| .github/workflows | ||
| deployments | ||
| reaper | ||
| scripts | ||
| testdata | ||
| .gitignore | ||
| .golangci.yml | ||
| .goreleaser.yaml | ||
| .pre-commit-config.yaml | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| README.md | ||
| renovate.json | ||
| Tiltfile | ||
kreaper - Kubernetes Reaper
kreaper is (yet another) Kubernetes pod reaper. It's main purpose is to delete pods matching a certain pod selector after a deadline is reached.
The testdata/ directory contains a Kubernetes manifest example how to deploy kreaper as Job that is automatically
cleaned after 30s.
Configuration
kreaper only requires a few config options that are available as CLI flags or as environment variables. For the sake of simplicity environment variables are favored.
| Env | Flag | Purpose | Example | Default |
|---|---|---|---|---|
| KREAPER_TARGET | -target |
Target selection in the form of key=value |
app.kubernetes.io/name=ee8dcc4d |
"" |
| KREAPER_TARGET_NAMESPACE | -target-namespace |
Namespace in which pods are watched and deleted | my-app |
default |
| KREAPER_DRY_RUN | -dry-run |
Skip actual deletion | true |
false |
| KREAPER_LIFETIME | -lifetime |
Duration after which all pods matching the target are deleted | 30s |
5m |
Kubeconfig
kreaper is meant to be running within a Kubernetes cluster and therefore tries at first to read a in-cluster API config.
If it fails to read the in-cluster config it tries to read the default $HOME/.kube/config file.
The config file location can be modified either with the KUBECONFIG environment variable or by supplying a -kubeconfig flag.
RBAC
kreaper only needs:
listwatchdeletecollection
permissions for Pods in the KREAPER_TARGET_NAMESPACE.
A very basic Role would look like so:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kreaper
rules:
- verbs:
- list
- watch
- deletecollection
apiGroups:
- ""
resources:
- pods
alternatively a RoleBinding or a ClusterRoleBinding to the edit ClusterRole might be a little bit overkill but therefore also possible.