This repository has been archived on 2023-11-25. You can view files and clone it, but cannot push or open issues or pull requests.
kreaper/README.md
2022-04-13 21:32:45 +02:00

2.3 KiB

kreaper - Kubernetes Reaper

kreaper is (yet another) Kubernetes pod reaper. It's main purpose is to delete pods matching a certain pod selector after a deadline is reached.

The testdata/ directory contains a Kubernetes manifest example how to deploy kreaper as Job that is automatically cleaned after 30s.

Configuration

kreaper only requires a few config options that are available as CLI flags or as environment variables. For the sake of simplicity environment variables are favored.

Env Flag Purpose Example Default
KREAPER_TARGET -target Target selection in the form of key=value app.kubernetes.io/name=ee8dcc4d ""
KREAPER_TARGET_NAMESPACE -target-namespace Namespace in which pods are watched and deleted my-app default
KREAPER_DRY_RUN -dry-run Skip actual deletion true false
KREAPER_LIFETIME -lifetime Duration after which all pods matching the target are deleted 30s 5m

Kubeconfig

kreaper is meant to be running within a Kubernetes cluster and therefore tries at first to read a in-cluster API config. If it fails to read the in-cluster config it tries to read the default $HOME/.kube/config file. The config file location can be modified either with the KUBECONFIG environment variable or by supplying a -kubeconfig flag.

RBAC

kreaper only needs:

  • list
  • watch
  • deletecollection

permissions for Pods in the KREAPER_TARGET_NAMESPACE. A very basic Role would look like so:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: kreaper
rules:
  - verbs:
      - list
      - watch
      - deletecollection
    apiGroups:
      - ""
    resources:
      - pods

alternatively a RoleBinding or a ClusterRoleBinding to the edit ClusterRole might be a little bit overkill but therefore also possible.