# kreaper - *K*ubernetes _Reaper_ [![Go Report Card](https://goreportcard.com/badge/code.icb4dc0.de/prskr/kreaper)](https://goreportcard.com/report/code.icb4dc0.de/prskr/kreaper) _kreaper_ is (yet another) *K*ubernetes pod _reaper_. It's main purpose is to delete pods matching a certain pod selector after a deadline is reached. The `testdata/` directory contains a Kubernetes manifest example how to deploy _kreaper_ as `Job` that is automatically cleaned after 30s. ## Configuration _kreaper_ only requires a few config options that are available as CLI flags or as environment variables. For the sake of simplicity environment variables are favored. | Env | Flag | Purpose | Example | Default | |--------------------------|---------------------|---------------------------------------------------------------|-----------------------------------|-----------| | KREAPER_TARGET | `-target` | Target selection in the form of `key=value` | `app.kubernetes.io/name=ee8dcc4d` | `""` | | KREAPER_TARGET_NAMESPACE | `-target-namespace` | Namespace in which pods are watched and deleted | `my-app` | `default` | | KREAPER_DRY_RUN | `-dry-run` | Skip actual deletion | `true` | `false` | | KREAPER_LIFETIME | `-lifetime` | Duration after which all pods matching the target are deleted | `30s` | `5m` | ## Kubeconfig _kreaper_ is meant to be running __within__ a Kubernetes cluster and therefore tries at first to read a in-cluster API config. If it fails to read the in-cluster config it tries to read the default `$HOME/.kube/config` file. The config file location can be modified either with the `KUBECONFIG` environment variable or by supplying a `-kubeconfig` flag. ## RBAC _kreaper_ only needs: - `list` - `watch` - `deletecollection` permissions for Pods in the `KREAPER_TARGET_NAMESPACE`. A very basic `Role` would look like so: ```yml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kreaper rules: - verbs: - list - watch - deletecollection apiGroups: - "" resources: - pods ``` alternatively a `RoleBinding` or a `ClusterRoleBinding` to the `edit` `ClusterRole` might be a little bit overkill but therefore also possible.