mirror of
https://github.com/cmur2/kube-stale-resources.git
synced 2024-12-22 02:54:24 +01:00
Fiat lux
This commit is contained in:
commit
d5bb54cc8e
187
LICENSE
Normal file
187
LICENSE
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
14
Pipfile
Normal file
14
Pipfile
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[[source]]
|
||||||
|
url = 'https://pypi.python.org/simple'
|
||||||
|
|
||||||
|
[requires]
|
||||||
|
python_version = '3.8'
|
||||||
|
|
||||||
|
[packages]
|
||||||
|
pyyaml = '*'
|
||||||
|
requests = '*'
|
||||||
|
|
||||||
|
[dev-packages]
|
||||||
|
rope = '*'
|
||||||
|
pylint = '*'
|
||||||
|
yapf = '*'
|
153
Pipfile.lock
generated
Normal file
153
Pipfile.lock
generated
Normal file
@ -0,0 +1,153 @@
|
|||||||
|
{
|
||||||
|
"_meta": {
|
||||||
|
"hash": {
|
||||||
|
"sha256": "dba3ebb339150511f91075ab30df27c809a6fee8c82646a583a5a92aaf121c6f"
|
||||||
|
},
|
||||||
|
"pipfile-spec": 6,
|
||||||
|
"requires": {
|
||||||
|
"python_version": "3.8"
|
||||||
|
},
|
||||||
|
"sources": [
|
||||||
|
{
|
||||||
|
"url": "https://pypi.python.org/simple"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"default": {
|
||||||
|
"certifi": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
|
||||||
|
"sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
|
||||||
|
],
|
||||||
|
"version": "==2019.11.28"
|
||||||
|
},
|
||||||
|
"chardet": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
|
||||||
|
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
|
||||||
|
],
|
||||||
|
"version": "==3.0.4"
|
||||||
|
},
|
||||||
|
"idna": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
|
||||||
|
"sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
|
||||||
|
],
|
||||||
|
"version": "==2.8"
|
||||||
|
},
|
||||||
|
"pyyaml": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc",
|
||||||
|
"sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803",
|
||||||
|
"sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc",
|
||||||
|
"sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15",
|
||||||
|
"sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075",
|
||||||
|
"sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd",
|
||||||
|
"sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31",
|
||||||
|
"sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f",
|
||||||
|
"sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c",
|
||||||
|
"sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04",
|
||||||
|
"sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4"
|
||||||
|
],
|
||||||
|
"version": "==5.2"
|
||||||
|
},
|
||||||
|
"requests": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
|
||||||
|
"sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
|
||||||
|
],
|
||||||
|
"version": "==2.22.0"
|
||||||
|
},
|
||||||
|
"urllib3": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
|
||||||
|
"sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
|
||||||
|
],
|
||||||
|
"version": "==1.25.7"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"develop": {
|
||||||
|
"astroid": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:71ea07f44df9568a75d0f354c49143a4575d90645e9fead6dfb52c26a85ed13a",
|
||||||
|
"sha256:840947ebfa8b58f318d42301cf8c0a20fd794a33b61cc4638e28e9e61ba32f42"
|
||||||
|
],
|
||||||
|
"version": "==2.3.3"
|
||||||
|
},
|
||||||
|
"isort": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:54da7e92468955c4fceacd0c86bd0ec997b0e1ee80d97f67c35a78b719dccab1",
|
||||||
|
"sha256:6e811fcb295968434526407adb8796944f1988c5b65e8139058f2014cbe100fd"
|
||||||
|
],
|
||||||
|
"version": "==4.3.21"
|
||||||
|
},
|
||||||
|
"lazy-object-proxy": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:0c4b206227a8097f05c4dbdd323c50edf81f15db3b8dc064d08c62d37e1a504d",
|
||||||
|
"sha256:194d092e6f246b906e8f70884e620e459fc54db3259e60cf69a4d66c3fda3449",
|
||||||
|
"sha256:1be7e4c9f96948003609aa6c974ae59830a6baecc5376c25c92d7d697e684c08",
|
||||||
|
"sha256:4677f594e474c91da97f489fea5b7daa17b5517190899cf213697e48d3902f5a",
|
||||||
|
"sha256:48dab84ebd4831077b150572aec802f303117c8cc5c871e182447281ebf3ac50",
|
||||||
|
"sha256:5541cada25cd173702dbd99f8e22434105456314462326f06dba3e180f203dfd",
|
||||||
|
"sha256:59f79fef100b09564bc2df42ea2d8d21a64fdcda64979c0fa3db7bdaabaf6239",
|
||||||
|
"sha256:8d859b89baf8ef7f8bc6b00aa20316483d67f0b1cbf422f5b4dc56701c8f2ffb",
|
||||||
|
"sha256:9254f4358b9b541e3441b007a0ea0764b9d056afdeafc1a5569eee1cc6c1b9ea",
|
||||||
|
"sha256:9651375199045a358eb6741df3e02a651e0330be090b3bc79f6d0de31a80ec3e",
|
||||||
|
"sha256:97bb5884f6f1cdce0099f86b907aa41c970c3c672ac8b9c8352789e103cf3156",
|
||||||
|
"sha256:9b15f3f4c0f35727d3a0fba4b770b3c4ebbb1fa907dbcc046a1d2799f3edd142",
|
||||||
|
"sha256:a2238e9d1bb71a56cd710611a1614d1194dc10a175c1e08d75e1a7bcc250d442",
|
||||||
|
"sha256:a6ae12d08c0bf9909ce12385803a543bfe99b95fe01e752536a60af2b7797c62",
|
||||||
|
"sha256:ca0a928a3ddbc5725be2dd1cf895ec0a254798915fb3a36af0964a0a4149e3db",
|
||||||
|
"sha256:cb2c7c57005a6804ab66f106ceb8482da55f5314b7fcb06551db1edae4ad1531",
|
||||||
|
"sha256:d74bb8693bf9cf75ac3b47a54d716bbb1a92648d5f781fc799347cfc95952383",
|
||||||
|
"sha256:d945239a5639b3ff35b70a88c5f2f491913eb94871780ebfabb2568bd58afc5a",
|
||||||
|
"sha256:eba7011090323c1dadf18b3b689845fd96a61ba0a1dfbd7f24b921398affc357",
|
||||||
|
"sha256:efa1909120ce98bbb3777e8b6f92237f5d5c8ea6758efea36a473e1d38f7d3e4",
|
||||||
|
"sha256:f3900e8a5de27447acbf900b4750b0ddfd7ec1ea7fbaf11dfa911141bc522af0"
|
||||||
|
],
|
||||||
|
"version": "==1.4.3"
|
||||||
|
},
|
||||||
|
"mccabe": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42",
|
||||||
|
"sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
|
||||||
|
],
|
||||||
|
"version": "==0.6.1"
|
||||||
|
},
|
||||||
|
"pylint": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:3db5468ad013380e987410a8d6956226963aed94ecb5f9d3a28acca6d9ac36cd",
|
||||||
|
"sha256:886e6afc935ea2590b462664b161ca9a5e40168ea99e5300935f6591ad467df4"
|
||||||
|
],
|
||||||
|
"version": "==2.4.4"
|
||||||
|
},
|
||||||
|
"rope": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:6b728fdc3e98a83446c27a91fc5d56808a004f8beab7a31ab1d7224cecc7d969",
|
||||||
|
"sha256:c5c5a6a87f7b1a2095fb311135e2a3d1f194f5ecb96900fdd0a9100881f48aaf",
|
||||||
|
"sha256:f0dcf719b63200d492b85535ebe5ea9b29e0d0b8aebeb87fe03fc1a65924fdaf"
|
||||||
|
],
|
||||||
|
"version": "==0.14.0"
|
||||||
|
},
|
||||||
|
"six": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd",
|
||||||
|
"sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
|
||||||
|
],
|
||||||
|
"version": "==1.13.0"
|
||||||
|
},
|
||||||
|
"wrapt": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:565a021fd19419476b9362b05eeaa094178de64f8361e44468f9e9d7843901e1"
|
||||||
|
],
|
||||||
|
"version": "==1.11.2"
|
||||||
|
},
|
||||||
|
"yapf": {
|
||||||
|
"hashes": [
|
||||||
|
"sha256:712e23c468506bf12cadd10169f852572ecc61b266258422d45aaf4ad7ef43de",
|
||||||
|
"sha256:cad8a272c6001b3401de3278238fdc54997b6c2e56baa751788915f879a52fca"
|
||||||
|
],
|
||||||
|
"version": "==0.29.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
91
README.md
Normal file
91
README.md
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
# kube-stale-resources
|
||||||
|
|
||||||
|
This is a utility to detect stale resources in [Kubernetes](https://kubernetes.io/) clusters between resources from YAML manifests supplied via local file or stdin (target state) and a Kubernetes cluster (live state).
|
||||||
|
All resources that exist in the live state but not in the target state are considered *stale* as they deviate from the intended state of the Kubernetes cluster (closed world assumption). It is intended as a complement to [kubectl diff](https://kubernetes.io/blog/2019/01/14/apiserver-dry-run-and-kubectl-diff/).
|
||||||
|
|
||||||
|
Using a blacklist you can ignore resources from the live state from the comparison so they are not considered *stale* even though they do not exist in the given target state. This is useful when those resources are created by Kubernetes itself (e.g. the `kubernetes` service in the default namespace), managed by the Kubernetes cluster provider or another tool outside the scope.
|
||||||
|
|
||||||
|
A use case for `kube-stale-resources` is using it alongside `kubectl diff` on locally present YAML manifests so `kubectl diff` can detect newly created Kubernetes resources and changes to those resources and `kube-stale-resources` can alert the user on stale resources that should be deleted from the cluster.
|
||||||
|
|
||||||
|
Limitations:
|
||||||
|
|
||||||
|
- currently only works on namespaced resources
|
||||||
|
- currently requires explicit `metadata.namespace` field even for resources in default namespace
|
||||||
|
- requires unauthenticated HTTP(S) access to Kubernetes apiserver, e.g. via `kubectl proxy`
|
||||||
|
- only accounts for `apiVersion` deprecations up until Kubernetes 1.16
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
You need Python 3.8 or higher.
|
||||||
|
|
||||||
|
Assuming you have a properly setup `.kube/config` (e.g. using [minikube](https://github.com/kubernetes/minikube) after a successful `minikube start`) running:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl proxy &
|
||||||
|
|
||||||
|
# ignore minikube resources
|
||||||
|
cat <<EOF > blacklist.txt
|
||||||
|
^kubernetes-dashboard:.*$
|
||||||
|
^default:events.k8s.io/v1beta1:Event:minikube..*$
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# orderly created resource using YAML manifest in e.g. git
|
||||||
|
cat <<EOF > version-controlled-resources.yml
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: foo
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
name: http
|
||||||
|
targetPort: 80
|
||||||
|
selector:
|
||||||
|
app: foo
|
||||||
|
EOF
|
||||||
|
kubectl apply -f version-controlled-resources.yml
|
||||||
|
|
||||||
|
# on-the-fly created resource using imperative command
|
||||||
|
kubectl create service clusterip bar --tcp='8080:8080'
|
||||||
|
|
||||||
|
cat version-controlled-resources.yml | python kube-stale-resources.py -f - --blacklist blacklist.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
This should yield a similar output to as we ignored what minikube sets up by default (e.g. the whole `kubernetes-dashboard` namespace):
|
||||||
|
|
||||||
|
```
|
||||||
|
Reading blacklist file blacklist.txt...
|
||||||
|
Retrieving target state...
|
||||||
|
Retrieving live state from http://localhost:8001...
|
||||||
|
Live dynamic configmaps that are not in target (stale):
|
||||||
|
.. 0 entries
|
||||||
|
|
||||||
|
Live resources w/o dynamic configmaps that are not in target (stale):
|
||||||
|
default:v1:Service:bar
|
||||||
|
.. 1 entries
|
||||||
|
```
|
||||||
|
|
||||||
|
Run `python kube-stale-resources.py -h` for full list of options.
|
||||||
|
|
||||||
|
|
||||||
|
## Blacklisting
|
||||||
|
|
||||||
|
Example blacklist file for a cluster on [GKE](https://cloud.google.com/kubernetes-engine/) that also uses [cert-manager](https://github.com/jetstack/cert-manager):
|
||||||
|
|
||||||
|
```
|
||||||
|
^.*:v1:ResourceQuota:gke-resource-quotas$
|
||||||
|
^default:v1:LimitRange:limits$
|
||||||
|
|
||||||
|
^.*:certmanager.k8s.io/v1alpha1:Order:.*$
|
||||||
|
```
|
||||||
|
|
||||||
|
In general a blacklist file contains one regular expression per line that are matched against a string of format `<namespace-name>:<apiVersion>:<kind>:<resource-name>` for each resource.
|
||||||
|
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
kube-stale-resources is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for more information
|
156
kube-stale-resources.py
Normal file
156
kube-stale-resources.py
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import re
|
||||||
|
import sys
|
||||||
|
|
||||||
|
import requests
|
||||||
|
import yaml
|
||||||
|
|
||||||
|
from typing import (List, Any, Dict, Tuple, IO)
|
||||||
|
K8sResourceIdentifier = Tuple[str, str, str, str]
|
||||||
|
|
||||||
|
HEADERS = {"Content-Type": "application/json"}
|
||||||
|
|
||||||
|
BLACKLIST_REGEXS = [
|
||||||
|
# Kubernetes inherent blacklist (should apply to every k8s cluster out there)
|
||||||
|
r'^.*:apps/v1:ControllerRevision:.*$',
|
||||||
|
r'^.*:apps/v1:ReplicaSet:.*$',
|
||||||
|
r'^.*:batch/v1:Job:.*-\d{10,}$', # jobs created by cron jobs with unix timestamp suffix
|
||||||
|
r'^.*:metrics.k8s.io/v1beta1:PodMetrics:.*$',
|
||||||
|
r'^.*:v1:Endpoints:.*$',
|
||||||
|
r'^.*:v1:Event:.*$',
|
||||||
|
r'^.*:v1:Pod:.*$',
|
||||||
|
r'^.*:v1:Secret:.*-token-\S{5}$', # secrets with token for service accounts
|
||||||
|
r'^.*:v1:ServiceAccount:default$',
|
||||||
|
r'^default:v1:Service:kubernetes$',
|
||||||
|
r'^kube-node-lease:.*$',
|
||||||
|
r'^kube-public:.*$',
|
||||||
|
r'^kube-system:.*$',
|
||||||
|
|
||||||
|
# GKE specific parts (should apply to every GKE-managed k8s cluster)
|
||||||
|
# '^.*:v1:ResourceQuota:gke-resource-quotas$',
|
||||||
|
# '^default:v1:LimitRange:limits$,
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def get_live_namespaced_resources(url: str) -> List[K8sResourceIdentifier]:
|
||||||
|
result = []
|
||||||
|
|
||||||
|
# merges https://kubernetes.io/docs/reference/using-api/#api-groups
|
||||||
|
|
||||||
|
# legacy API group
|
||||||
|
apiVersions = requests.get(url + '/api', headers=HEADERS).json()['versions']
|
||||||
|
for apiVersion in apiVersions:
|
||||||
|
apiResources = requests.get(url + '/api/' + apiVersion, headers=HEADERS).json()['resources']
|
||||||
|
for apiResource in apiResources:
|
||||||
|
if not ('list' in apiResource['verbs'] and apiResource['namespaced']):
|
||||||
|
continue
|
||||||
|
|
||||||
|
items = requests.get(url + '/api/' + apiVersion + '/' + apiResource['name'],
|
||||||
|
headers=HEADERS).json()['items']
|
||||||
|
for item in items:
|
||||||
|
result.append(
|
||||||
|
(item['metadata']['namespace'], apiVersion, apiResource['kind'], item['metadata']['name']))
|
||||||
|
|
||||||
|
# named API groups
|
||||||
|
apiGroups = requests.get(url + '/apis', headers=HEADERS).json()['groups']
|
||||||
|
for apiGroup in apiGroups:
|
||||||
|
|
||||||
|
apiResources = requests.get(url + '/apis/' + apiGroup['preferredVersion']['groupVersion'],
|
||||||
|
headers=HEADERS).json()['resources']
|
||||||
|
for apiResource in apiResources:
|
||||||
|
if not ('list' in apiResource['verbs'] and apiResource['namespaced']):
|
||||||
|
continue
|
||||||
|
|
||||||
|
if apiGroup['preferredVersion']['groupVersion'] == 'extensions/v1beta1' and apiResource['kind'] != 'Ingress':
|
||||||
|
# everything else in extensions/v1beta1 should be migrated to the preferred version
|
||||||
|
# except ingresses, see https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
|
||||||
|
continue
|
||||||
|
|
||||||
|
items = requests.get(url + '/apis/' + apiGroup['preferredVersion']['groupVersion'] + '/' +
|
||||||
|
apiResource['name'],
|
||||||
|
headers=HEADERS).json()['items']
|
||||||
|
for item in items:
|
||||||
|
result.append((item['metadata']['namespace'], apiGroup['preferredVersion']['groupVersion'],
|
||||||
|
apiResource['kind'], item['metadata']['name']))
|
||||||
|
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
def get_target_namespaced_resources(stream: IO) -> List[K8sResourceIdentifier]:
|
||||||
|
result = []
|
||||||
|
|
||||||
|
target_documents = list(yaml.load_all(stream, Loader=yaml.SafeLoader))
|
||||||
|
for document in target_documents:
|
||||||
|
if not document:
|
||||||
|
continue
|
||||||
|
if not 'namespace' in document['metadata']:
|
||||||
|
continue
|
||||||
|
|
||||||
|
result.append(
|
||||||
|
(document['metadata']['namespace'], document['apiVersion'], document['kind'], document['metadata']['name']))
|
||||||
|
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
def get_compact_resource_identifiers(tuples: List[K8sResourceIdentifier]) -> List[str]:
|
||||||
|
return [namespace + ':' + apiVersion + ':' + kind + ':' + name for namespace, apiVersion, kind, name in tuples]
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
parser = argparse.ArgumentParser(description='Utility to detect k8s configuration drift.')
|
||||||
|
|
||||||
|
parser.add_argument('-f',
|
||||||
|
dest='target_manifests_file',
|
||||||
|
required=True,
|
||||||
|
help='File path (or - for stdin) to read Kubernetes manifests from for target state.')
|
||||||
|
parser.add_argument('--url',
|
||||||
|
dest='k8s_apiserver_url',
|
||||||
|
default='http://localhost:8001',
|
||||||
|
help='URL of Kubernetes apiserver to retrieve live state.')
|
||||||
|
parser.add_argument('--blacklist',
|
||||||
|
dest='blacklist_file',
|
||||||
|
help='File path to read blacklist regex entries from that will be used to filter live state.')
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
blacklist_regexs = []
|
||||||
|
blacklist_regexs += BLACKLIST_REGEXS
|
||||||
|
|
||||||
|
if args.blacklist_file:
|
||||||
|
print(f'Reading blacklist file {args.blacklist_file}...')
|
||||||
|
with open(args.blacklist_file, 'r') as f:
|
||||||
|
blacklist_regexs += filter(lambda x: not re.match(r'^\s*$', x), f.read().split('\n'))
|
||||||
|
|
||||||
|
print('Retrieving target state...')
|
||||||
|
if args.target_manifests_file == '-':
|
||||||
|
target_tuples = get_target_namespaced_resources(sys.stdin)
|
||||||
|
else:
|
||||||
|
with open(args.target_manifests_file, 'r') as f:
|
||||||
|
target_tuples = get_target_namespaced_resources(f)
|
||||||
|
|
||||||
|
print(f'Retrieving live state from {args.k8s_apiserver_url}...')
|
||||||
|
raw_live_strings = get_compact_resource_identifiers(get_live_namespaced_resources(args.k8s_apiserver_url))
|
||||||
|
|
||||||
|
live_strings = list(filter(lambda s: not re.match('|'.join(blacklist_regexs), s), raw_live_strings))
|
||||||
|
|
||||||
|
starget = set(get_compact_resource_identifiers(target_tuples))
|
||||||
|
slive = set(live_strings)
|
||||||
|
|
||||||
|
print('Live dynamic configmaps that are not in target (stale):')
|
||||||
|
counter = 0
|
||||||
|
for x in sorted(list(slive - starget)):
|
||||||
|
if re.match('^.*:v1:ConfigMap:.*-[a-z0-9]{10}', x):
|
||||||
|
counter += 1
|
||||||
|
print(' ' + x)
|
||||||
|
print("..", counter, "entries")
|
||||||
|
|
||||||
|
print()
|
||||||
|
print('Live resources w/o dynamic configmaps that are not in target (stale):')
|
||||||
|
counter = 0
|
||||||
|
for x in sorted(list(slive - starget)):
|
||||||
|
if not re.match('^.*:v1:ConfigMap:.*-[a-z0-9]{10}', x):
|
||||||
|
counter += 1
|
||||||
|
print(' ' + x)
|
||||||
|
print("..", counter, "entries")
|
Loading…
Reference in New Issue
Block a user