Skip to content
/ remove-empty-ns-operator Public

A Kubernetes operator that deletes namespaces without resources

License

MIT license
18 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rgeraskin/remove-empty-ns-operator

BranchesTags

Repository files navigation

Remove Empty Namespaces Operator

A Kubernetes operator that deletes namespaces without resources.

Description

Operator iterates over all namespaced api-resources in every namespace. If there are no resources, it annotates namespace as a candidate for deletion. The namespace will be deleted after specified time interval if there will be no resources still.

So operator doesn't delete namespace instantly: first time it marks namespace and after interval operator deletes ns if it's still empty.

Installation

helm repo add remove-empty-ns-operator https://rgeraskin.github.io/remove-empty-ns-operator/
helm upgrade --install --create-namespace -n remove-empty-ns-operator remove-empty-ns-operator/remove-empty-ns-operator

Configuration

See settings in helm/values.yaml as example

interval: "18000"  # 5h
initialDelay: "300"  # 5m
ignoredResouces:
  - apiGroup: ""
    kind: ConfigMap
    nameRegExp: kube-root-ca.crt
  - apiGroup: ""
    kind: ConfigMap
    nameRegExp: werf-synchronization
  - apiGroup: ""
    kind: Secret
    nameRegExp: default-token-\w+$
  - apiGroup: ""
    kind: ServiceAccount
    nameRegExp: default
protectedNamespaces:
  - default
  - kube-public
  - kube-system
cleanupFinalizers: true
dryRun: false

  • interval - interval between namespaces check

  • initialDelay - 'grace period' before new namespace will be checked

  • ignoredResouces - namespace will be treated as empty if it contains only 'ignored resources'

  • protectedNamespaces - these namespaces will not be deleated dispite of emptiness

    Usually there is no need to add kubernetes default namespaces (default, kube-public, and kube-system) to protectedNamespaces because they have some resources inside in the most cases.

  • cleanupFinalizers - cleanup kopf finalizers from all namespaces during operator shutdown (motivation)

    If the finalizers cleanup takes longer than that in total (e.g. due to retries), the activity will not be finished in full, as the pod will be SIGKILL’ed by Kubernetes.

    So adjust the value of terminationGracePeriodSeconds if you have a lot of namespaces to cleanup.

  • dryRun - dry run mode: don't delete namespaces, just log what would be deleted

Development

  1. Prepare local dev env with mise: mise install
  2. Install pre-commit: pre-commit install
  3. Use mise tasks for common tasks
  4. Use tilt for a development process, e.g. tilt up
  5. Tests: mise run test

About

A Kubernetes operator that deletes namespaces without resources

Topics

python kubernetes operator kubernetes-operator kopf

Resources

Readme

License

MIT license
Activity

Stars

18 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages