We have few video to show K8sPurger in action.
Quick one show how to install in cluster and get alert in slack. K8sPurger (Duration 4:23) :- https://www.youtube.com/watch?v=QfDvHcfCihY
Deep Dive where we have covered all concept and both way to run K8sPurger and many more K8sPurger Deep Dive (Duration 38:49) :- https://www.youtube.com/watch?v=AAmCz3lMQC8
We have not shown monitoring setup (prometheus operator) as there are already lot of documentation available for same
1) What this script do?
This will find all unused resources and show them in a nice format.
2) Why you need this?
When we add a new application or Microservices it is simple as installing a chart or kubectl -f on a big manifest but when we want to remove we don't know what are resources it created. Many times we can't remove them fully because we have 10's or 100's such resources and don’t have enough time to hunt and kill or many times we just inherited a cluster. Having an unused item in the cluster is not good practice as the Etcd DB size grows the performance starts degrading. Also many times it possessed a security risk(unknown SA and rolebinding).
Lastly most dear to us saving cost in case of PVC we are paying for them to cloud provider.
3) Is this cause any effect on my cluster?
This will just list the unused resources according to predefined criteria which are mentioned after NAQ. This will just give the list of resources that are Potentially unused so you can focus on them an only instant of looking for a needle in the haystack.
Note:- You should not trust strangers' words on the internet so browse the script as it is under apache 2 License and try on dummy cluster.
4) How this work? Can I just use the kubectl command to do the same?
The kubectl does not directly give these details you have to invest a lot of time. If you know a short way, Please let me know via raising the issue (sharing is caring). This script will get all pods in all namespaces and scan them for these resources and make a list and then get the resource in Kubernetes and just give you the difference.
5) So if I understood correctly it will scan the pod only. what if I have deployment/StatefullSet which has zero replica set?
Yes, in that case, the resource will be shown as unused. If you have zero replicas means you are not using that resource.
6) Why PVC why not PV?
Normally we use PVC to manage PV and when we delete claims, PV will be deleted or retained as per storage-class configuration. To avoid any potential data loss I choose to work with PVC only.
8) What if I hit a bug or required any feature?
You can raise an issue. I will try to fix the bug. The feature has to look into how much time is required.
There are two ways we can run this utility. Once is ad-hoc another is deploying in Kubernetes itself which will run periodically and capture unused resources and expose them as Prometheus metrics. Once capture in Prometheus one can do all sorts of alerting and visualization. Both ways are covered in the part.
Exclusion:- All objects in kube-system and kube-system are excluded also all secrets which are token or type TLS are excluded to avoid the high list of false positive.
Twitter https://twitter.com/yogeshkunjir LinkedIn https://www.linkedin.com/in/yogeshkunjir/