OR jsonPayload.error=~"(?i)failed to start watcher"
Comment thread
FabrizioCafolla marked this conversation as resolved.
OR jsonPayload.error=~"(?i)failed to acquire lease"
OR jsonPayload.error=~"(?i)leader election lost"
OR jsonPayload.error=~"(?i)unable to update .*WebhookConfiguration"
OR jsonPayload.error=~"(?i)failed to sync"
Expand Down