diff --git a/README.md b/README.md index 30b2ca7..dcfc889 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,54 @@ -# kreaper -A Kubernetes pod reaper +# kreaper - *K*ubernetes _Reaper_ + +_kreaper_ is (yet another) *K*ubernetes pod _reaper_. +It's main purpose is to delete pods matching a certain pod selector after a deadline is reached. + +The `testdata/` directory contains a Kubernetes manifest example how to deploy _kreaper_ as `Job` that is automatically +cleaned after 30s. + +## Configuration + +_kreaper_ only requires a few config options that are available as CLI flags or as environment variables. +For the sake of simplicity environment variables are favored. + +| Env | Flag | Purpose | Example | Default | +|--------------------------|---------------------|---------------------------------------------------------------|-----------------------------------|-----------| +| KREAPER_TARGET | `-target` | Target selection in the form of `key=value` | `app.kubernetes.io/name=ee8dcc4d` | `""` | +| KREAPER_TARGET_NAMESPACE | `-target-namespace` | Namespace in which pods are watched and deleted | `my-app` | `default` | +| KREAPER_DRY_RUN | `-dry-run` | Skip actual deletion | `true` | `false` | +| KREAPER_LIFETIME | `-lifetime` | Duration after which all pods matching the target are deleted | `30s` | `5m` | + +## Kubeconfig + +_kreaper_ is meant to be running __within__ a Kubernetes cluster and therefore tries at first to read a in-cluster API config. +If it fails to read the in-cluster config it tries to read the default `$HOME/.kube/config` file. +The config file location can be modified either with the `KUBECONFIG` environment variable or by supplying a `-kubeconfig` flag. + +## RBAC + +_kreaper_ only needs: + +- `list` +- `watch` +- `deletecollection` + +permissions for Pods in the `KREAPER_TARGET_NAMESPACE`. +A very basic `Role` would look like so: + +```yml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kreaper +rules: + - verbs: + - list + - watch + - deletecollection + apiGroups: + - "" + resources: + - pods +``` + +alternatively a `RoleBinding` or a `ClusterRoleBinding` to the `edit` `ClusterRole` might be a little bit overkill but therefore also possible. \ No newline at end of file diff --git a/main.go b/main.go index 9fac1f7..5b7d9d7 100644 --- a/main.go +++ b/main.go @@ -27,7 +27,7 @@ var ( dryRun bool logLevel *zapcore.Level kreaper = reaper.Kreaper{ - Target: lookupEnvOr[reaper.Target]("KREAPER_TARGET", "", reaper.ParseTarget), + Target: lookupEnvOr("KREAPER_TARGET", "", reaper.ParseTarget), } ) @@ -97,9 +97,9 @@ func prepareFlags() { ) if home := homedir.HomeDir(); home != "" { - flag.StringVar(&kubeconfig, "kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file") + flag.StringVar(&kubeconfig, "kubeconfig", lookupEnvOr("KUBECONFIG", filepath.Join(home, ".kube", "config"), identity[string]), "(optional) absolute path to the kubeconfig file") } else { - flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file") + flag.StringVar(&kubeconfig, "kubeconfig", lookupEnvOr("KUBECONFIG", "", identity[string]), "absolute path to the kubeconfig file") } flag.Parse() diff --git a/testdata/deployment.yaml b/testdata/deployment.yaml index eddc52f..0f93d44 100644 --- a/testdata/deployment.yaml +++ b/testdata/deployment.yaml @@ -9,7 +9,6 @@ metadata: name: kreaper-debug rules: - verbs: - - get - list - watch - deletecollection