[RFE] RHACS exlcude namespaces in collection rules
Issue
Collections in RHACS allow the definition and naming of a group of resources by utilizing matching patterns. The matching patterns are called collection rules. Matching is possible for Deployments, Namespaces and Clusters based on either of the following properties:
- Exact labels, e.g.
team=payments - Name matching
- Exact value, e.g.
openshift-ingressornginx-deployment - Regex value, e.g.
^openshift-.*
- Exact value, e.g.
A popular use case for the collection rules is the separation of Common Vulnerabilities and Exposures (CVE) reports for infrastructure and development teams.
The RHACS could be enhanced by the following features:
- Exclude certain namespaces in
collection rules.- For example: All namespaces excluding infrastructure related namespaces such as
kube-*,openshift-*
- For example: All namespaces excluding infrastructure related namespaces such as
- Use negative lookahead/lookbehind regex syntax for selecting namespaces.
- For example: All
openshift-*namespaces excludingopenshift-network*via^openshift-(?!network).*
- For example: All
Environment
- Red Hat Advanced Cluster Security for Kubernetes (RHACS)
- 4.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
