Support lookarounds for allow and deny lists?

[rexagod]

What happened: Currently, allow and deny lists are mutually exclusive, and only one of them can be specified at a time. So, for instance, if we want to "deny" all but one metric, for e.g., deny kube_*_created but don't deny kube_namespace_created, that's not possible as the standard regexp package has to guarantee an O(n) runtime complexity (or less) for all operations, which is not possible for lookarounds.

What you expected to happen: Using something like https://github.com/dlclark/regexp2#compare-regexp-and-regexp2 that allows for lookarounds in such expressions.

How to reproduce it (as minimally and precisely as possible): go run . --kubeconfig=$KUBECONFIG --metric-denylist='^kube_(?<=namespace_created).*_created$' doesn't work.

[k8s-ci-robot]

This issue is currently awaiting triage.

If kube-state-metrics contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.