popeye icon indicating copy to clipboard operation
popeye copied to clipboard
verified publisher icon derailed

POP-400 on (nearly) all namespaces?

Open howardjones opened this issue 3 years ago • 3 comments

Describe the bug A clear and concise description of what the bug is.

With an Azure AKS cluster running k8s 1.21.7, using my admin credentials, popeye reports almost all namespaces in the cluster as POP-400 "Used?".

To Reproduce Steps to reproduce the behavior:

  1. Run popeye against cluster

Expected behavior These namespaces all have applications running in them. I expected that to be considered a "reference" for the namespace.

Screenshots If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

  • OS: Ubuntu 20.04
  • Popeye 0.10.1
  • K8s 1.21.7

Additional context

I just re-ran to confirm, and noticed that if my default namespace is something other than 'default', that namespace doesn't get flagged, but it does if default is 'default'. With default as 'default', every namespace, including 'default' is flagged. My user can see into all these namespaces with, say, kubectl get pods -n cert-manager

howardjones avatar Jul 19 '22 11:07 howardjones

One of my namespaces has a ✅ but I don't know what makes that one different. They all have stuff running in them.

mnpenner avatar Aug 16 '22 02:08 mnpenner

Several suggestions:

  1. POP-400 should not trigger on the default service account in a namespace, because it will always exist, whether used or not.
  2. POP-400 needs to review cronjob spec for service accounts before claiming "not used"

zapman449 avatar Sep 06 '22 14:09 zapman449

What I was seeing was the Namespaces themselves. And judging by the lack of any notices for anything in them, popeye is not seeing their content.

howardjones avatar Sep 06 '22 18:09 howardjones

Fixed v0.20.0

derailed avatar Feb 17 '24 22:02 derailed