Selecting the pods you want to run with Deepfactor

With Deepfactor's mutating admission webhook controller you can instrument pods in your Kubernetes cluster without modifying your podspec. If you would like to know how to install and configure the Deepfactor mutating admission webhook in your K8s cluster refer to the following article

Run your Kubernetes workload with Deepfactor

Once the webhook is successfully installed in your K8s cluster, you can configure the instrumentation configuration from the UI. The following article will describe the fine grained options provided by the webhook that allow you to select which pods you would like to instrument with Deepfactor.

The options of importance for this purpose are:

  1. Include pods -> selector
    This option will let you filter the list of pods based on labels.
  2. Exclude options
    These are a set of options you can use to exclude certain pods or container images from being instrumented with Deepfactor.

As with other options, Deepfactor allows you to set these options at the cluster level and also override them per namespace if you would like to customize the behavior for a particular namespace.


This option follows the standard Kubernetes set based label selector syntax. You can read more about it in the following kubernetes documentation article

Labels and Selectors

Example: You want to instrument only the pods that match following criteria

  1. Pods have the label env=qa
  2. Pods have the label 'release'
  3. The label 'status' is set to either ready_for_qa or ready_for_staging

The following include selectors will meet the above mentioned criteria

- {key: env, operator: In, values: [qa]}
- {key: release, operator: exists } # A label with name release exists
- {key: status, operator: In, values: [ready_for_qa, ready_for_staging]}

Exclude Options

Deepfactor provides the following exclude options

Regular expressions for pod names: Pods with name that match any of the following regexes will not be observed by Deepfactor

Regular expressions for container image paths: Containers with image path that match any of the following regexes will not be observed by Deepfactor

These options can be used to exclude certain pods and container images from instrumentation.

Example: You want to exclude all containers that have 'istio' in the image path

Regular expressions for container image paths: ["/istio.*/']

By combining the selector and the exclude options, you can setup fine grained criteria and target only the pods that you wish to instrument with Deepfactor.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.