kor
kor copied to clipboard
Published
20 hours ago •
yonahd
yonahd
feat: add OpenShift exceptions
What this PR does / why we need it
This PR excludes the default resources created in basic OpenShift installations.
It also includes a fix in cmd/kor/crds.go to allow a new plural alias - kor crds.
PR Checklist
- [x] This PR adds K8s exceptions (false positives)
- [ ] This PR adds new code
- [ ] This PR includes test for any new code
Github Issue
Closes #240
Notes for your reviewers
-
In
pkg/kor/secrets.go, a new exception secret type was added -kubernetes.io/dockercfg, which is the OpenShift equivalent ofkubernetes.io/dockerconfigjson. -
This PR addresses all default namespaces that doesn't begin with
openshift-prefix. Meaning, it covers the following namespaces:openshift,default,kube-system,kube-public,kube-node-lease&assisted-installer.
Basic OpenShift installation comes with 60+ namespaces beginning with openshift- prefix, which doesn't include additional namespaces created by OpenShift operators or customized installations, that would also be created with that prefix.
As I see it, there are 3 options to address this case:
- Entirely exclude all namespaces with
openshift-prefix (flexible). - Entirely exclude all the default namespaces created in the basic installation.
- Exclude all the default resources created in the default namespaces.
@yonahd please share your thoughts, I'm leaning towards option no. (1).
Codecov Report
Attention: Patch coverage is 38.59964% with 342 lines in your changes are missing coverage. Please review.
Project coverage is 40.96%. Comparing base (
da2b1fe) to head (588aa68). Report is 14 commits behind head on main.
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@ Coverage Diff @@
## main #262 +/- ##
==========================================
- Coverage 43.37% 40.96% -2.42%
==========================================
Files 58 58
Lines 2808 2910 +102
==========================================
- Hits 1218 1192 -26
- Misses 1400 1530 +130
+ Partials 190 188 -2
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Is there anything in these openshift namespaces?
Yes, various unused resources in 30+ default openshift- namespaces.
Attaching the output of kor all, not including the exclusions listed in this PR.
OpenShift Exceptions
Unused Resources in Namespace: openshift-config-managed
+----+---------------+-----------------------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+---------------+-----------------------------------------------------+
| 1 | ConfigMap | admin-gates |
| 2 | ConfigMap | bound-sa-token-signing-certs |
| 3 | ConfigMap | console-public |
| 4 | ConfigMap | csr-controller-ca |
| 5 | ConfigMap | default-ingress-cert |
| 6 | ConfigMap | etcd-dashboard |
| 7 | ConfigMap | grafana-dashboard-apiserver-performance |
| 8 | ConfigMap | grafana-dashboard-cluster-total |
| 9 | ConfigMap | grafana-dashboard-k8s-resources-cluster |
| 10 | ConfigMap | grafana-dashboard-k8s-resources-namespace |
| 11 | ConfigMap | grafana-dashboard-k8s-resources-node |
| 12 | ConfigMap | grafana-dashboard-k8s-resources-pod |
| 13 | ConfigMap | grafana-dashboard-k8s-resources-workload |
| 14 | ConfigMap | grafana-dashboard-k8s-resources-workloads-namespace |
| 15 | ConfigMap | grafana-dashboard-namespace-by-pod |
| 16 | ConfigMap | grafana-dashboard-node-cluster-rsrc-use |
| 17 | ConfigMap | grafana-dashboard-node-rsrc-use |
| 18 | ConfigMap | grafana-dashboard-pod-total |
| 19 | ConfigMap | grafana-dashboard-prometheus |
| 20 | ConfigMap | image-registry-ca |
| 21 | ConfigMap | kube-apiserver-aggregator-client-ca |
| 22 | ConfigMap | kube-apiserver-client-ca |
| 23 | ConfigMap | kube-apiserver-server-ca |
| 24 | ConfigMap | kubelet-bootstrap-kubeconfig |
| 25 | ConfigMap | kubelet-serving-ca |
| 26 | ConfigMap | merged-trusted-image-registry-ca |
| 27 | ConfigMap | monitoring-shared-config |
| 28 | ConfigMap | node-cluster |
| 29 | ConfigMap | oauth-openshift |
| 30 | ConfigMap | oauth-serving-cert |
| 31 | ConfigMap | openshift-network-features |
| 32 | ConfigMap | release-verification |
| 33 | ConfigMap | sa-token-signing-certs |
| 34 | ConfigMap | service-ca |
| 35 | ConfigMap | signatures-managed |
| 36 | ConfigMap | trusted-ca-bundle |
| 37 | Secret | kube-controller-manager-client-cert-key |
| 38 | Secret | kube-scheduler-client-cert-key |
| 39 | Secret | router-certs |
+----+---------------+-----------------------------------------------------+
Unused Resources in Namespace: openshift-console
+---+---------------+----------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------------+
| 1 | ConfigMap | default-ingress-cert |
| 2 | ReplicaSet | console-56f45dfc75 |
| 3 | ReplicaSet | console-77c6d98d68 |
| 4 | ReplicaSet | console-967ff4f46 |
+---+---------------+----------------------+
Unused Resources in Namespace: openshift-route-controller-manager
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------------------+
| 1 | ReplicaSet | route-controller-manager-7655cc95fb |
| 2 | ReplicaSet | route-controller-manager-89866bc78 |
+---+---------------+-------------------------------------+
Unused Resources in Namespace: openshift-apiserver-operator
+---+---------------+-------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------+
| 1 | ConfigMap | trusted-ca-bundle |
+---+---------------+-------------------+
Unused Resources in Namespace: openshift-cluster-version
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------------------+
| 1 | ConfigMap | version |
| 2 | ReplicaSet | cluster-version-operator-854cc99b6c |
+---+---------------+-------------------------------------+
Unused Resources in Namespace: openshift-etcd
+----+----------------+---------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+----------------+---------------------------------+
| 1 | ConfigMap | cluster-config-v1 |
| 2 | ConfigMap | etcd-ca-bundle |
| 3 | ConfigMap | etcd-endpoints |
| 4 | ConfigMap | etcd-endpoints-2 |
| 5 | ConfigMap | etcd-endpoints-3 |
| 6 | ConfigMap | etcd-metrics-proxy-client-ca |
| 7 | ConfigMap | etcd-metrics-proxy-client-ca-2 |
| 8 | ConfigMap | etcd-metrics-proxy-client-ca-3 |
| 9 | ConfigMap | etcd-metrics-proxy-serving-ca |
| 10 | ConfigMap | etcd-metrics-proxy-serving-ca-2 |
| 11 | ConfigMap | etcd-metrics-proxy-serving-ca-3 |
| 12 | ConfigMap | etcd-peer-client-ca |
| 13 | ConfigMap | etcd-peer-client-ca-2 |
| 14 | ConfigMap | etcd-peer-client-ca-3 |
| 15 | ConfigMap | etcd-pod |
| 16 | ConfigMap | etcd-pod-2 |
| 17 | ConfigMap | etcd-pod-3 |
| 18 | ConfigMap | etcd-scripts |
| 19 | ConfigMap | etcd-serving-ca |
| 20 | ConfigMap | etcd-serving-ca-2 |
| 21 | ConfigMap | etcd-serving-ca-3 |
| 22 | ConfigMap | restore-etcd-pod |
| 23 | ConfigMap | revision-status-1 |
| 24 | ConfigMap | revision-status-2 |
| 25 | ConfigMap | revision-status-3 |
| 26 | Secret | etcd-all-certs |
| 27 | Secret | etcd-all-certs-2 |
| 28 | Secret | etcd-all-certs-3 |
| 29 | Secret | etcd-client |
| 30 | Secret | etcd-peer-doron-sno |
| 31 | Secret | etcd-serving-doron-sno |
| 32 | Secret | etcd-serving-metrics-doron-sno |
| 33 | Secret | serving-cert |
| 34 | ServiceAccount | etcd-sa |
+----+----------------+---------------------------------+
Unused Resources in Namespace: openshift-kube-apiserver
+----+---------------+------------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+---------------+------------------------------------------+
| 1 | ConfigMap | aggregator-client-ca |
| 2 | ConfigMap | bound-sa-token-signing-certs |
| 3 | ConfigMap | bound-sa-token-signing-certs-2 |
| 4 | ConfigMap | bound-sa-token-signing-certs-3 |
| 5 | ConfigMap | bound-sa-token-signing-certs-4 |
| 6 | ConfigMap | bound-sa-token-signing-certs-5 |
| 7 | ConfigMap | check-endpoints-kubeconfig |
| 8 | ConfigMap | client-ca |
| 9 | ConfigMap | config |
| 10 | ConfigMap | config-2 |
| 11 | ConfigMap | config-3 |
| 12 | ConfigMap | config-4 |
| 13 | ConfigMap | config-5 |
| 14 | ConfigMap | control-plane-node-kubeconfig |
| 15 | ConfigMap | etcd-serving-ca |
| 16 | ConfigMap | etcd-serving-ca-2 |
| 17 | ConfigMap | etcd-serving-ca-3 |
| 18 | ConfigMap | etcd-serving-ca-4 |
| 19 | ConfigMap | etcd-serving-ca-5 |
| 20 | ConfigMap | kube-apiserver-audit-policies |
| 21 | ConfigMap | kube-apiserver-audit-policies-2 |
| 22 | ConfigMap | kube-apiserver-audit-policies-3 |
| 23 | ConfigMap | kube-apiserver-audit-policies-4 |
| 24 | ConfigMap | kube-apiserver-audit-policies-5 |
| 25 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig |
| 26 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-2 |
| 27 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-3 |
| 28 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-4 |
| 29 | ConfigMap | kube-apiserver-cert-syncer-kubeconfig-5 |
| 30 | ConfigMap | kube-apiserver-pod |
| 31 | ConfigMap | kube-apiserver-pod-2 |
| 32 | ConfigMap | kube-apiserver-pod-3 |
| 33 | ConfigMap | kube-apiserver-pod-4 |
| 34 | ConfigMap | kube-apiserver-pod-5 |
| 35 | ConfigMap | kube-apiserver-server-ca |
| 36 | ConfigMap | kube-apiserver-server-ca-2 |
| 37 | ConfigMap | kube-apiserver-server-ca-3 |
| 38 | ConfigMap | kube-apiserver-server-ca-4 |
| 39 | ConfigMap | kube-apiserver-server-ca-5 |
| 40 | ConfigMap | kubelet-serving-ca |
| 41 | ConfigMap | kubelet-serving-ca-2 |
| 42 | ConfigMap | kubelet-serving-ca-3 |
| 43 | ConfigMap | kubelet-serving-ca-4 |
| 44 | ConfigMap | kubelet-serving-ca-5 |
| 45 | ConfigMap | oauth-metadata |
| 46 | ConfigMap | oauth-metadata-5 |
| 47 | ConfigMap | revision-status-1 |
| 48 | ConfigMap | revision-status-2 |
| 49 | ConfigMap | revision-status-3 |
| 50 | ConfigMap | revision-status-4 |
| 51 | ConfigMap | revision-status-5 |
| 52 | ConfigMap | sa-token-signing-certs |
| 53 | ConfigMap | sa-token-signing-certs-2 |
| 54 | ConfigMap | sa-token-signing-certs-3 |
| 55 | ConfigMap | sa-token-signing-certs-4 |
| 56 | ConfigMap | sa-token-signing-certs-5 |
| 57 | ConfigMap | trusted-ca-bundle |
| 58 | Secret | aggregator-client |
| 59 | Secret | bound-service-account-signing-key |
| 60 | Secret | check-endpoints-client-cert-key |
| 61 | Secret | control-plane-node-admin-client-cert-key |
| 62 | Secret | etcd-client |
| 63 | Secret | etcd-client-2 |
| 64 | Secret | etcd-client-3 |
| 65 | Secret | etcd-client-4 |
| 66 | Secret | etcd-client-5 |
| 67 | Secret | external-loadbalancer-serving-certkey |
| 68 | Secret | internal-loadbalancer-serving-certkey |
| 69 | Secret | kubelet-client |
| 70 | Secret | localhost-recovery-client-token-2 |
| 71 | Secret | localhost-recovery-client-token-3 |
| 72 | Secret | localhost-recovery-client-token-4 |
| 73 | Secret | localhost-recovery-client-token-5 |
| 74 | Secret | localhost-recovery-serving-certkey |
| 75 | Secret | localhost-recovery-serving-certkey-2 |
| 76 | Secret | localhost-recovery-serving-certkey-3 |
| 77 | Secret | localhost-recovery-serving-certkey-4 |
| 78 | Secret | localhost-recovery-serving-certkey-5 |
| 79 | Secret | localhost-serving-cert-certkey |
| 80 | Secret | node-kubeconfigs |
| 81 | Secret | service-network-serving-certkey |
| 82 | Secret | webhook-authenticator |
| 83 | Secret | webhook-authenticator-2 |
| 84 | Secret | webhook-authenticator-3 |
| 85 | Secret | webhook-authenticator-4 |
| 86 | Secret | webhook-authenticator-5 |
+----+---------------+------------------------------------------+
Unused Resources in Namespace: openshift-cluster-storage-operator
+---+---------------+-----------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-----------------------------------------+
| 1 | ConfigMap | csi-snapshot-controller-operator-config |
| 2 | Secret | serving-cert |
+---+---------------+-----------------------------------------+
Unused Resources in Namespace: openshift-machine-api
+----+----------------+-------------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+----------------+-------------------------------------------+
| 1 | ConfigMap | cbo-trusted-ca |
| 2 | ConfigMap | machine-api-operator |
| 3 | ConfigMap | mao-trusted-ca |
| 4 | Service | machine-api-controllers |
| 5 | Service | machine-api-operator-machine-webhook |
| 6 | Service | machine-api-operator-webhook |
| 7 | Secret | machine-api-controllers-tls |
| 8 | Secret | machine-api-operator-machine-webhook-cert |
| 9 | Secret | machine-api-operator-webhook-cert |
| 10 | Secret | master-user-data |
| 11 | Secret | master-user-data-managed |
| 12 | Secret | worker-user-data |
| 13 | Secret | worker-user-data-managed |
| 14 | ServiceAccount | machine-api-termination-handler |
+----+----------------+-------------------------------------------+
Unused Resources in Namespace: openshift-network-operator
+---+---------------+-----------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-----------------+
| 1 | ConfigMap | applied-cluster |
| 2 | ConfigMap | mtu |
+---+---------------+-----------------+
Unused Resources in Namespace: openshift-user-workload-monitoring
+---+---------------+--------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+--------------------------------------+
| 1 | Role | user-workload-monitoring-config-edit |
+---+---------------+--------------------------------------+
Unused Resources in Namespace: openshift-monitoring
+----+----------------+------------------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+----------------+------------------------------------------------+
| 1 | ConfigMap | alertmanager-trusted-ca-bundle |
| 2 | ConfigMap | prometheus-trusted-ca-bundle |
| 3 | ConfigMap | telemeter-trusted-ca-bundle |
| 4 | ConfigMap | thanos-querier-trusted-ca-bundle |
| 5 | Secret | alert-relabel-configs |
| 6 | Secret | alertmanager-main |
| 7 | Secret | grpc-tls |
| 8 | Secret | prometheus-adapter-tls |
| 9 | Secret | prometheus-k8s-additional-alertmanager-configs |
| 10 | ServiceAccount | monitoring-plugin |
| 11 | ReplicaSet | prometheus-adapter-6b4d895d78 |
+----+----------------+------------------------------------------------+
Unused Resources in Namespace: openshift-multus
+---+---------------+----------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------------------------------+
| 1 | ReplicaSet | multus-admission-controller-58bb7cd877 |
| 2 | ReplicaSet | multus-admission-controller-6dbc6c56b4 |
+---+---------------+----------------------------------------+
Unused Resources in Namespace: openshift-network-node-identity
+---+---------------+--------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+--------------------------+
| 1 | ConfigMap | network-node-identity-ca |
| 2 | Secret | network-node-identity-ca |
+---+---------------+--------------------------+
Unused Resources in Namespace: openshift-ovn-kubernetes
+---+---------------+----------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------------+
| 1 | ConfigMap | control-plane-status |
| 2 | ConfigMap | ovn-ca |
| 3 | ConfigMap | signer-ca |
| 4 | Secret | ovn-ca |
| 5 | Secret | ovn-cert |
| 6 | Secret | signer-ca |
| 7 | Secret | signer-cert |
+---+---------------+----------------------+
Unused Resources in Namespace: openshift-ingress-operator
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | Secret | router-ca |
+---+---------------+---------------+
Unused Resources in Namespace: openshift-cloud-credential-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------------------------+
| 1 | ConfigMap | cloud-credential-operator-leader |
+---+---------------+----------------------------------+
Unused Resources in Namespace: openshift-cluster-samples-operator
+---+---------------+-------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------+
| 1 | ConfigMap | imagestreamtag-to-image |
+---+---------------+-------------------------+
Unused Resources in Namespace: openshift-controller-manager
+---+---------------+-------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------------+
| 1 | ConfigMap | openshift-master-controllers |
| 2 | ConfigMap | openshift-service-ca |
| 3 | ReplicaSet | controller-manager-6f547445f7 |
| 4 | ReplicaSet | controller-manager-6fd95964d7 |
| 5 | ReplicaSet | controller-manager-c6444598d |
+---+---------------+-------------------------------+
Unused Resources in Namespace: openshift-oauth-apiserver
+---+---------------+-------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------------+
| 1 | ConfigMap | audit |
| 2 | ConfigMap | revision-status-1 |
| 3 | Secret | openshift-authenticator-certs |
| 4 | ReplicaSet | apiserver-6dd6fb6f7b |
| 5 | ReplicaSet | apiserver-9549986d6 |
+---+---------------+-------------------------------+
Unused Resources in Namespace: openshift-config
+----+---------------+-----------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+---------------+-----------------------------------------+
| 1 | ConfigMap | admin-acks |
| 2 | ConfigMap | admin-kubeconfig-client-ca |
| 3 | ConfigMap | etcd-ca-bundle |
| 4 | ConfigMap | etcd-metric-serving-ca |
| 5 | ConfigMap | etcd-serving-ca |
| 6 | ConfigMap | initial-kube-apiserver-server-ca |
| 7 | ConfigMap | openshift-install-manifests |
| 8 | Secret | etcd-client |
| 9 | Secret | etcd-metric-client |
| 10 | Secret | etcd-metric-signer |
| 11 | Secret | etcd-signer |
| 12 | Secret | initial-service-account-private-key |
| 13 | Secret | webhook-authentication-integrated-oauth |
+----+---------------+-----------------------------------------+
Unused Resources in Namespace: openshift-image-registry
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | ConfigMap | serviceca |
+---+---------------+---------------+
Unused Resources in Namespace: openshift-kube-apiserver-operator
+----+---------------+----------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+---------------+----------------------------------------+
| 1 | ConfigMap | kube-apiserver-to-kubelet-client-ca |
| 2 | ConfigMap | kube-control-plane-signer-ca |
| 3 | ConfigMap | loadbalancer-serving-ca |
| 4 | ConfigMap | localhost-recovery-serving-ca |
| 5 | ConfigMap | localhost-serving-ca |
| 6 | ConfigMap | node-system-admin-ca |
| 7 | ConfigMap | service-network-serving-ca |
| 8 | Secret | aggregator-client-signer |
| 9 | Secret | kube-apiserver-to-kubelet-signer |
| 10 | Secret | kube-control-plane-signer |
| 11 | Secret | loadbalancer-serving-signer |
| 12 | Secret | localhost-recovery-serving-signer |
| 13 | Secret | localhost-serving-signer |
| 14 | Secret | next-bound-service-account-signing-key |
| 15 | Secret | node-system-admin-client |
| 16 | Secret | node-system-admin-signer |
| 17 | Secret | service-network-serving-signer |
+----+---------------+----------------------------------------+
Unused Resources in Namespace: openshift-operator-lifecycle-manager
+---+---------------+-----------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-----------------------------+
| 1 | ConfigMap | catalog-operator-heap-4hd9f |
| 2 | ConfigMap | olm-operator-heap-8qpq7 |
| 3 | Pdb | packageserver-pdb |
| 4 | Job | collect-profiles-28583850 |
| 5 | Job | collect-profiles-28583865 |
| 6 | Job | collect-profiles-28583880 |
+---+---------------+-----------------------------+
Unused Resources in Namespace: openshift-apiserver
+---+---------------+---------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------------+
| 1 | ConfigMap | audit |
| 2 | ConfigMap | revision-status-1 |
| 3 | ReplicaSet | apiserver-c7f89cff6 |
+---+---------------+---------------------+
Unused Resources in Namespace: openshift-controller-manager-operator
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------------------+
| 1 | ConfigMap | openshift-controller-manager-images |
+---+---------------+-------------------------------------+
Unused Resources in Namespace: openshift-etcd-operator
+---+---------------+------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+------------------------+
| 1 | ConfigMap | etcd-metric-serving-ca |
| 2 | Secret | etcd-metric-client |
+---+---------------+------------------------+
Unused Resources in Namespace: openshift-machine-config-operator
+---+---------------+---------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------------------+
| 1 | ConfigMap | coreos-bootimages |
| 2 | ConfigMap | machine-config-osimageurl |
+---+---------------+---------------------------+
Unused Resources in Namespace: openshift-authentication
+---+---------------+-----------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-----------------------------+
| 1 | ConfigMap | v4-0-config-system-metadata |
| 2 | ReplicaSet | oauth-openshift-5f7bff87b6 |
| 3 | ReplicaSet | oauth-openshift-745f9cb764 |
| 4 | ReplicaSet | oauth-openshift-8497f7787b |
+---+---------------+-----------------------------+
Unused Resources in Namespace: openshift-kube-controller-manager
+----+----------------+------------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+----------------+------------------------------------------+
| 1 | ConfigMap | aggregator-client-ca |
| 2 | ConfigMap | client-ca |
| 3 | ConfigMap | cluster-policy-controller-config |
| 4 | ConfigMap | cluster-policy-controller-config-2 |
| 5 | ConfigMap | cluster-policy-controller-config-3 |
| 6 | ConfigMap | cluster-policy-controller-config-4 |
| 7 | ConfigMap | cluster-policy-controller-config-5 |
| 8 | ConfigMap | cluster-policy-controller-config-6 |
| 9 | ConfigMap | config |
| 10 | ConfigMap | config-2 |
| 11 | ConfigMap | config-3 |
| 12 | ConfigMap | config-4 |
| 13 | ConfigMap | config-5 |
| 14 | ConfigMap | config-6 |
| 15 | ConfigMap | controller-manager-kubeconfig |
| 16 | ConfigMap | controller-manager-kubeconfig-2 |
| 17 | ConfigMap | controller-manager-kubeconfig-3 |
| 18 | ConfigMap | controller-manager-kubeconfig-4 |
| 19 | ConfigMap | controller-manager-kubeconfig-5 |
| 20 | ConfigMap | controller-manager-kubeconfig-6 |
| 21 | ConfigMap | kube-controller-cert-syncer-kubeconfig |
| 22 | ConfigMap | kube-controller-cert-syncer-kubeconfig-2 |
| 23 | ConfigMap | kube-controller-cert-syncer-kubeconfig-3 |
| 24 | ConfigMap | kube-controller-cert-syncer-kubeconfig-4 |
| 25 | ConfigMap | kube-controller-cert-syncer-kubeconfig-5 |
| 26 | ConfigMap | kube-controller-cert-syncer-kubeconfig-6 |
| 27 | ConfigMap | kube-controller-manager-pod |
| 28 | ConfigMap | kube-controller-manager-pod-2 |
| 29 | ConfigMap | kube-controller-manager-pod-3 |
| 30 | ConfigMap | kube-controller-manager-pod-4 |
| 31 | ConfigMap | kube-controller-manager-pod-5 |
| 32 | ConfigMap | kube-controller-manager-pod-6 |
| 33 | ConfigMap | recycler-config |
| 34 | ConfigMap | recycler-config-2 |
| 35 | ConfigMap | recycler-config-3 |
| 36 | ConfigMap | recycler-config-4 |
| 37 | ConfigMap | recycler-config-5 |
| 38 | ConfigMap | recycler-config-6 |
| 39 | ConfigMap | revision-status-1 |
| 40 | ConfigMap | revision-status-2 |
| 41 | ConfigMap | revision-status-3 |
| 42 | ConfigMap | revision-status-4 |
| 43 | ConfigMap | revision-status-5 |
| 44 | ConfigMap | revision-status-6 |
| 45 | ConfigMap | service-ca |
| 46 | ConfigMap | service-ca-2 |
| 47 | ConfigMap | service-ca-3 |
| 48 | ConfigMap | service-ca-4 |
| 49 | ConfigMap | service-ca-5 |
| 50 | ConfigMap | service-ca-6 |
| 51 | ConfigMap | serviceaccount-ca |
| 52 | ConfigMap | serviceaccount-ca-2 |
| 53 | ConfigMap | serviceaccount-ca-3 |
| 54 | ConfigMap | serviceaccount-ca-4 |
| 55 | ConfigMap | serviceaccount-ca-5 |
| 56 | ConfigMap | serviceaccount-ca-6 |
| 57 | ConfigMap | trusted-ca-bundle |
| 58 | Secret | csr-signer |
| 59 | Secret | kube-controller-manager-client-cert-key |
| 60 | Secret | localhost-recovery-client-token-2 |
| 61 | Secret | localhost-recovery-client-token-3 |
| 62 | Secret | localhost-recovery-client-token-4 |
| 63 | Secret | localhost-recovery-client-token-5 |
| 64 | Secret | localhost-recovery-client-token-6 |
| 65 | Secret | service-account-private-key |
| 66 | Secret | service-account-private-key-2 |
| 67 | Secret | service-account-private-key-3 |
| 68 | Secret | service-account-private-key-4 |
| 69 | Secret | service-account-private-key-5 |
| 70 | Secret | service-account-private-key-6 |
| 71 | Secret | serving-cert |
| 72 | Secret | serving-cert-2 |
| 73 | Secret | serving-cert-3 |
| 74 | Secret | serving-cert-4 |
| 75 | Secret | serving-cert-5 |
| 76 | Secret | serving-cert-6 |
| 77 | ServiceAccount | kube-controller-manager-sa |
+----+----------------+------------------------------------------+
Unused Resources in Namespace: openshift-kube-scheduler
+----+---------------+-----------------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+----+---------------+-----------------------------------------+
| 1 | ConfigMap | config |
| 2 | ConfigMap | config-2 |
| 3 | ConfigMap | config-3 |
| 4 | ConfigMap | config-4 |
| 5 | ConfigMap | config-5 |
| 6 | ConfigMap | config-6 |
| 7 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig |
| 8 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-2 |
| 9 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-3 |
| 10 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-4 |
| 11 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-5 |
| 12 | ConfigMap | kube-scheduler-cert-syncer-kubeconfig-6 |
| 13 | ConfigMap | kube-scheduler-pod |
| 14 | ConfigMap | kube-scheduler-pod-2 |
| 15 | ConfigMap | kube-scheduler-pod-3 |
| 16 | ConfigMap | kube-scheduler-pod-4 |
| 17 | ConfigMap | kube-scheduler-pod-5 |
| 18 | ConfigMap | kube-scheduler-pod-6 |
| 19 | ConfigMap | revision-status-2 |
| 20 | ConfigMap | revision-status-3 |
| 21 | ConfigMap | revision-status-4 |
| 22 | ConfigMap | revision-status-5 |
| 23 | ConfigMap | revision-status-6 |
| 24 | ConfigMap | scheduler-kubeconfig |
| 25 | ConfigMap | scheduler-kubeconfig-2 |
| 26 | ConfigMap | scheduler-kubeconfig-3 |
| 27 | ConfigMap | scheduler-kubeconfig-4 |
| 28 | ConfigMap | scheduler-kubeconfig-5 |
| 29 | ConfigMap | scheduler-kubeconfig-6 |
| 30 | ConfigMap | serviceaccount-ca |
| 31 | ConfigMap | serviceaccount-ca-2 |
| 32 | ConfigMap | serviceaccount-ca-3 |
| 33 | ConfigMap | serviceaccount-ca-4 |
| 34 | ConfigMap | serviceaccount-ca-5 |
| 35 | ConfigMap | serviceaccount-ca-6 |
| 36 | Secret | kube-scheduler-client-cert-key |
| 37 | Secret | localhost-recovery-client-token-2 |
| 38 | Secret | localhost-recovery-client-token-3 |
| 39 | Secret | localhost-recovery-client-token-4 |
| 40 | Secret | localhost-recovery-client-token-5 |
| 41 | Secret | localhost-recovery-client-token-6 |
| 42 | Secret | serving-cert |
| 43 | Secret | serving-cert-2 |
| 44 | Secret | serving-cert-3 |
| 45 | Secret | serving-cert-4 |
| 46 | Secret | serving-cert-5 |
| 47 | Secret | serving-cert-6 |
+----+---------------+-----------------------------------------+
Unused Resources in Namespace: openshift-marketplace
+---+---------------+---------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------------------+
| 1 | ConfigMap | marketplace-operator-lock |
+---+---------------+---------------------------+
Unused Resources in Namespace: openshift-cloud-controller-manager
+---+---------------+----------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------+
| 1 | ConfigMap | ccm-trusted-ca |
+---+---------------+----------------+
Unused Resources in Namespace: openshift-kube-controller-manager-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+----------------------------------+
| 1 | ConfigMap | csr-controller-ca |
| 2 | ConfigMap | csr-controller-signer-ca |
| 3 | ConfigMap | csr-signer-ca |
| 4 | Secret | csr-signer |
| 5 | Secret | csr-signer-signer |
| 6 | Secret | next-service-account-private-key |
+---+---------------+----------------------------------+
Unused Resources in Namespace: openshift-console-user-settings
+---+---------------+-------------------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+-------------------------+
| 1 | ConfigMap | user-settings-kubeadmin |
+---+---------------+-------------------------+
Is there anything in these openshift namespaces?
Yes, various unused resources in 30+ default
openshift-namespaces. Attaching the output ofkor all, not including the exclusions listed in this PR.OpenShift Exceptions
Looks like we need a namespace exception for these
Is there anything in these openshift namespaces?
Yes, various unused resources in 30+ default
openshift-namespaces. Attaching the output ofkor all, not including the exclusions listed in this PR. OpenShift ExceptionsLooks like we need a namespace exception for these
We can wait for #249 to be merged and then apply that logic in this PR / new one.