search

yonahd / kor

A Golang Tool to discover unused Kubernetes Resources
MIT License
974 stars 91 forks source link

feat: add OpenShift exceptions #262

Closed doronkg closed 4 months ago

doronkg commented 4 months ago

What this PR does / why we need it

This PR excludes the default resources created in basic OpenShift installations. It also includes a fix in cmd/kor/crds.go to allow a new plural alias - kor crds.

PR Checklist

Github Issue

Closes #240

Notes for your reviewers

Basic OpenShift installation comes with 60+ namespaces beginning with openshift- prefix, which doesn't include additional namespaces created by OpenShift operators or customized installations, that would also be created with that prefix.

As I see it, there are 3 options to address this case:

  1. Entirely exclude all namespaces with openshift- prefix (flexible).
  2. Entirely exclude all the default namespaces created in the basic installation.
  3. Exclude all the default resources created in the default namespaces.

@yonahd please share your thoughts, I'm leaning towards option no. (1).

codecov-commenter commented 4 months ago

Codecov Report

Attention: Patch coverage is 38.59964% with 342 lines in your changes are missing coverage. Please review.

Project coverage is 40.96%. Comparing base (da2b1fe) to head (588aa68). Report is 14 commits behind head on main.

Files Patch % Lines
pkg/kor/all.go 0.00% 130 Missing :warning:
pkg/kor/kor.go 1.23% 80 Missing :warning:
pkg/kor/crds.go 0.00% 17 Missing :warning:
pkg/kor/jobs.go 66.66% 7 Missing and 3 partials :warning:
pkg/kor/clusterroles.go 62.50% 5 Missing and 1 partial :warning:
pkg/kor/configmaps.go 62.50% 5 Missing and 1 partial :warning:
pkg/kor/daemonsets.go 68.42% 5 Missing and 1 partial :warning:
pkg/kor/deployments.go 66.66% 5 Missing and 1 partial :warning:
pkg/kor/hpas.go 64.70% 5 Missing and 1 partial :warning:
pkg/kor/ingresses.go 64.70% 5 Missing and 1 partial :warning:
... and 13 more

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #262 +/- ## ========================================== - Coverage 43.37% 40.96% -2.42% ========================================== Files 58 58 Lines 2808 2910 +102 ========================================== - Hits 1218 1192 -26 - Misses 1400 1530 +130 + Partials 190 188 -2 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

yonahd commented 4 months ago

Is there anything in these openshift namespaces?

doronkg commented 4 months ago

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces. Attaching the output of kor all, not including the exclusions listed in this PR.

OpenShift Exceptions ``` Unused Resources in Namespace: openshift-config-managed +----+---------------+-----------------------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+---------------+-----------------------------------------------------+ | 1 | ConfigMap | admin-gates | | 2 | ConfigMap | bound-sa-token-signing-certs | | 3 | ConfigMap | console-public | | 4 | ConfigMap | csr-controller-ca | | 5 | ConfigMap | default-ingress-cert | | 6 | ConfigMap | etcd-dashboard | | 7 | ConfigMap | grafana-dashboard-apiserver-performance | | 8 | ConfigMap | grafana-dashboard-cluster-total | | 9 | ConfigMap | grafana-dashboard-k8s-resources-cluster | | 10 | ConfigMap | grafana-dashboard-k8s-resources-namespace | | 11 | ConfigMap | grafana-dashboard-k8s-resources-node | | 12 | ConfigMap | grafana-dashboard-k8s-resources-pod | | 13 | ConfigMap | grafana-dashboard-k8s-resources-workload | | 14 | ConfigMap | grafana-dashboard-k8s-resources-workloads-namespace | | 15 | ConfigMap | grafana-dashboard-namespace-by-pod | | 16 | ConfigMap | grafana-dashboard-node-cluster-rsrc-use | | 17 | ConfigMap | grafana-dashboard-node-rsrc-use | | 18 | ConfigMap | grafana-dashboard-pod-total | | 19 | ConfigMap | grafana-dashboard-prometheus | | 20 | ConfigMap | image-registry-ca | | 21 | ConfigMap | kube-apiserver-aggregator-client-ca | | 22 | ConfigMap | kube-apiserver-client-ca | | 23 | ConfigMap | kube-apiserver-server-ca | | 24 | ConfigMap | kubelet-bootstrap-kubeconfig | | 25 | ConfigMap | kubelet-serving-ca | | 26 | ConfigMap | merged-trusted-image-registry-ca | | 27 | ConfigMap | monitoring-shared-config | | 28 | ConfigMap | node-cluster | | 29 | ConfigMap | oauth-openshift | | 30 | ConfigMap | oauth-serving-cert | | 31 | ConfigMap | openshift-network-features | | 32 | ConfigMap | release-verification | | 33 | ConfigMap | sa-token-signing-certs | | 34 | ConfigMap | service-ca | | 35 | ConfigMap | signatures-managed | | 36 | ConfigMap | trusted-ca-bundle | | 37 | Secret | kube-controller-manager-client-cert-key | | 38 | Secret | kube-scheduler-client-cert-key | | 39 | Secret | router-certs | +----+---------------+-----------------------------------------------------+ Unused Resources in Namespace: openshift-console +---+---------------+----------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------------+ | 1 | ConfigMap | default-ingress-cert | | 2 | ReplicaSet | console-56f45dfc75 | | 3 | ReplicaSet | console-77c6d98d68 | | 4 | ReplicaSet | console-967ff4f46 | +---+---------------+----------------------+ Unused Resources in Namespace: openshift-route-controller-manager +---+---------------+-------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------------------+ | 1 | ReplicaSet | route-controller-manager-7655cc95fb | | 2 | ReplicaSet | route-controller-manager-89866bc78 | +---+---------------+-------------------------------------+ Unused Resources in Namespace: openshift-apiserver-operator +---+---------------+-------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------+ | 1 | ConfigMap | trusted-ca-bundle | +---+---------------+-------------------+ Unused Resources in Namespace: openshift-cluster-version +---+---------------+-------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------------------+ | 1 | ConfigMap | version | | 2 | ReplicaSet | cluster-version-operator-854cc99b6c | +---+---------------+-------------------------------------+ Unused Resources in Namespace: openshift-etcd +----+----------------+---------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+----------------+---------------------------------+ | 1 | ConfigMap | cluster-config-v1 | | 2 | ConfigMap | etcd-ca-bundle | | 3 | ConfigMap | etcd-endpoints | | 4 | ConfigMap | etcd-endpoints-2 | | 5 | ConfigMap | etcd-endpoints-3 | | 6 | ConfigMap | etcd-metrics-proxy-client-ca | | 7 | ConfigMap | etcd-metrics-proxy-client-ca-2 | | 8 | ConfigMap | etcd-metrics-proxy-client-ca-3 | | 9 | ConfigMap | etcd-metrics-proxy-serving-ca | | 10 | ConfigMap | etcd-metrics-proxy-serving-ca-2 | | 11 | ConfigMap | etcd-metrics-proxy-serving-ca-3 | | 12 | ConfigMap | etcd-peer-client-ca | | 13 | ConfigMap | etcd-peer-client-ca-2 | | 14 | ConfigMap | etcd-peer-client-ca-3 | | 15 | ConfigMap | etcd-pod | | 16 | ConfigMap | etcd-pod-2 | | 17 | ConfigMap | etcd-pod-3 | | 18 | ConfigMap | etcd-scripts | | 19 | ConfigMap | etcd-serving-ca | | 20 | ConfigMap | etcd-serving-ca-2 | | 21 | ConfigMap | etcd-serving-ca-3 | | 22 | ConfigMap | restore-etcd-pod | | 23 | ConfigMap | revision-status-1 | | 24 | ConfigMap | revision-status-2 | | 25 | ConfigMap | revision-status-3 | | 26 | Secret | etcd-all-certs | | 27 | Secret | etcd-all-certs-2 | | 28 | Secret | etcd-all-certs-3 | | 29 | Secret | etcd-client | | 30 | Secret | etcd-peer-doron-sno | | 31 | Secret | etcd-serving-doron-sno | | 32 | Secret | etcd-serving-metrics-doron-sno | | 33 | Secret | serving-cert | | 34 | ServiceAccount | etcd-sa | +----+----------------+---------------------------------+ Unused Resources in Namespace: openshift-kube-apiserver +----+---------------+------------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+---------------+------------------------------------------+ | 1 | ConfigMap | aggregator-client-ca | | 2 | ConfigMap | bound-sa-token-signing-certs | | 3 | ConfigMap | bound-sa-token-signing-certs-2 | | 4 | ConfigMap | bound-sa-token-signing-certs-3 | | 5 | ConfigMap | bound-sa-token-signing-certs-4 | | 6 | ConfigMap | bound-sa-token-signing-certs-5 | | 7 | ConfigMap | check-endpoints-kubeconfig | | 8 | ConfigMap | client-ca | | 9 | ConfigMap | config | | 10 | ConfigMap | config-2 | | 11 | ConfigMap | config-3 | | 12 | ConfigMap | config-4 | | 13 | ConfigMap | config-5 | | 14 | ConfigMap | control-plane-node-kubeconfig | | 15 | ConfigMap | etcd-serving-ca | | 16 | ConfigMap | etcd-serving-ca-2 | | 17 | ConfigMap | etcd-serving-ca-3 | | 18 | ConfigMap | etcd-serving-ca-4 | | 19 | ConfigMap | etcd-serving-ca-5 | | 20 | ConfigMap | kube-apiserver-audit-policies | | 21 | ConfigMap | kube-apiserver-audit-policies-2 | | 22 | ConfigMap | kube-apiserver-audit-policies-3 | | 23 | ConfigMap | kube-apiserver-audit-policies-4 | | 24 | ConfigMap | kube-apiserver-audit-policies-5 | | 25 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig | | 26 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-2 | | 27 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-3 | | 28 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-4 | | 29 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-5 | | 30 | ConfigMap | kube-apiserver-pod | | 31 | ConfigMap | kube-apiserver-pod-2 | | 32 | ConfigMap | kube-apiserver-pod-3 | | 33 | ConfigMap | kube-apiserver-pod-4 | | 34 | ConfigMap | kube-apiserver-pod-5 | | 35 | ConfigMap | kube-apiserver-server-ca | | 36 | ConfigMap | kube-apiserver-server-ca-2 | | 37 | ConfigMap | kube-apiserver-server-ca-3 | | 38 | ConfigMap | kube-apiserver-server-ca-4 | | 39 | ConfigMap | kube-apiserver-server-ca-5 | | 40 | ConfigMap | kubelet-serving-ca | | 41 | ConfigMap | kubelet-serving-ca-2 | | 42 | ConfigMap | kubelet-serving-ca-3 | | 43 | ConfigMap | kubelet-serving-ca-4 | | 44 | ConfigMap | kubelet-serving-ca-5 | | 45 | ConfigMap | oauth-metadata | | 46 | ConfigMap | oauth-metadata-5 | | 47 | ConfigMap | revision-status-1 | | 48 | ConfigMap | revision-status-2 | | 49 | ConfigMap | revision-status-3 | | 50 | ConfigMap | revision-status-4 | | 51 | ConfigMap | revision-status-5 | | 52 | ConfigMap | sa-token-signing-certs | | 53 | ConfigMap | sa-token-signing-certs-2 | | 54 | ConfigMap | sa-token-signing-certs-3 | | 55 | ConfigMap | sa-token-signing-certs-4 | | 56 | ConfigMap | sa-token-signing-certs-5 | | 57 | ConfigMap | trusted-ca-bundle | | 58 | Secret | aggregator-client | | 59 | Secret | bound-service-account-signing-key | | 60 | Secret | check-endpoints-client-cert-key | | 61 | Secret | control-plane-node-admin-client-cert-key | | 62 | Secret | etcd-client | | 63 | Secret | etcd-client-2 | | 64 | Secret | etcd-client-3 | | 65 | Secret | etcd-client-4 | | 66 | Secret | etcd-client-5 | | 67 | Secret | external-loadbalancer-serving-certkey | | 68 | Secret | internal-loadbalancer-serving-certkey | | 69 | Secret | kubelet-client | | 70 | Secret | localhost-recovery-client-token-2 | | 71 | Secret | localhost-recovery-client-token-3 | | 72 | Secret | localhost-recovery-client-token-4 | | 73 | Secret | localhost-recovery-client-token-5 | | 74 | Secret | localhost-recovery-serving-certkey | | 75 | Secret | localhost-recovery-serving-certkey-2 | | 76 | Secret | localhost-recovery-serving-certkey-3 | | 77 | Secret | localhost-recovery-serving-certkey-4 | | 78 | Secret | localhost-recovery-serving-certkey-5 | | 79 | Secret | localhost-serving-cert-certkey | | 80 | Secret | node-kubeconfigs | | 81 | Secret | service-network-serving-certkey | | 82 | Secret | webhook-authenticator | | 83 | Secret | webhook-authenticator-2 | | 84 | Secret | webhook-authenticator-3 | | 85 | Secret | webhook-authenticator-4 | | 86 | Secret | webhook-authenticator-5 | +----+---------------+------------------------------------------+ Unused Resources in Namespace: openshift-cluster-storage-operator +---+---------------+-----------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-----------------------------------------+ | 1 | ConfigMap | csi-snapshot-controller-operator-config | | 2 | Secret | serving-cert | +---+---------------+-----------------------------------------+ Unused Resources in Namespace: openshift-machine-api +----+----------------+-------------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+----------------+-------------------------------------------+ | 1 | ConfigMap | cbo-trusted-ca | | 2 | ConfigMap | machine-api-operator | | 3 | ConfigMap | mao-trusted-ca | | 4 | Service | machine-api-controllers | | 5 | Service | machine-api-operator-machine-webhook | | 6 | Service | machine-api-operator-webhook | | 7 | Secret | machine-api-controllers-tls | | 8 | Secret | machine-api-operator-machine-webhook-cert | | 9 | Secret | machine-api-operator-webhook-cert | | 10 | Secret | master-user-data | | 11 | Secret | master-user-data-managed | | 12 | Secret | worker-user-data | | 13 | Secret | worker-user-data-managed | | 14 | ServiceAccount | machine-api-termination-handler | +----+----------------+-------------------------------------------+ Unused Resources in Namespace: openshift-network-operator +---+---------------+-----------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-----------------+ | 1 | ConfigMap | applied-cluster | | 2 | ConfigMap | mtu | +---+---------------+-----------------+ Unused Resources in Namespace: openshift-user-workload-monitoring +---+---------------+--------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+--------------------------------------+ | 1 | Role | user-workload-monitoring-config-edit | +---+---------------+--------------------------------------+ Unused Resources in Namespace: openshift-monitoring +----+----------------+------------------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+----------------+------------------------------------------------+ | 1 | ConfigMap | alertmanager-trusted-ca-bundle | | 2 | ConfigMap | prometheus-trusted-ca-bundle | | 3 | ConfigMap | telemeter-trusted-ca-bundle | | 4 | ConfigMap | thanos-querier-trusted-ca-bundle | | 5 | Secret | alert-relabel-configs | | 6 | Secret | alertmanager-main | | 7 | Secret | grpc-tls | | 8 | Secret | prometheus-adapter-tls | | 9 | Secret | prometheus-k8s-additional-alertmanager-configs | | 10 | ServiceAccount | monitoring-plugin | | 11 | ReplicaSet | prometheus-adapter-6b4d895d78 | +----+----------------+------------------------------------------------+ Unused Resources in Namespace: openshift-multus +---+---------------+----------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------------------------------+ | 1 | ReplicaSet | multus-admission-controller-58bb7cd877 | | 2 | ReplicaSet | multus-admission-controller-6dbc6c56b4 | +---+---------------+----------------------------------------+ Unused Resources in Namespace: openshift-network-node-identity +---+---------------+--------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+--------------------------+ | 1 | ConfigMap | network-node-identity-ca | | 2 | Secret | network-node-identity-ca | +---+---------------+--------------------------+ Unused Resources in Namespace: openshift-ovn-kubernetes +---+---------------+----------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------------+ | 1 | ConfigMap | control-plane-status | | 2 | ConfigMap | ovn-ca | | 3 | ConfigMap | signer-ca | | 4 | Secret | ovn-ca | | 5 | Secret | ovn-cert | | 6 | Secret | signer-ca | | 7 | Secret | signer-cert | +---+---------------+----------------------+ Unused Resources in Namespace: openshift-ingress-operator +---+---------------+---------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+---------------+ | 1 | Secret | router-ca | +---+---------------+---------------+ Unused Resources in Namespace: openshift-cloud-credential-operator +---+---------------+----------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------------------------+ | 1 | ConfigMap | cloud-credential-operator-leader | +---+---------------+----------------------------------+ Unused Resources in Namespace: openshift-cluster-samples-operator +---+---------------+-------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------+ | 1 | ConfigMap | imagestreamtag-to-image | +---+---------------+-------------------------+ Unused Resources in Namespace: openshift-controller-manager +---+---------------+-------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------------+ | 1 | ConfigMap | openshift-master-controllers | | 2 | ConfigMap | openshift-service-ca | | 3 | ReplicaSet | controller-manager-6f547445f7 | | 4 | ReplicaSet | controller-manager-6fd95964d7 | | 5 | ReplicaSet | controller-manager-c6444598d | +---+---------------+-------------------------------+ Unused Resources in Namespace: openshift-oauth-apiserver +---+---------------+-------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------------+ | 1 | ConfigMap | audit | | 2 | ConfigMap | revision-status-1 | | 3 | Secret | openshift-authenticator-certs | | 4 | ReplicaSet | apiserver-6dd6fb6f7b | | 5 | ReplicaSet | apiserver-9549986d6 | +---+---------------+-------------------------------+ Unused Resources in Namespace: openshift-config +----+---------------+-----------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+---------------+-----------------------------------------+ | 1 | ConfigMap | admin-acks | | 2 | ConfigMap | admin-kubeconfig-client-ca | | 3 | ConfigMap | etcd-ca-bundle | | 4 | ConfigMap | etcd-metric-serving-ca | | 5 | ConfigMap | etcd-serving-ca | | 6 | ConfigMap | initial-kube-apiserver-server-ca | | 7 | ConfigMap | openshift-install-manifests | | 8 | Secret | etcd-client | | 9 | Secret | etcd-metric-client | | 10 | Secret | etcd-metric-signer | | 11 | Secret | etcd-signer | | 12 | Secret | initial-service-account-private-key | | 13 | Secret | webhook-authentication-integrated-oauth | +----+---------------+-----------------------------------------+ Unused Resources in Namespace: openshift-image-registry +---+---------------+---------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+---------------+ | 1 | ConfigMap | serviceca | +---+---------------+---------------+ Unused Resources in Namespace: openshift-kube-apiserver-operator +----+---------------+----------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+---------------+----------------------------------------+ | 1 | ConfigMap | kube-apiserver-to-kubelet-client-ca | | 2 | ConfigMap | kube-control-plane-signer-ca | | 3 | ConfigMap | loadbalancer-serving-ca | | 4 | ConfigMap | localhost-recovery-serving-ca | | 5 | ConfigMap | localhost-serving-ca | | 6 | ConfigMap | node-system-admin-ca | | 7 | ConfigMap | service-network-serving-ca | | 8 | Secret | aggregator-client-signer | | 9 | Secret | kube-apiserver-to-kubelet-signer | | 10 | Secret | kube-control-plane-signer | | 11 | Secret | loadbalancer-serving-signer | | 12 | Secret | localhost-recovery-serving-signer | | 13 | Secret | localhost-serving-signer | | 14 | Secret | next-bound-service-account-signing-key | | 15 | Secret | node-system-admin-client | | 16 | Secret | node-system-admin-signer | | 17 | Secret | service-network-serving-signer | +----+---------------+----------------------------------------+ Unused Resources in Namespace: openshift-operator-lifecycle-manager +---+---------------+-----------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-----------------------------+ | 1 | ConfigMap | catalog-operator-heap-4hd9f | | 2 | ConfigMap | olm-operator-heap-8qpq7 | | 3 | Pdb | packageserver-pdb | | 4 | Job | collect-profiles-28583850 | | 5 | Job | collect-profiles-28583865 | | 6 | Job | collect-profiles-28583880 | +---+---------------+-----------------------------+ Unused Resources in Namespace: openshift-apiserver +---+---------------+---------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+---------------------+ | 1 | ConfigMap | audit | | 2 | ConfigMap | revision-status-1 | | 3 | ReplicaSet | apiserver-c7f89cff6 | +---+---------------+---------------------+ Unused Resources in Namespace: openshift-controller-manager-operator +---+---------------+-------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------------------+ | 1 | ConfigMap | openshift-controller-manager-images | +---+---------------+-------------------------------------+ Unused Resources in Namespace: openshift-etcd-operator +---+---------------+------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+------------------------+ | 1 | ConfigMap | etcd-metric-serving-ca | | 2 | Secret | etcd-metric-client | +---+---------------+------------------------+ Unused Resources in Namespace: openshift-machine-config-operator +---+---------------+---------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+---------------------------+ | 1 | ConfigMap | coreos-bootimages | | 2 | ConfigMap | machine-config-osimageurl | +---+---------------+---------------------------+ Unused Resources in Namespace: openshift-authentication +---+---------------+-----------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-----------------------------+ | 1 | ConfigMap | v4-0-config-system-metadata | | 2 | ReplicaSet | oauth-openshift-5f7bff87b6 | | 3 | ReplicaSet | oauth-openshift-745f9cb764 | | 4 | ReplicaSet | oauth-openshift-8497f7787b | +---+---------------+-----------------------------+ Unused Resources in Namespace: openshift-kube-controller-manager +----+----------------+------------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+----------------+------------------------------------------+ | 1 | ConfigMap | aggregator-client-ca | | 2 | ConfigMap | client-ca | | 3 | ConfigMap | cluster-policy-controller-config | | 4 | ConfigMap | cluster-policy-controller-config-2 | | 5 | ConfigMap | cluster-policy-controller-config-3 | | 6 | ConfigMap | cluster-policy-controller-config-4 | | 7 | ConfigMap | cluster-policy-controller-config-5 | | 8 | ConfigMap | cluster-policy-controller-config-6 | | 9 | ConfigMap | config | | 10 | ConfigMap | config-2 | | 11 | ConfigMap | config-3 | | 12 | ConfigMap | config-4 | | 13 | ConfigMap | config-5 | | 14 | ConfigMap | config-6 | | 15 | ConfigMap | controller-manager-kubeconfig | | 16 | ConfigMap | controller-manager-kubeconfig-2 | | 17 | ConfigMap | controller-manager-kubeconfig-3 | | 18 | ConfigMap | controller-manager-kubeconfig-4 | | 19 | ConfigMap | controller-manager-kubeconfig-5 | | 20 | ConfigMap | controller-manager-kubeconfig-6 | | 21 | ConfigMap | kube-controller-cert-syncer-kubeconfig | | 22 | ConfigMap | kube-controller-cert-syncer-kubeconfig-2 | | 23 | ConfigMap | kube-controller-cert-syncer-kubeconfig-3 | | 24 | ConfigMap | kube-controller-cert-syncer-kubeconfig-4 | | 25 | ConfigMap | kube-controller-cert-syncer-kubeconfig-5 | | 26 | ConfigMap | kube-controller-cert-syncer-kubeconfig-6 | | 27 | ConfigMap | kube-controller-manager-pod | | 28 | ConfigMap | kube-controller-manager-pod-2 | | 29 | ConfigMap | kube-controller-manager-pod-3 | | 30 | ConfigMap | kube-controller-manager-pod-4 | | 31 | ConfigMap | kube-controller-manager-pod-5 | | 32 | ConfigMap | kube-controller-manager-pod-6 | | 33 | ConfigMap | recycler-config | | 34 | ConfigMap | recycler-config-2 | | 35 | ConfigMap | recycler-config-3 | | 36 | ConfigMap | recycler-config-4 | | 37 | ConfigMap | recycler-config-5 | | 38 | ConfigMap | recycler-config-6 | | 39 | ConfigMap | revision-status-1 | | 40 | ConfigMap | revision-status-2 | | 41 | ConfigMap | revision-status-3 | | 42 | ConfigMap | revision-status-4 | | 43 | ConfigMap | revision-status-5 | | 44 | ConfigMap | revision-status-6 | | 45 | ConfigMap | service-ca | | 46 | ConfigMap | service-ca-2 | | 47 | ConfigMap | service-ca-3 | | 48 | ConfigMap | service-ca-4 | | 49 | ConfigMap | service-ca-5 | | 50 | ConfigMap | service-ca-6 | | 51 | ConfigMap | serviceaccount-ca | | 52 | ConfigMap | serviceaccount-ca-2 | | 53 | ConfigMap | serviceaccount-ca-3 | | 54 | ConfigMap | serviceaccount-ca-4 | | 55 | ConfigMap | serviceaccount-ca-5 | | 56 | ConfigMap | serviceaccount-ca-6 | | 57 | ConfigMap | trusted-ca-bundle | | 58 | Secret | csr-signer | | 59 | Secret | kube-controller-manager-client-cert-key | | 60 | Secret | localhost-recovery-client-token-2 | | 61 | Secret | localhost-recovery-client-token-3 | | 62 | Secret | localhost-recovery-client-token-4 | | 63 | Secret | localhost-recovery-client-token-5 | | 64 | Secret | localhost-recovery-client-token-6 | | 65 | Secret | service-account-private-key | | 66 | Secret | service-account-private-key-2 | | 67 | Secret | service-account-private-key-3 | | 68 | Secret | service-account-private-key-4 | | 69 | Secret | service-account-private-key-5 | | 70 | Secret | service-account-private-key-6 | | 71 | Secret | serving-cert | | 72 | Secret | serving-cert-2 | | 73 | Secret | serving-cert-3 | | 74 | Secret | serving-cert-4 | | 75 | Secret | serving-cert-5 | | 76 | Secret | serving-cert-6 | | 77 | ServiceAccount | kube-controller-manager-sa | +----+----------------+------------------------------------------+ Unused Resources in Namespace: openshift-kube-scheduler +----+---------------+-----------------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +----+---------------+-----------------------------------------+ | 1 | ConfigMap | config | | 2 | ConfigMap | config-2 | | 3 | ConfigMap | config-3 | | 4 | ConfigMap | config-4 | | 5 | ConfigMap | config-5 | | 6 | ConfigMap | config-6 | | 7 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig | | 8 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-2 | | 9 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-3 | | 10 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-4 | | 11 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-5 | | 12 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-6 | | 13 | ConfigMap | kube-scheduler-pod | | 14 | ConfigMap | kube-scheduler-pod-2 | | 15 | ConfigMap | kube-scheduler-pod-3 | | 16 | ConfigMap | kube-scheduler-pod-4 | | 17 | ConfigMap | kube-scheduler-pod-5 | | 18 | ConfigMap | kube-scheduler-pod-6 | | 19 | ConfigMap | revision-status-2 | | 20 | ConfigMap | revision-status-3 | | 21 | ConfigMap | revision-status-4 | | 22 | ConfigMap | revision-status-5 | | 23 | ConfigMap | revision-status-6 | | 24 | ConfigMap | scheduler-kubeconfig | | 25 | ConfigMap | scheduler-kubeconfig-2 | | 26 | ConfigMap | scheduler-kubeconfig-3 | | 27 | ConfigMap | scheduler-kubeconfig-4 | | 28 | ConfigMap | scheduler-kubeconfig-5 | | 29 | ConfigMap | scheduler-kubeconfig-6 | | 30 | ConfigMap | serviceaccount-ca | | 31 | ConfigMap | serviceaccount-ca-2 | | 32 | ConfigMap | serviceaccount-ca-3 | | 33 | ConfigMap | serviceaccount-ca-4 | | 34 | ConfigMap | serviceaccount-ca-5 | | 35 | ConfigMap | serviceaccount-ca-6 | | 36 | Secret | kube-scheduler-client-cert-key | | 37 | Secret | localhost-recovery-client-token-2 | | 38 | Secret | localhost-recovery-client-token-3 | | 39 | Secret | localhost-recovery-client-token-4 | | 40 | Secret | localhost-recovery-client-token-5 | | 41 | Secret | localhost-recovery-client-token-6 | | 42 | Secret | serving-cert | | 43 | Secret | serving-cert-2 | | 44 | Secret | serving-cert-3 | | 45 | Secret | serving-cert-4 | | 46 | Secret | serving-cert-5 | | 47 | Secret | serving-cert-6 | +----+---------------+-----------------------------------------+ Unused Resources in Namespace: openshift-marketplace +---+---------------+---------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+---------------------------+ | 1 | ConfigMap | marketplace-operator-lock | +---+---------------+---------------------------+ Unused Resources in Namespace: openshift-cloud-controller-manager +---+---------------+----------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------+ | 1 | ConfigMap | ccm-trusted-ca | +---+---------------+----------------+ Unused Resources in Namespace: openshift-kube-controller-manager-operator +---+---------------+----------------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+----------------------------------+ | 1 | ConfigMap | csr-controller-ca | | 2 | ConfigMap | csr-controller-signer-ca | | 3 | ConfigMap | csr-signer-ca | | 4 | Secret | csr-signer | | 5 | Secret | csr-signer-signer | | 6 | Secret | next-service-account-private-key | +---+---------------+----------------------------------+ Unused Resources in Namespace: openshift-console-user-settings +---+---------------+-------------------------+ | # | RESOURCE TYPE | RESOURCE NAME | +---+---------------+-------------------------+ | 1 | ConfigMap | user-settings-kubeadmin | +---+---------------+-------------------------+ ```
yonahd commented 4 months ago

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces. Attaching the output of kor all, not including the exclusions listed in this PR.

OpenShift Exceptions

Looks like we need a namespace exception for these

doronkg commented 4 months ago

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces. Attaching the output of kor all, not including the exclusions listed in this PR. OpenShift Exceptions

Looks like we need a namespace exception for these

We can wait for #249 to be merged and then apply that logic in this PR / new one.

doronkg commented 4 months ago

Merge hell. Closing this PR and re-submitting.