feat: add OpenShift exceptions by doronkg · Pull Request #262 · yonahd/kor

doronkg · 2024-05-06T22:50:16Z

What this PR does / why we need it

This PR excludes the default resources created in basic OpenShift installations.
It also includes a fix in cmd/kor/crds.go to allow a new plural alias - kor crds.

PR Checklist

This PR adds K8s exceptions (false positives)
This PR adds new code
This PR includes test for any new code

Github Issue

Closes #240

Notes for your reviewers

In pkg/kor/secrets.go, a new exception secret type was added - kubernetes.io/dockercfg, which is the OpenShift equivalent of kubernetes.io/dockerconfigjson.
This PR addresses all default namespaces that doesn't begin with openshift- prefix.
Meaning, it covers the following namespaces: openshift, default, kube-system, kube-public, kube-node-lease & assisted-installer.

Basic OpenShift installation comes with 60+ namespaces beginning with openshift- prefix, which doesn't include additional namespaces created by OpenShift operators or customized installations, that would also be created with that prefix.

As I see it, there are 3 options to address this case:

Entirely exclude all namespaces with openshift- prefix (flexible).
Entirely exclude all the default namespaces created in the basic installation.
Exclude all the default resources created in the default namespaces.

@yonahd please share your thoughts, I'm leaning towards option no. (1).

codecov-commenter · 2024-05-06T23:18:25Z

Codecov Report

Attention: Patch coverage is 38.59964% with 342 lines in your changes are missing coverage. Please review.

Project coverage is 40.96%. Comparing base (da2b1fe) to head (588aa68).
Report is 14 commits behind head on main.

Files	Patch %	Lines
pkg/kor/all.go	0.00%	130 Missing ⚠️
pkg/kor/kor.go	1.23%	80 Missing ⚠️
pkg/kor/crds.go	0.00%	17 Missing ⚠️
pkg/kor/jobs.go	66.66%	7 Missing and 3 partials ⚠️
pkg/kor/clusterroles.go	62.50%	5 Missing and 1 partial ⚠️
pkg/kor/configmaps.go	62.50%	5 Missing and 1 partial ⚠️
pkg/kor/daemonsets.go	68.42%	5 Missing and 1 partial ⚠️
pkg/kor/deployments.go	66.66%	5 Missing and 1 partial ⚠️
pkg/kor/hpas.go	64.70%	5 Missing and 1 partial ⚠️
pkg/kor/ingresses.go	64.70%	5 Missing and 1 partial ⚠️
... and 13 more

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #262      +/-   ##
==========================================
- Coverage   43.37%   40.96%   -2.42%     
==========================================
  Files          58       58              
  Lines        2808     2910     +102     
==========================================
- Hits         1218     1192      -26     
- Misses       1400     1530     +130     
+ Partials      190      188       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cmd/kor/crds.go

yonahd · 2024-05-07T17:22:45Z

Is there anything in these openshift namespaces?

doronkg · 2024-05-08T15:36:07Z

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces.
Attaching the output of kor all, not including the exclusions listed in this PR.

OpenShift Exceptions

Unused Resources in Namespace: openshift-config-managed
+----+---------------+-----------------------------------------------------+
| #  | RESOURCE TYPE |                    RESOURCE NAME                    |
+----+---------------+-----------------------------------------------------+
|  1 | ConfigMap     | admin-gates                                         |
|  2 | ConfigMap     | bound-sa-token-signing-certs                        |
|  3 | ConfigMap     | console-public                                      |
|  4 | ConfigMap     | csr-controller-ca                                   |
|  5 | ConfigMap     | default-ingress-cert                                |
|  6 | ConfigMap     | etcd-dashboard                                      |
|  7 | ConfigMap     | grafana-dashboard-apiserver-performance             |
|  8 | ConfigMap     | grafana-dashboard-cluster-total                     |
|  9 | ConfigMap     | grafana-dashboard-k8s-resources-cluster             |
| 10 | ConfigMap     | grafana-dashboard-k8s-resources-namespace           |
| 11 | ConfigMap     | grafana-dashboard-k8s-resources-node                |
| 12 | ConfigMap     | grafana-dashboard-k8s-resources-pod                 |
| 13 | ConfigMap     | grafana-dashboard-k8s-resources-workload            |
| 14 | ConfigMap     | grafana-dashboard-k8s-resources-workloads-namespace |
| 15 | ConfigMap     | grafana-dashboard-namespace-by-pod                  |
| 16 | ConfigMap     | grafana-dashboard-node-cluster-rsrc-use             |
| 17 | ConfigMap     | grafana-dashboard-node-rsrc-use                     |
| 18 | ConfigMap     | grafana-dashboard-pod-total                         |
| 19 | ConfigMap     | grafana-dashboard-prometheus                        |
| 20 | ConfigMap     | image-registry-ca                                   |
| 21 | ConfigMap     | kube-apiserver-aggregator-client-ca                 |
| 22 | ConfigMap     | kube-apiserver-client-ca                            |
| 23 | ConfigMap     | kube-apiserver-server-ca                            |
| 24 | ConfigMap     | kubelet-bootstrap-kubeconfig                        |
| 25 | ConfigMap     | kubelet-serving-ca                                  |
| 26 | ConfigMap     | merged-trusted-image-registry-ca                    |
| 27 | ConfigMap     | monitoring-shared-config                            |
| 28 | ConfigMap     | node-cluster                                        |
| 29 | ConfigMap     | oauth-openshift                                     |
| 30 | ConfigMap     | oauth-serving-cert                                  |
| 31 | ConfigMap     | openshift-network-features                          |
| 32 | ConfigMap     | release-verification                                |
| 33 | ConfigMap     | sa-token-signing-certs                              |
| 34 | ConfigMap     | service-ca                                          |
| 35 | ConfigMap     | signatures-managed                                  |
| 36 | ConfigMap     | trusted-ca-bundle                                   |
| 37 | Secret        | kube-controller-manager-client-cert-key             |
| 38 | Secret        | kube-scheduler-client-cert-key                      |
| 39 | Secret        | router-certs                                        |
+----+---------------+-----------------------------------------------------+

Unused Resources in Namespace: openshift-console
+---+---------------+----------------------+
| # | RESOURCE TYPE |    RESOURCE NAME     |
+---+---------------+----------------------+
| 1 | ConfigMap     | default-ingress-cert |
| 2 | ReplicaSet    | console-56f45dfc75   |
| 3 | ReplicaSet    | console-77c6d98d68   |
| 4 | ReplicaSet    | console-967ff4f46    |
+---+---------------+----------------------+


Unused Resources in Namespace: openshift-route-controller-manager
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ReplicaSet    | route-controller-manager-7655cc95fb |
| 2 | ReplicaSet    | route-controller-manager-89866bc78  |
+---+---------------+-------------------------------------+


Unused Resources in Namespace: openshift-apiserver-operator
+---+---------------+-------------------+
| # | RESOURCE TYPE |   RESOURCE NAME   |
+---+---------------+-------------------+
| 1 | ConfigMap     | trusted-ca-bundle |
+---+---------------+-------------------+

Unused Resources in Namespace: openshift-cluster-version
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ConfigMap     | version                             |
| 2 | ReplicaSet    | cluster-version-operator-854cc99b6c |
+---+---------------+-------------------------------------+


Unused Resources in Namespace: openshift-etcd
+----+----------------+---------------------------------+
| #  | RESOURCE TYPE  |          RESOURCE NAME          |
+----+----------------+---------------------------------+
|  1 | ConfigMap      | cluster-config-v1               |
|  2 | ConfigMap      | etcd-ca-bundle                  |
|  3 | ConfigMap      | etcd-endpoints                  |
|  4 | ConfigMap      | etcd-endpoints-2                |
|  5 | ConfigMap      | etcd-endpoints-3                |
|  6 | ConfigMap      | etcd-metrics-proxy-client-ca    |
|  7 | ConfigMap      | etcd-metrics-proxy-client-ca-2  |
|  8 | ConfigMap      | etcd-metrics-proxy-client-ca-3  |
|  9 | ConfigMap      | etcd-metrics-proxy-serving-ca   |
| 10 | ConfigMap      | etcd-metrics-proxy-serving-ca-2 |
| 11 | ConfigMap      | etcd-metrics-proxy-serving-ca-3 |
| 12 | ConfigMap      | etcd-peer-client-ca             |
| 13 | ConfigMap      | etcd-peer-client-ca-2           |
| 14 | ConfigMap      | etcd-peer-client-ca-3           |
| 15 | ConfigMap      | etcd-pod                        |
| 16 | ConfigMap      | etcd-pod-2                      |
| 17 | ConfigMap      | etcd-pod-3                      |
| 18 | ConfigMap      | etcd-scripts                    |
| 19 | ConfigMap      | etcd-serving-ca                 |
| 20 | ConfigMap      | etcd-serving-ca-2               |
| 21 | ConfigMap      | etcd-serving-ca-3               |
| 22 | ConfigMap      | restore-etcd-pod                |
| 23 | ConfigMap      | revision-status-1               |
| 24 | ConfigMap      | revision-status-2               |
| 25 | ConfigMap      | revision-status-3               |
| 26 | Secret         | etcd-all-certs                  |
| 27 | Secret         | etcd-all-certs-2                |
| 28 | Secret         | etcd-all-certs-3                |
| 29 | Secret         | etcd-client                     |
| 30 | Secret         | etcd-peer-doron-sno             |
| 31 | Secret         | etcd-serving-doron-sno          |
| 32 | Secret         | etcd-serving-metrics-doron-sno  |
| 33 | Secret         | serving-cert                    |
| 34 | ServiceAccount | etcd-sa                         |
+----+----------------+---------------------------------+

Unused Resources in Namespace: openshift-kube-apiserver
+----+---------------+------------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME               |
+----+---------------+------------------------------------------+
|  1 | ConfigMap     | aggregator-client-ca                     |
|  2 | ConfigMap     | bound-sa-token-signing-certs             |
|  3 | ConfigMap     | bound-sa-token-signing-certs-2           |
|  4 | ConfigMap     | bound-sa-token-signing-certs-3           |
|  5 | ConfigMap     | bound-sa-token-signing-certs-4           |
|  6 | ConfigMap     | bound-sa-token-signing-certs-5           |
|  7 | ConfigMap     | check-endpoints-kubeconfig               |
|  8 | ConfigMap     | client-ca                                |
|  9 | ConfigMap     | config                                   |
| 10 | ConfigMap     | config-2                                 |
| 11 | ConfigMap     | config-3                                 |
| 12 | ConfigMap     | config-4                                 |
| 13 | ConfigMap     | config-5                                 |
| 14 | ConfigMap     | control-plane-node-kubeconfig            |
| 15 | ConfigMap     | etcd-serving-ca                          |
| 16 | ConfigMap     | etcd-serving-ca-2                        |
| 17 | ConfigMap     | etcd-serving-ca-3                        |
| 18 | ConfigMap     | etcd-serving-ca-4                        |
| 19 | ConfigMap     | etcd-serving-ca-5                        |
| 20 | ConfigMap     | kube-apiserver-audit-policies            |
| 21 | ConfigMap     | kube-apiserver-audit-policies-2          |
| 22 | ConfigMap     | kube-apiserver-audit-policies-3          |
| 23 | ConfigMap     | kube-apiserver-audit-policies-4          |
| 24 | ConfigMap     | kube-apiserver-audit-policies-5          |
| 25 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig    |
| 26 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-2  |
| 27 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-3  |
| 28 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-4  |
| 29 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-5  |
| 30 | ConfigMap     | kube-apiserver-pod                       |
| 31 | ConfigMap     | kube-apiserver-pod-2                     |
| 32 | ConfigMap     | kube-apiserver-pod-3                     |
| 33 | ConfigMap     | kube-apiserver-pod-4                     |
| 34 | ConfigMap     | kube-apiserver-pod-5                     |
| 35 | ConfigMap     | kube-apiserver-server-ca                 |
| 36 | ConfigMap     | kube-apiserver-server-ca-2               |
| 37 | ConfigMap     | kube-apiserver-server-ca-3               |
| 38 | ConfigMap     | kube-apiserver-server-ca-4               |
| 39 | ConfigMap     | kube-apiserver-server-ca-5               |
| 40 | ConfigMap     | kubelet-serving-ca                       |
| 41 | ConfigMap     | kubelet-serving-ca-2                     |
| 42 | ConfigMap     | kubelet-serving-ca-3                     |
| 43 | ConfigMap     | kubelet-serving-ca-4                     |
| 44 | ConfigMap     | kubelet-serving-ca-5                     |
| 45 | ConfigMap     | oauth-metadata                           |
| 46 | ConfigMap     | oauth-metadata-5                         |
| 47 | ConfigMap     | revision-status-1                        |
| 48 | ConfigMap     | revision-status-2                        |
| 49 | ConfigMap     | revision-status-3                        |
| 50 | ConfigMap     | revision-status-4                        |
| 51 | ConfigMap     | revision-status-5                        |
| 52 | ConfigMap     | sa-token-signing-certs                   |
| 53 | ConfigMap     | sa-token-signing-certs-2                 |
| 54 | ConfigMap     | sa-token-signing-certs-3                 |
| 55 | ConfigMap     | sa-token-signing-certs-4                 |
| 56 | ConfigMap     | sa-token-signing-certs-5                 |
| 57 | ConfigMap     | trusted-ca-bundle                        |
| 58 | Secret        | aggregator-client                        |
| 59 | Secret        | bound-service-account-signing-key        |
| 60 | Secret        | check-endpoints-client-cert-key          |
| 61 | Secret        | control-plane-node-admin-client-cert-key |
| 62 | Secret        | etcd-client                              |
| 63 | Secret        | etcd-client-2                            |
| 64 | Secret        | etcd-client-3                            |
| 65 | Secret        | etcd-client-4                            |
| 66 | Secret        | etcd-client-5                            |
| 67 | Secret        | external-loadbalancer-serving-certkey    |
| 68 | Secret        | internal-loadbalancer-serving-certkey    |
| 69 | Secret        | kubelet-client                           |
| 70 | Secret        | localhost-recovery-client-token-2        |
| 71 | Secret        | localhost-recovery-client-token-3        |
| 72 | Secret        | localhost-recovery-client-token-4        |
| 73 | Secret        | localhost-recovery-client-token-5        |
| 74 | Secret        | localhost-recovery-serving-certkey       |
| 75 | Secret        | localhost-recovery-serving-certkey-2     |
| 76 | Secret        | localhost-recovery-serving-certkey-3     |
| 77 | Secret        | localhost-recovery-serving-certkey-4     |
| 78 | Secret        | localhost-recovery-serving-certkey-5     |
| 79 | Secret        | localhost-serving-cert-certkey           |
| 80 | Secret        | node-kubeconfigs                         |
| 81 | Secret        | service-network-serving-certkey          |
| 82 | Secret        | webhook-authenticator                    |
| 83 | Secret        | webhook-authenticator-2                  |
| 84 | Secret        | webhook-authenticator-3                  |
| 85 | Secret        | webhook-authenticator-4                  |
| 86 | Secret        | webhook-authenticator-5                  |
+----+---------------+------------------------------------------+




Unused Resources in Namespace: openshift-cluster-storage-operator
+---+---------------+-----------------------------------------+
| # | RESOURCE TYPE |              RESOURCE NAME              |
+---+---------------+-----------------------------------------+
| 1 | ConfigMap     | csi-snapshot-controller-operator-config |
| 2 | Secret        | serving-cert                            |
+---+---------------+-----------------------------------------+



Unused Resources in Namespace: openshift-machine-api
+----+----------------+-------------------------------------------+
| #  | RESOURCE TYPE  |               RESOURCE NAME               |
+----+----------------+-------------------------------------------+
|  1 | ConfigMap      | cbo-trusted-ca                            |
|  2 | ConfigMap      | machine-api-operator                      |
|  3 | ConfigMap      | mao-trusted-ca                            |
|  4 | Service        | machine-api-controllers                   |
|  5 | Service        | machine-api-operator-machine-webhook      |
|  6 | Service        | machine-api-operator-webhook              |
|  7 | Secret         | machine-api-controllers-tls               |
|  8 | Secret         | machine-api-operator-machine-webhook-cert |
|  9 | Secret         | machine-api-operator-webhook-cert         |
| 10 | Secret         | master-user-data                          |
| 11 | Secret         | master-user-data-managed                  |
| 12 | Secret         | worker-user-data                          |
| 13 | Secret         | worker-user-data-managed                  |
| 14 | ServiceAccount | machine-api-termination-handler           |
+----+----------------+-------------------------------------------+

Unused Resources in Namespace: openshift-network-operator
+---+---------------+-----------------+
| # | RESOURCE TYPE |  RESOURCE NAME  |
+---+---------------+-----------------+
| 1 | ConfigMap     | applied-cluster |
| 2 | ConfigMap     | mtu             |
+---+---------------+-----------------+


Unused Resources in Namespace: openshift-user-workload-monitoring
+---+---------------+--------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME             |
+---+---------------+--------------------------------------+
| 1 | Role          | user-workload-monitoring-config-edit |
+---+---------------+--------------------------------------+



Unused Resources in Namespace: openshift-monitoring
+----+----------------+------------------------------------------------+
| #  | RESOURCE TYPE  |                 RESOURCE NAME                  |
+----+----------------+------------------------------------------------+
|  1 | ConfigMap      | alertmanager-trusted-ca-bundle                 |
|  2 | ConfigMap      | prometheus-trusted-ca-bundle                   |
|  3 | ConfigMap      | telemeter-trusted-ca-bundle                    |
|  4 | ConfigMap      | thanos-querier-trusted-ca-bundle               |
|  5 | Secret         | alert-relabel-configs                          |
|  6 | Secret         | alertmanager-main                              |
|  7 | Secret         | grpc-tls                                       |
|  8 | Secret         | prometheus-adapter-tls                         |
|  9 | Secret         | prometheus-k8s-additional-alertmanager-configs |
| 10 | ServiceAccount | monitoring-plugin                              |
| 11 | ReplicaSet     | prometheus-adapter-6b4d895d78                  |
+----+----------------+------------------------------------------------+

Unused Resources in Namespace: openshift-multus
+---+---------------+----------------------------------------+
| # | RESOURCE TYPE |             RESOURCE NAME              |
+---+---------------+----------------------------------------+
| 1 | ReplicaSet    | multus-admission-controller-58bb7cd877 |
| 2 | ReplicaSet    | multus-admission-controller-6dbc6c56b4 |
+---+---------------+----------------------------------------+






Unused Resources in Namespace: openshift-network-node-identity
+---+---------------+--------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME       |
+---+---------------+--------------------------+
| 1 | ConfigMap     | network-node-identity-ca |
| 2 | Secret        | network-node-identity-ca |
+---+---------------+--------------------------+

Unused Resources in Namespace: openshift-ovn-kubernetes
+---+---------------+----------------------+
| # | RESOURCE TYPE |    RESOURCE NAME     |
+---+---------------+----------------------+
| 1 | ConfigMap     | control-plane-status |
| 2 | ConfigMap     | ovn-ca               |
| 3 | ConfigMap     | signer-ca            |
| 4 | Secret        | ovn-ca               |
| 5 | Secret        | ovn-cert             |
| 6 | Secret        | signer-ca            |
| 7 | Secret        | signer-cert          |
+---+---------------+----------------------+

Unused Resources in Namespace: openshift-ingress-operator
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | Secret        | router-ca     |
+---+---------------+---------------+

Unused Resources in Namespace: openshift-cloud-credential-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE |          RESOURCE NAME           |
+---+---------------+----------------------------------+
| 1 | ConfigMap     | cloud-credential-operator-leader |
+---+---------------+----------------------------------+


Unused Resources in Namespace: openshift-cluster-samples-operator
+---+---------------+-------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME      |
+---+---------------+-------------------------+
| 1 | ConfigMap     | imagestreamtag-to-image |
+---+---------------+-------------------------+


Unused Resources in Namespace: openshift-controller-manager
+---+---------------+-------------------------------+
| # | RESOURCE TYPE |         RESOURCE NAME         |
+---+---------------+-------------------------------+
| 1 | ConfigMap     | openshift-master-controllers  |
| 2 | ConfigMap     | openshift-service-ca          |
| 3 | ReplicaSet    | controller-manager-6f547445f7 |
| 4 | ReplicaSet    | controller-manager-6fd95964d7 |
| 5 | ReplicaSet    | controller-manager-c6444598d  |
+---+---------------+-------------------------------+

Unused Resources in Namespace: openshift-oauth-apiserver
+---+---------------+-------------------------------+
| # | RESOURCE TYPE |         RESOURCE NAME         |
+---+---------------+-------------------------------+
| 1 | ConfigMap     | audit                         |
| 2 | ConfigMap     | revision-status-1             |
| 3 | Secret        | openshift-authenticator-certs |
| 4 | ReplicaSet    | apiserver-6dd6fb6f7b          |
| 5 | ReplicaSet    | apiserver-9549986d6           |
+---+---------------+-------------------------------+


Unused Resources in Namespace: openshift-config
+----+---------------+-----------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME              |
+----+---------------+-----------------------------------------+
|  1 | ConfigMap     | admin-acks                              |
|  2 | ConfigMap     | admin-kubeconfig-client-ca              |
|  3 | ConfigMap     | etcd-ca-bundle                          |
|  4 | ConfigMap     | etcd-metric-serving-ca                  |
|  5 | ConfigMap     | etcd-serving-ca                         |
|  6 | ConfigMap     | initial-kube-apiserver-server-ca        |
|  7 | ConfigMap     | openshift-install-manifests             |
|  8 | Secret        | etcd-client                             |
|  9 | Secret        | etcd-metric-client                      |
| 10 | Secret        | etcd-metric-signer                      |
| 11 | Secret        | etcd-signer                             |
| 12 | Secret        | initial-service-account-private-key     |
| 13 | Secret        | webhook-authentication-integrated-oauth |
+----+---------------+-----------------------------------------+

Unused Resources in Namespace: openshift-image-registry
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | ConfigMap     | serviceca     |
+---+---------------+---------------+



Unused Resources in Namespace: openshift-kube-apiserver-operator
+----+---------------+----------------------------------------+
| #  | RESOURCE TYPE |             RESOURCE NAME              |
+----+---------------+----------------------------------------+
|  1 | ConfigMap     | kube-apiserver-to-kubelet-client-ca    |
|  2 | ConfigMap     | kube-control-plane-signer-ca           |
|  3 | ConfigMap     | loadbalancer-serving-ca                |
|  4 | ConfigMap     | localhost-recovery-serving-ca          |
|  5 | ConfigMap     | localhost-serving-ca                   |
|  6 | ConfigMap     | node-system-admin-ca                   |
|  7 | ConfigMap     | service-network-serving-ca             |
|  8 | Secret        | aggregator-client-signer               |
|  9 | Secret        | kube-apiserver-to-kubelet-signer       |
| 10 | Secret        | kube-control-plane-signer              |
| 11 | Secret        | loadbalancer-serving-signer            |
| 12 | Secret        | localhost-recovery-serving-signer      |
| 13 | Secret        | localhost-serving-signer               |
| 14 | Secret        | next-bound-service-account-signing-key |
| 15 | Secret        | node-system-admin-client               |
| 16 | Secret        | node-system-admin-signer               |
| 17 | Secret        | service-network-serving-signer         |
+----+---------------+----------------------------------------+


Unused Resources in Namespace: openshift-operator-lifecycle-manager
+---+---------------+-----------------------------+
| # | RESOURCE TYPE |        RESOURCE NAME        |
+---+---------------+-----------------------------+
| 1 | ConfigMap     | catalog-operator-heap-4hd9f |
| 2 | ConfigMap     | olm-operator-heap-8qpq7     |
| 3 | Pdb           | packageserver-pdb           |
| 4 | Job           | collect-profiles-28583850   |
| 5 | Job           | collect-profiles-28583865   |
| 6 | Job           | collect-profiles-28583880   |
+---+---------------+-----------------------------+



Unused Resources in Namespace: openshift-apiserver
+---+---------------+---------------------+
| # | RESOURCE TYPE |    RESOURCE NAME    |
+---+---------------+---------------------+
| 1 | ConfigMap     | audit               |
| 2 | ConfigMap     | revision-status-1   |
| 3 | ReplicaSet    | apiserver-c7f89cff6 |
+---+---------------+---------------------+


Unused Resources in Namespace: openshift-controller-manager-operator
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ConfigMap     | openshift-controller-manager-images |
+---+---------------+-------------------------------------+

Unused Resources in Namespace: openshift-etcd-operator
+---+---------------+------------------------+
| # | RESOURCE TYPE |     RESOURCE NAME      |
+---+---------------+------------------------+
| 1 | ConfigMap     | etcd-metric-serving-ca |
| 2 | Secret        | etcd-metric-client     |
+---+---------------+------------------------+

Unused Resources in Namespace: openshift-machine-config-operator
+---+---------------+---------------------------+
| # | RESOURCE TYPE |       RESOURCE NAME       |
+---+---------------+---------------------------+
| 1 | ConfigMap     | coreos-bootimages         |
| 2 | ConfigMap     | machine-config-osimageurl |
+---+---------------+---------------------------+


Unused Resources in Namespace: openshift-authentication
+---+---------------+-----------------------------+
| # | RESOURCE TYPE |        RESOURCE NAME        |
+---+---------------+-----------------------------+
| 1 | ConfigMap     | v4-0-config-system-metadata |
| 2 | ReplicaSet    | oauth-openshift-5f7bff87b6  |
| 3 | ReplicaSet    | oauth-openshift-745f9cb764  |
| 4 | ReplicaSet    | oauth-openshift-8497f7787b  |
+---+---------------+-----------------------------+

Unused Resources in Namespace: openshift-kube-controller-manager
+----+----------------+------------------------------------------+
| #  | RESOURCE TYPE  |              RESOURCE NAME               |
+----+----------------+------------------------------------------+
|  1 | ConfigMap      | aggregator-client-ca                     |
|  2 | ConfigMap      | client-ca                                |
|  3 | ConfigMap      | cluster-policy-controller-config         |
|  4 | ConfigMap      | cluster-policy-controller-config-2       |
|  5 | ConfigMap      | cluster-policy-controller-config-3       |
|  6 | ConfigMap      | cluster-policy-controller-config-4       |
|  7 | ConfigMap      | cluster-policy-controller-config-5       |
|  8 | ConfigMap      | cluster-policy-controller-config-6       |
|  9 | ConfigMap      | config                                   |
| 10 | ConfigMap      | config-2                                 |
| 11 | ConfigMap      | config-3                                 |
| 12 | ConfigMap      | config-4                                 |
| 13 | ConfigMap      | config-5                                 |
| 14 | ConfigMap      | config-6                                 |
| 15 | ConfigMap      | controller-manager-kubeconfig            |
| 16 | ConfigMap      | controller-manager-kubeconfig-2          |
| 17 | ConfigMap      | controller-manager-kubeconfig-3          |
| 18 | ConfigMap      | controller-manager-kubeconfig-4          |
| 19 | ConfigMap      | controller-manager-kubeconfig-5          |
| 20 | ConfigMap      | controller-manager-kubeconfig-6          |
| 21 | ConfigMap      | kube-controller-cert-syncer-kubeconfig   |
| 22 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-2 |
| 23 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-3 |
| 24 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-4 |
| 25 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-5 |
| 26 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-6 |
| 27 | ConfigMap      | kube-controller-manager-pod              |
| 28 | ConfigMap      | kube-controller-manager-pod-2            |
| 29 | ConfigMap      | kube-controller-manager-pod-3            |
| 30 | ConfigMap      | kube-controller-manager-pod-4            |
| 31 | ConfigMap      | kube-controller-manager-pod-5            |
| 32 | ConfigMap      | kube-controller-manager-pod-6            |
| 33 | ConfigMap      | recycler-config                          |
| 34 | ConfigMap      | recycler-config-2                        |
| 35 | ConfigMap      | recycler-config-3                        |
| 36 | ConfigMap      | recycler-config-4                        |
| 37 | ConfigMap      | recycler-config-5                        |
| 38 | ConfigMap      | recycler-config-6                        |
| 39 | ConfigMap      | revision-status-1                        |
| 40 | ConfigMap      | revision-status-2                        |
| 41 | ConfigMap      | revision-status-3                        |
| 42 | ConfigMap      | revision-status-4                        |
| 43 | ConfigMap      | revision-status-5                        |
| 44 | ConfigMap      | revision-status-6                        |
| 45 | ConfigMap      | service-ca                               |
| 46 | ConfigMap      | service-ca-2                             |
| 47 | ConfigMap      | service-ca-3                             |
| 48 | ConfigMap      | service-ca-4                             |
| 49 | ConfigMap      | service-ca-5                             |
| 50 | ConfigMap      | service-ca-6                             |
| 51 | ConfigMap      | serviceaccount-ca                        |
| 52 | ConfigMap      | serviceaccount-ca-2                      |
| 53 | ConfigMap      | serviceaccount-ca-3                      |
| 54 | ConfigMap      | serviceaccount-ca-4                      |
| 55 | ConfigMap      | serviceaccount-ca-5                      |
| 56 | ConfigMap      | serviceaccount-ca-6                      |
| 57 | ConfigMap      | trusted-ca-bundle                        |
| 58 | Secret         | csr-signer                               |
| 59 | Secret         | kube-controller-manager-client-cert-key  |
| 60 | Secret         | localhost-recovery-client-token-2        |
| 61 | Secret         | localhost-recovery-client-token-3        |
| 62 | Secret         | localhost-recovery-client-token-4        |
| 63 | Secret         | localhost-recovery-client-token-5        |
| 64 | Secret         | localhost-recovery-client-token-6        |
| 65 | Secret         | service-account-private-key              |
| 66 | Secret         | service-account-private-key-2            |
| 67 | Secret         | service-account-private-key-3            |
| 68 | Secret         | service-account-private-key-4            |
| 69 | Secret         | service-account-private-key-5            |
| 70 | Secret         | service-account-private-key-6            |
| 71 | Secret         | serving-cert                             |
| 72 | Secret         | serving-cert-2                           |
| 73 | Secret         | serving-cert-3                           |
| 74 | Secret         | serving-cert-4                           |
| 75 | Secret         | serving-cert-5                           |
| 76 | Secret         | serving-cert-6                           |
| 77 | ServiceAccount | kube-controller-manager-sa               |
+----+----------------+------------------------------------------+

Unused Resources in Namespace: openshift-kube-scheduler
+----+---------------+-----------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME              |
+----+---------------+-----------------------------------------+
|  1 | ConfigMap     | config                                  |
|  2 | ConfigMap     | config-2                                |
|  3 | ConfigMap     | config-3                                |
|  4 | ConfigMap     | config-4                                |
|  5 | ConfigMap     | config-5                                |
|  6 | ConfigMap     | config-6                                |
|  7 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig   |
|  8 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-2 |
|  9 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-3 |
| 10 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-4 |
| 11 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-5 |
| 12 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-6 |
| 13 | ConfigMap     | kube-scheduler-pod                      |
| 14 | ConfigMap     | kube-scheduler-pod-2                    |
| 15 | ConfigMap     | kube-scheduler-pod-3                    |
| 16 | ConfigMap     | kube-scheduler-pod-4                    |
| 17 | ConfigMap     | kube-scheduler-pod-5                    |
| 18 | ConfigMap     | kube-scheduler-pod-6                    |
| 19 | ConfigMap     | revision-status-2                       |
| 20 | ConfigMap     | revision-status-3                       |
| 21 | ConfigMap     | revision-status-4                       |
| 22 | ConfigMap     | revision-status-5                       |
| 23 | ConfigMap     | revision-status-6                       |
| 24 | ConfigMap     | scheduler-kubeconfig                    |
| 25 | ConfigMap     | scheduler-kubeconfig-2                  |
| 26 | ConfigMap     | scheduler-kubeconfig-3                  |
| 27 | ConfigMap     | scheduler-kubeconfig-4                  |
| 28 | ConfigMap     | scheduler-kubeconfig-5                  |
| 29 | ConfigMap     | scheduler-kubeconfig-6                  |
| 30 | ConfigMap     | serviceaccount-ca                       |
| 31 | ConfigMap     | serviceaccount-ca-2                     |
| 32 | ConfigMap     | serviceaccount-ca-3                     |
| 33 | ConfigMap     | serviceaccount-ca-4                     |
| 34 | ConfigMap     | serviceaccount-ca-5                     |
| 35 | ConfigMap     | serviceaccount-ca-6                     |
| 36 | Secret        | kube-scheduler-client-cert-key          |
| 37 | Secret        | localhost-recovery-client-token-2       |
| 38 | Secret        | localhost-recovery-client-token-3       |
| 39 | Secret        | localhost-recovery-client-token-4       |
| 40 | Secret        | localhost-recovery-client-token-5       |
| 41 | Secret        | localhost-recovery-client-token-6       |
| 42 | Secret        | serving-cert                            |
| 43 | Secret        | serving-cert-2                          |
| 44 | Secret        | serving-cert-3                          |
| 45 | Secret        | serving-cert-4                          |
| 46 | Secret        | serving-cert-5                          |
| 47 | Secret        | serving-cert-6                          |
+----+---------------+-----------------------------------------+

Unused Resources in Namespace: openshift-marketplace
+---+---------------+---------------------------+
| # | RESOURCE TYPE |       RESOURCE NAME       |
+---+---------------+---------------------------+
| 1 | ConfigMap     | marketplace-operator-lock |
+---+---------------+---------------------------+





Unused Resources in Namespace: openshift-cloud-controller-manager
+---+---------------+----------------+
| # | RESOURCE TYPE | RESOURCE NAME  |
+---+---------------+----------------+
| 1 | ConfigMap     | ccm-trusted-ca |
+---+---------------+----------------+

Unused Resources in Namespace: openshift-kube-controller-manager-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE |          RESOURCE NAME           |
+---+---------------+----------------------------------+
| 1 | ConfigMap     | csr-controller-ca                |
| 2 | ConfigMap     | csr-controller-signer-ca         |
| 3 | ConfigMap     | csr-signer-ca                    |
| 4 | Secret        | csr-signer                       |
| 5 | Secret        | csr-signer-signer                |
| 6 | Secret        | next-service-account-private-key |
+---+---------------+----------------------------------+



Unused Resources in Namespace: openshift-console-user-settings
+---+---------------+-------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME      |
+---+---------------+-------------------------+
| 1 | ConfigMap     | user-settings-kubeadmin |
+---+---------------+-------------------------+

yonahd · 2024-05-08T19:26:20Z

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces. Attaching the output of kor all, not including the exclusions listed in this PR.

OpenShift Exceptions

Looks like we need a namespace exception for these

doronkg · 2024-05-09T13:29:48Z

Is there anything in these openshift namespaces?

Yes, various unused resources in 30+ default openshift- namespaces. Attaching the output of kor all, not including the exclusions listed in this PR.
OpenShift Exceptions

Looks like we need a namespace exception for these

We can wait for #249 to be merged and then apply that logic in this PR / new one.

* feat: allow grouping options for output * docs: group by flag usage and examples

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…gement (yonahd#265) * feat(helm): add additional labels to Helm chart Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * feat(helm): add labels to pod Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * feat(helm): introduce default value for additionalLabels Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * chore(helm): bump chart version Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * chore(docs): run helm-docs Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * feat(helm): add labels to jobTemplate Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> * fix typo Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> * chore(helm): bump AppVersion Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> --------- Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl> Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

…d#274) Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/fatih/color/releases) - [Commits](fatih/color@v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/fatih/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

yonahd#275) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.30.0 to 0.30.1. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(formatOutput): fix spacing between tables * fix * refactor * refactor --------- Co-authored-by: Phil Brocker <phil.brocker@gmail.com>

* feat: added clusterroles * feat: added k3s configmaps * feat: added k3s crds * feat: added k3s secrets * feat: added k3s StorageClass * feat: added job resource exceptions * feat: added job exceptions * fix: importing embed

Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl>

* Update PR template * Add docs checkbox

* docs: add values.yaml descriptions to README.md * docs: updated chart version in readme * Update charts/kor/Chart.yaml Co-authored-by: Yonah Dissen <47282577+yonahd@users.noreply.github.com> * docs: updated chart description in readme --------- Co-authored-by: Yonah Dissen <47282577+yonahd@users.noreply.github.com>

* Feat: add failed jobs as unused * Update jobs.go * add tests * Update jobs in readme * Update jobs.go * Update jobs_test.go * Fix test * Update jobs_test.go * Update jobs_test.go * Update jobs_test.go * Update jobs_test.go * fix CR * Update jobs_test.go

doronkg · 2024-05-23T17:24:08Z

Merge hell. Closing this PR and re-submitting.

doronkg added 2 commits May 7, 2024 01:27

Add OpenShift exceptions

023761a

Expect openshift-service-ca.crt as volume CM in configmaps_test.go

8aafbb9

Support -e as shortened flag for --exclude-namespaces (yonahd#261)

97d3873

yonahd reviewed May 7, 2024

View reviewed changes

cmd/kor/crds.go Outdated Show resolved Hide resolved

doronkg and others added 2 commits May 7, 2024 10:31

Revert "crds" alias

6ef91d7

Add Kind exceptions (yonahd#263)

0f0a46b

cecobask and others added 6 commits May 12, 2024 08:50

feat: allow grouping options for output (yonahd#256)

6a391d3

* feat: allow grouping options for output * docs: group by flag usage and examples

fix(formatOutput): fix spacing between tables (yonahd#269)

d96d172

* fix(formatOutput): fix spacing between tables * fix * refactor * refactor --------- Co-authored-by: Phil Brocker <phil.brocker@gmail.com>

doronkg mentioned this pull request May 19, 2024

feat: add K3S exceptions #270

Merged

3 tasks

Itaykal and others added 8 commits May 20, 2024 16:44

feat: add K3S exceptions (yonahd#270)

710239d

* feat: added clusterroles * feat: added k3s configmaps * feat: added k3s crds * feat: added k3s secrets * feat: added k3s StorageClass * feat: added job resource exceptions * feat: added job exceptions * fix: importing embed

chore(charts): run helm-docs (yonahd#280)

d322899

Signed-off-by: Mahdi <mahdi.azari@debijenkorf.nl>

chore(pull_request_template): Update PR template (yonahd#282)

cb83e0c

* Update PR template * Add docs checkbox

Add OpenShift exceptions

7b5baa0

Expect openshift-service-ca.crt as volume CM in configmaps_test.go

5366f1d

rebase main

588aa68

doronkg closed this May 23, 2024

doronkg deleted the openshift-exclusions branch June 18, 2024 18:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add OpenShift exceptions#262

feat: add OpenShift exceptions#262
doronkg wants to merge 19 commits intoyonahd:mainfrom
doronkg:openshift-exclusions

doronkg commented May 6, 2024

Uh oh!

codecov-commenter commented May 6, 2024 •

edited

Loading

Uh oh!

Uh oh!

yonahd commented May 7, 2024

Uh oh!

doronkg commented May 8, 2024 •

edited

Loading

Uh oh!

yonahd commented May 8, 2024

Uh oh!

doronkg commented May 9, 2024

Uh oh!

doronkg commented May 23, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Conversation

doronkg commented May 6, 2024

What this PR does / why we need it

PR Checklist

Github Issue

Notes for your reviewers

Uh oh!

codecov-commenter commented May 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

yonahd commented May 7, 2024

Uh oh!

doronkg commented May 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

yonahd commented May 8, 2024

Uh oh!

doronkg commented May 9, 2024

Uh oh!

doronkg commented May 23, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

codecov-commenter commented May 6, 2024 •

edited

Loading

doronkg commented May 8, 2024 •

edited

Loading