From 41d8128048f8118255eb178c571f3ad0f8f7288e Mon Sep 17 00:00:00 2001
From: Anton Belokurov <a.v.belokurov@tinkoff.ru>
Date: Tue, 22 Oct 2024 08:47:09 +0300
Subject: [PATCH 1/2] Add parameter for ignored metadata labels

---
 internal/netreap/netreap.go |  4 ++++
 main.go                     | 16 ++++++++++++++--
 reapers/endpoints.go        |  9 +++++++--
 reapers/endpoints_test.go   |  3 ++-
 4 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/internal/netreap/netreap.go b/internal/netreap/netreap.go
index 68decb5..5a5578c 100644
--- a/internal/netreap/netreap.go
+++ b/internal/netreap/netreap.go
@@ -31,3 +31,7 @@ const (
 var (
 	LabelCiliumPolicyName = LabelKeyCiliumPolicyName + "." + LabelSourceNetreap
 )
+
+type IgnoredLabels struct {
+	IgnoreMeta []string
+}
diff --git a/main.go b/main.go
index 52e4e26..ccedf59 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"os"
 	"os/signal"
+	"strings"
 
 	cilium_client "github.com/cilium/cilium/pkg/client"
 	cilium_logging "github.com/cilium/cilium/pkg/logging"
@@ -15,6 +16,7 @@ import (
 	"github.com/urfave/cli/v2"
 	"go.uber.org/zap"
 
+	"github.com/cosmonic-labs/netreap/internal/netreap"
 	"github.com/cosmonic-labs/netreap/internal/policy"
 	"github.com/cosmonic-labs/netreap/internal/zaplogrus"
 	"github.com/cosmonic-labs/netreap/reapers"
@@ -23,7 +25,8 @@ import (
 var Version = "unreleased"
 
 type config struct {
-	policyKey string
+	policyKey     string
+	ignoredLabels string
 }
 
 func main() {
@@ -55,6 +58,14 @@ func main() {
 				EnvVars:     []string{"NETREAP_POLICY_KEY"},
 				Destination: &conf.policyKey,
 			},
+			&cli.StringFlag{
+				Name:        "ignore-nomad-meta-labels",
+				Aliases:     []string{"i"},
+				Value:       "",
+				Usage:       "List of ignored labels collected from Nomad's job metainfo.",
+				EnvVars:     []string{"NETREAP_IGNORED_META_LABELS"},
+				Destination: &conf.ignoredLabels,
+			},
 		},
 		Before: func(ctx *cli.Context) error {
 			if debug {
@@ -137,8 +148,9 @@ func run(conf config) error {
 		return fmt.Errorf("unable to start node reaper: %s", err)
 	}
 
+	nomadIgnoredLables := netreap.IgnoredLabels{IgnoreMeta: strings.Split(conf.ignoredLabels, ",")}
 	zap.S().Debug("Starting endpoint reaper")
-	endpoint_reaper, err := reapers.NewEndpointReaper(cilium_client, nomad_client.Allocations(), nomad_client.EventStream(), nodeID)
+	endpoint_reaper, err := reapers.NewEndpointReaper(cilium_client, nomad_client.Allocations(), nomad_client.EventStream(), nodeID, nomadIgnoredLables)
 	if err != nil {
 		return err
 	}
diff --git a/reapers/endpoints.go b/reapers/endpoints.go
index 1778442..6be35e5 100644
--- a/reapers/endpoints.go
+++ b/reapers/endpoints.go
@@ -14,6 +14,7 @@ import (
 	"github.com/cosmonic-labs/netreap/internal/netreap"
 	nomad_api "github.com/hashicorp/nomad/api"
 	"go.uber.org/zap"
+	"golang.org/x/exp/slices"
 
 	backoff "github.com/cenkalti/backoff/v4"
 )
@@ -23,16 +24,18 @@ type EndpointReaper struct {
 	nomadAllocations AllocationInfo
 	nomadEventStream EventStreamer
 	nodeID           string
+	ignoredLabels    netreap.IgnoredLabels
 }
 
 // NewEndpointReaper creates a new EndpointReaper. This will run an initial reconciliation before
 // returning the reaper
-func NewEndpointReaper(ciliumClient EndpointUpdater, nomadAllocations AllocationInfo, nomadEventStream EventStreamer, nodeID string) (*EndpointReaper, error) {
+func NewEndpointReaper(ciliumClient EndpointUpdater, nomadAllocations AllocationInfo, nomadEventStream EventStreamer, nodeID string, ignoredLabels netreap.IgnoredLabels) (*EndpointReaper, error) {
 	reaper := EndpointReaper{
 		cilium:           ciliumClient,
 		nomadAllocations: nomadAllocations,
 		nomadEventStream: nomadEventStream,
 		nodeID:           nodeID,
+		ignoredLabels:    ignoredLabels,
 	}
 
 	// Do the initial reconciliation loop
@@ -290,7 +293,9 @@ func (e *EndpointReaper) labelEndpoint(endpoint *models.Endpoint, allocation *no
 	}
 
 	for k, v := range metadata {
-		newLabels = append(newLabels, fmt.Sprintf("%s:%s=%s", netreap.LabelSourceNomad, k, v))
+		if !slices.Contains(e.ignoredLabels.IgnoreMeta, k) {
+			newLabels = append(newLabels, fmt.Sprintf("%s:%s=%s", netreap.LabelSourceNomad, k, v))
+		}
 	}
 
 	oldLabels := models.Labels{}
diff --git a/reapers/endpoints_test.go b/reapers/endpoints_test.go
index b070de8..f70e7ab 100644
--- a/reapers/endpoints_test.go
+++ b/reapers/endpoints_test.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/cilium/cilium/api/v1/models"
 	endpoint_id "github.com/cilium/cilium/pkg/endpoint/id"
+	"github.com/cosmonic-labs/netreap/internal/netreap"
 	nomad_api "github.com/hashicorp/nomad/api"
 )
 
@@ -140,7 +141,7 @@ func TestEndpointReconcile(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			reaper, err := NewEndpointReaper(tt.cilium, tt.nomadAllocations, nil, "")
+			reaper, err := NewEndpointReaper(tt.cilium, tt.nomadAllocations, nil, "", netreap.IgnoredLabels{})
 			if err != nil {
 				t.Fatalf("unexpected error creating poller %v", err)
 			}

From 1a9473c73de9f76994f455b1324644e12d0acca1 Mon Sep 17 00:00:00 2001
From: Anton Belokurov <a.v.belokurov@tinkoff.ru>
Date: Thu, 24 Oct 2024 10:41:13 +0300
Subject: [PATCH 2/2] Readme update for new flag

---
 README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e370a1d..1f9b7de 100644
--- a/README.md
+++ b/README.md
@@ -234,10 +234,11 @@ clients are available to Netreap.
 
 ### Configuring
 
-| Flag                   | Env Var               | Default                       | Description                                                                                                   |
-| ---------------------- | --------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------- |
-| `--debug`              | `NETREAP_DEBUG`       | `false`                       | Turns on debug logging                                                                                        |
-| `--policy-key`         | `NETREAP_POLICY_KEY`  | `netreap.io/policy`           | Consul key that Netreap watches for changes to the Cilium policy JSON value |
+| Flag                         | Env Var                        | Default                       | Description                                                                                                   |
+| ---------------------------- | ------------------------------ | ----------------------------- | ------------------------------------------------------------------------------------------------------------- |
+| `--debug`                    | `NETREAP_DEBUG`                | `false`                       | Turns on debug logging                                                                                        |
+| `--policy-key`               | `NETREAP_POLICY_KEY`           | `netreap.io/policy`           | Consul key that Netreap watches for changes to the Cilium policy JSON value                                   |
+| `--ignore-nomad-meta-labels` | `NETREAP_IGNORED_META_LABELS`  | `""`                          | Comma-separated list of Nomad's job metadata that not will be passed to Cilium Endpoint labels                |
 
 Please note that to configure the Nomad, Consul and Cilium clients that Netreap uses,
 we leverage the well defined environment variables for