Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add OpenShift exceptions #284

Closed
wants to merge 7 commits into from
Closed

feat: add OpenShift exceptions #284

wants to merge 7 commits into from

Conversation

doronkg
Copy link
Contributor

@doronkg doronkg commented May 23, 2024

What this PR does / why we need it

This PR excludes the default resources created in basic OpenShift installations.

PR Checklist

  • This PR adds K8s exceptions (false positives)
  • This PR adds new code
  • This PR includes test for any new code

GitHub Issue

Closes #240

Notes for your reviewers

  • In pkg/kor/secrets.go, a new exception secret type was added - kubernetes.io/dockercfg, which is the OpenShift equivalent of kubernetes.io/dockerconfigjson.

  • This PR addresses all default namespaces that doesn't begin with openshift- prefix.
    Meaning, it covers the following namespaces: openshift, default, kube-system, kube-public, kube-node-lease & assisted-installer.

Basic OpenShift installation comes with 60+ namespaces beginning with openshift- prefix, which doesn't include additional namespaces created by OpenShift operators or customized installations, that would also be created with that prefix.

As I see it, there are 3 options to address this case:

  1. Entirely exclude all namespaces with openshift- prefix (flexible).
  2. Entirely exclude all the default namespaces created in the basic installation.
  3. Exclude all the default resources created in the default namespaces.

@yonahd please share your thoughts, I'm leaning towards option no. (1).

pbr0ck3r and others added 7 commits May 19, 2024 19:56
@pbr0ck3r
fix(formatOutput): fix spacing between tables (yonahd#269)
d96d172 
* fix(formatOutput): fix spacing between tables

* fix

* refactor

* refactor

---------

Co-authored-by: Phil Brocker <[email protected]>
@Itaykal
feat: add K3S exceptions (yonahd#270)
710239d 
* feat: added clusterroles

* feat: added k3s configmaps

* feat: added k3s crds

* feat: added k3s secrets

* feat: added k3s StorageClass

* feat: added job resource exceptions

* feat: added job exceptions

* fix: importing embed
@matazr
chore(charts): run helm-docs (yonahd#280)
d322899 
Signed-off-by: Mahdi <[email protected]>
@doronkg
chore(pull_request_template): Update PR template (yonahd#282)
cb83e0c 
* Update PR template

* Add docs checkbox
@kvanzuijlen @yonahd
docs: add values.yaml descriptions to README.md (yonahd#281)
7f35c0a 
* docs: add values.yaml descriptions to README.md

* docs: updated chart version in readme

* Update charts/kor/Chart.yaml

Co-authored-by: Yonah Dissen <[email protected]>

* docs: updated chart description in readme

---------

Co-authored-by: Yonah Dissen <[email protected]>
@yonahd
Feat: add failed jobs as unused (yonahd#283)
852a6f9 
* Feat: add failed jobs as unused

* Update jobs.go

* add tests

* Update jobs in readme

* Update jobs.go

* Update jobs_test.go

* Fix test

* Update jobs_test.go

* Update jobs_test.go

* Update jobs_test.go

* Update jobs_test.go

* fix CR

* Update jobs_test.go
@doronkg
Add OpenShift exceptions
bd207f9
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 40.96%. Comparing base (852a6f9) to head (bd207f9).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #284   +/-   ##
=======================================
  Coverage   40.96%   40.96%           
=======================================
  Files          58       58           
  Lines        2910     2910           
=======================================
  Hits         1192     1192           
  Misses       1530     1530           
  Partials      188      188

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@doronkg
Copy link
Contributor Author

doronkg commented May 23, 2024

Basic OpenShift installation comes with 60+ namespaces beginning with openshift- prefix, which doesn't include additional namespaces created by OpenShift operators or customized installations, that would also be created with that prefix.

There are various unused resources in 30+ default openshift- namespaces.
Attaching the output of kor all, not including the exclusions listed in this PR.

OpenShift Exceptions 
Unused Resources in Namespace: openshift-config-managed
+----+---------------+-----------------------------------------------------+
| #  | RESOURCE TYPE |                    RESOURCE NAME                    |
+----+---------------+-----------------------------------------------------+
|  1 | ConfigMap     | admin-gates                                         |
|  2 | ConfigMap     | bound-sa-token-signing-certs                        |
|  3 | ConfigMap     | console-public                                      |
|  4 | ConfigMap     | csr-controller-ca                                   |
|  5 | ConfigMap     | default-ingress-cert                                |
|  6 | ConfigMap     | etcd-dashboard                                      |
|  7 | ConfigMap     | grafana-dashboard-apiserver-performance             |
|  8 | ConfigMap     | grafana-dashboard-cluster-total                     |
|  9 | ConfigMap     | grafana-dashboard-k8s-resources-cluster             |
| 10 | ConfigMap     | grafana-dashboard-k8s-resources-namespace           |
| 11 | ConfigMap     | grafana-dashboard-k8s-resources-node                |
| 12 | ConfigMap     | grafana-dashboard-k8s-resources-pod                 |
| 13 | ConfigMap     | grafana-dashboard-k8s-resources-workload            |
| 14 | ConfigMap     | grafana-dashboard-k8s-resources-workloads-namespace |
| 15 | ConfigMap     | grafana-dashboard-namespace-by-pod                  |
| 16 | ConfigMap     | grafana-dashboard-node-cluster-rsrc-use             |
| 17 | ConfigMap     | grafana-dashboard-node-rsrc-use                     |
| 18 | ConfigMap     | grafana-dashboard-pod-total                         |
| 19 | ConfigMap     | grafana-dashboard-prometheus                        |
| 20 | ConfigMap     | image-registry-ca                                   |
| 21 | ConfigMap     | kube-apiserver-aggregator-client-ca                 |
| 22 | ConfigMap     | kube-apiserver-client-ca                            |
| 23 | ConfigMap     | kube-apiserver-server-ca                            |
| 24 | ConfigMap     | kubelet-bootstrap-kubeconfig                        |
| 25 | ConfigMap     | kubelet-serving-ca                                  |
| 26 | ConfigMap     | merged-trusted-image-registry-ca                    |
| 27 | ConfigMap     | monitoring-shared-config                            |
| 28 | ConfigMap     | node-cluster                                        |
| 29 | ConfigMap     | oauth-openshift                                     |
| 30 | ConfigMap     | oauth-serving-cert                                  |
| 31 | ConfigMap     | openshift-network-features                          |
| 32 | ConfigMap     | release-verification                                |
| 33 | ConfigMap     | sa-token-signing-certs                              |
| 34 | ConfigMap     | service-ca                                          |
| 35 | ConfigMap     | signatures-managed                                  |
| 36 | ConfigMap     | trusted-ca-bundle                                   |
| 37 | Secret        | kube-controller-manager-client-cert-key             |
| 38 | Secret        | kube-scheduler-client-cert-key                      |
| 39 | Secret        | router-certs                                        |
+----+---------------+-----------------------------------------------------+

Unused Resources in Namespace: openshift-console
+---+---------------+----------------------+
| # | RESOURCE TYPE |    RESOURCE NAME     |
+---+---------------+----------------------+
| 1 | ConfigMap     | default-ingress-cert |
| 2 | ReplicaSet    | console-56f45dfc75   |
| 3 | ReplicaSet    | console-77c6d98d68   |
| 4 | ReplicaSet    | console-967ff4f46    |
+---+---------------+----------------------+


Unused Resources in Namespace: openshift-route-controller-manager
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ReplicaSet    | route-controller-manager-7655cc95fb |
| 2 | ReplicaSet    | route-controller-manager-89866bc78  |
+---+---------------+-------------------------------------+


Unused Resources in Namespace: openshift-apiserver-operator
+---+---------------+-------------------+
| # | RESOURCE TYPE |   RESOURCE NAME   |
+---+---------------+-------------------+
| 1 | ConfigMap     | trusted-ca-bundle |
+---+---------------+-------------------+

Unused Resources in Namespace: openshift-cluster-version
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ConfigMap     | version                             |
| 2 | ReplicaSet    | cluster-version-operator-854cc99b6c |
+---+---------------+-------------------------------------+


Unused Resources in Namespace: openshift-etcd
+----+----------------+---------------------------------+
| #  | RESOURCE TYPE  |          RESOURCE NAME          |
+----+----------------+---------------------------------+
|  1 | ConfigMap      | cluster-config-v1               |
|  2 | ConfigMap      | etcd-ca-bundle                  |
|  3 | ConfigMap      | etcd-endpoints                  |
|  4 | ConfigMap      | etcd-endpoints-2                |
|  5 | ConfigMap      | etcd-endpoints-3                |
|  6 | ConfigMap      | etcd-metrics-proxy-client-ca    |
|  7 | ConfigMap      | etcd-metrics-proxy-client-ca-2  |
|  8 | ConfigMap      | etcd-metrics-proxy-client-ca-3  |
|  9 | ConfigMap      | etcd-metrics-proxy-serving-ca   |
| 10 | ConfigMap      | etcd-metrics-proxy-serving-ca-2 |
| 11 | ConfigMap      | etcd-metrics-proxy-serving-ca-3 |
| 12 | ConfigMap      | etcd-peer-client-ca             |
| 13 | ConfigMap      | etcd-peer-client-ca-2           |
| 14 | ConfigMap      | etcd-peer-client-ca-3           |
| 15 | ConfigMap      | etcd-pod                        |
| 16 | ConfigMap      | etcd-pod-2                      |
| 17 | ConfigMap      | etcd-pod-3                      |
| 18 | ConfigMap      | etcd-scripts                    |
| 19 | ConfigMap      | etcd-serving-ca                 |
| 20 | ConfigMap      | etcd-serving-ca-2               |
| 21 | ConfigMap      | etcd-serving-ca-3               |
| 22 | ConfigMap      | restore-etcd-pod                |
| 23 | ConfigMap      | revision-status-1               |
| 24 | ConfigMap      | revision-status-2               |
| 25 | ConfigMap      | revision-status-3               |
| 26 | Secret         | etcd-all-certs                  |
| 27 | Secret         | etcd-all-certs-2                |
| 28 | Secret         | etcd-all-certs-3                |
| 29 | Secret         | etcd-client                     |
| 30 | Secret         | etcd-peer-doron-sno             |
| 31 | Secret         | etcd-serving-doron-sno          |
| 32 | Secret         | etcd-serving-metrics-doron-sno  |
| 33 | Secret         | serving-cert                    |
| 34 | ServiceAccount | etcd-sa                         |
+----+----------------+---------------------------------+

Unused Resources in Namespace: openshift-kube-apiserver
+----+---------------+------------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME               |
+----+---------------+------------------------------------------+
|  1 | ConfigMap     | aggregator-client-ca                     |
|  2 | ConfigMap     | bound-sa-token-signing-certs             |
|  3 | ConfigMap     | bound-sa-token-signing-certs-2           |
|  4 | ConfigMap     | bound-sa-token-signing-certs-3           |
|  5 | ConfigMap     | bound-sa-token-signing-certs-4           |
|  6 | ConfigMap     | bound-sa-token-signing-certs-5           |
|  7 | ConfigMap     | check-endpoints-kubeconfig               |
|  8 | ConfigMap     | client-ca                                |
|  9 | ConfigMap     | config                                   |
| 10 | ConfigMap     | config-2                                 |
| 11 | ConfigMap     | config-3                                 |
| 12 | ConfigMap     | config-4                                 |
| 13 | ConfigMap     | config-5                                 |
| 14 | ConfigMap     | control-plane-node-kubeconfig            |
| 15 | ConfigMap     | etcd-serving-ca                          |
| 16 | ConfigMap     | etcd-serving-ca-2                        |
| 17 | ConfigMap     | etcd-serving-ca-3                        |
| 18 | ConfigMap     | etcd-serving-ca-4                        |
| 19 | ConfigMap     | etcd-serving-ca-5                        |
| 20 | ConfigMap     | kube-apiserver-audit-policies            |
| 21 | ConfigMap     | kube-apiserver-audit-policies-2          |
| 22 | ConfigMap     | kube-apiserver-audit-policies-3          |
| 23 | ConfigMap     | kube-apiserver-audit-policies-4          |
| 24 | ConfigMap     | kube-apiserver-audit-policies-5          |
| 25 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig    |
| 26 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-2  |
| 27 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-3  |
| 28 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-4  |
| 29 | ConfigMap     | kube-apiserver-cert-syncer-kubeconfig-5  |
| 30 | ConfigMap     | kube-apiserver-pod                       |
| 31 | ConfigMap     | kube-apiserver-pod-2                     |
| 32 | ConfigMap     | kube-apiserver-pod-3                     |
| 33 | ConfigMap     | kube-apiserver-pod-4                     |
| 34 | ConfigMap     | kube-apiserver-pod-5                     |
| 35 | ConfigMap     | kube-apiserver-server-ca                 |
| 36 | ConfigMap     | kube-apiserver-server-ca-2               |
| 37 | ConfigMap     | kube-apiserver-server-ca-3               |
| 38 | ConfigMap     | kube-apiserver-server-ca-4               |
| 39 | ConfigMap     | kube-apiserver-server-ca-5               |
| 40 | ConfigMap     | kubelet-serving-ca                       |
| 41 | ConfigMap     | kubelet-serving-ca-2                     |
| 42 | ConfigMap     | kubelet-serving-ca-3                     |
| 43 | ConfigMap     | kubelet-serving-ca-4                     |
| 44 | ConfigMap     | kubelet-serving-ca-5                     |
| 45 | ConfigMap     | oauth-metadata                           |
| 46 | ConfigMap     | oauth-metadata-5                         |
| 47 | ConfigMap     | revision-status-1                        |
| 48 | ConfigMap     | revision-status-2                        |
| 49 | ConfigMap     | revision-status-3                        |
| 50 | ConfigMap     | revision-status-4                        |
| 51 | ConfigMap     | revision-status-5                        |
| 52 | ConfigMap     | sa-token-signing-certs                   |
| 53 | ConfigMap     | sa-token-signing-certs-2                 |
| 54 | ConfigMap     | sa-token-signing-certs-3                 |
| 55 | ConfigMap     | sa-token-signing-certs-4                 |
| 56 | ConfigMap     | sa-token-signing-certs-5                 |
| 57 | ConfigMap     | trusted-ca-bundle                        |
| 58 | Secret        | aggregator-client                        |
| 59 | Secret        | bound-service-account-signing-key        |
| 60 | Secret        | check-endpoints-client-cert-key          |
| 61 | Secret        | control-plane-node-admin-client-cert-key |
| 62 | Secret        | etcd-client                              |
| 63 | Secret        | etcd-client-2                            |
| 64 | Secret        | etcd-client-3                            |
| 65 | Secret        | etcd-client-4                            |
| 66 | Secret        | etcd-client-5                            |
| 67 | Secret        | external-loadbalancer-serving-certkey    |
| 68 | Secret        | internal-loadbalancer-serving-certkey    |
| 69 | Secret        | kubelet-client                           |
| 70 | Secret        | localhost-recovery-client-token-2        |
| 71 | Secret        | localhost-recovery-client-token-3        |
| 72 | Secret        | localhost-recovery-client-token-4        |
| 73 | Secret        | localhost-recovery-client-token-5        |
| 74 | Secret        | localhost-recovery-serving-certkey       |
| 75 | Secret        | localhost-recovery-serving-certkey-2     |
| 76 | Secret        | localhost-recovery-serving-certkey-3     |
| 77 | Secret        | localhost-recovery-serving-certkey-4     |
| 78 | Secret        | localhost-recovery-serving-certkey-5     |
| 79 | Secret        | localhost-serving-cert-certkey           |
| 80 | Secret        | node-kubeconfigs                         |
| 81 | Secret        | service-network-serving-certkey          |
| 82 | Secret        | webhook-authenticator                    |
| 83 | Secret        | webhook-authenticator-2                  |
| 84 | Secret        | webhook-authenticator-3                  |
| 85 | Secret        | webhook-authenticator-4                  |
| 86 | Secret        | webhook-authenticator-5                  |
+----+---------------+------------------------------------------+




Unused Resources in Namespace: openshift-cluster-storage-operator
+---+---------------+-----------------------------------------+
| # | RESOURCE TYPE |              RESOURCE NAME              |
+---+---------------+-----------------------------------------+
| 1 | ConfigMap     | csi-snapshot-controller-operator-config |
| 2 | Secret        | serving-cert                            |
+---+---------------+-----------------------------------------+



Unused Resources in Namespace: openshift-machine-api
+----+----------------+-------------------------------------------+
| #  | RESOURCE TYPE  |               RESOURCE NAME               |
+----+----------------+-------------------------------------------+
|  1 | ConfigMap      | cbo-trusted-ca                            |
|  2 | ConfigMap      | machine-api-operator                      |
|  3 | ConfigMap      | mao-trusted-ca                            |
|  4 | Service        | machine-api-controllers                   |
|  5 | Service        | machine-api-operator-machine-webhook      |
|  6 | Service        | machine-api-operator-webhook              |
|  7 | Secret         | machine-api-controllers-tls               |
|  8 | Secret         | machine-api-operator-machine-webhook-cert |
|  9 | Secret         | machine-api-operator-webhook-cert         |
| 10 | Secret         | master-user-data                          |
| 11 | Secret         | master-user-data-managed                  |
| 12 | Secret         | worker-user-data                          |
| 13 | Secret         | worker-user-data-managed                  |
| 14 | ServiceAccount | machine-api-termination-handler           |
+----+----------------+-------------------------------------------+

Unused Resources in Namespace: openshift-network-operator
+---+---------------+-----------------+
| # | RESOURCE TYPE |  RESOURCE NAME  |
+---+---------------+-----------------+
| 1 | ConfigMap     | applied-cluster |
| 2 | ConfigMap     | mtu             |
+---+---------------+-----------------+


Unused Resources in Namespace: openshift-user-workload-monitoring
+---+---------------+--------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME             |
+---+---------------+--------------------------------------+
| 1 | Role          | user-workload-monitoring-config-edit |
+---+---------------+--------------------------------------+



Unused Resources in Namespace: openshift-monitoring
+----+----------------+------------------------------------------------+
| #  | RESOURCE TYPE  |                 RESOURCE NAME                  |
+----+----------------+------------------------------------------------+
|  1 | ConfigMap      | alertmanager-trusted-ca-bundle                 |
|  2 | ConfigMap      | prometheus-trusted-ca-bundle                   |
|  3 | ConfigMap      | telemeter-trusted-ca-bundle                    |
|  4 | ConfigMap      | thanos-querier-trusted-ca-bundle               |
|  5 | Secret         | alert-relabel-configs                          |
|  6 | Secret         | alertmanager-main                              |
|  7 | Secret         | grpc-tls                                       |
|  8 | Secret         | prometheus-adapter-tls                         |
|  9 | Secret         | prometheus-k8s-additional-alertmanager-configs |
| 10 | ServiceAccount | monitoring-plugin                              |
| 11 | ReplicaSet     | prometheus-adapter-6b4d895d78                  |
+----+----------------+------------------------------------------------+

Unused Resources in Namespace: openshift-multus
+---+---------------+----------------------------------------+
| # | RESOURCE TYPE |             RESOURCE NAME              |
+---+---------------+----------------------------------------+
| 1 | ReplicaSet    | multus-admission-controller-58bb7cd877 |
| 2 | ReplicaSet    | multus-admission-controller-6dbc6c56b4 |
+---+---------------+----------------------------------------+






Unused Resources in Namespace: openshift-network-node-identity
+---+---------------+--------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME       |
+---+---------------+--------------------------+
| 1 | ConfigMap     | network-node-identity-ca |
| 2 | Secret        | network-node-identity-ca |
+---+---------------+--------------------------+

Unused Resources in Namespace: openshift-ovn-kubernetes
+---+---------------+----------------------+
| # | RESOURCE TYPE |    RESOURCE NAME     |
+---+---------------+----------------------+
| 1 | ConfigMap     | control-plane-status |
| 2 | ConfigMap     | ovn-ca               |
| 3 | ConfigMap     | signer-ca            |
| 4 | Secret        | ovn-ca               |
| 5 | Secret        | ovn-cert             |
| 6 | Secret        | signer-ca            |
| 7 | Secret        | signer-cert          |
+---+---------------+----------------------+

Unused Resources in Namespace: openshift-ingress-operator
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | Secret        | router-ca     |
+---+---------------+---------------+

Unused Resources in Namespace: openshift-cloud-credential-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE |          RESOURCE NAME           |
+---+---------------+----------------------------------+
| 1 | ConfigMap     | cloud-credential-operator-leader |
+---+---------------+----------------------------------+


Unused Resources in Namespace: openshift-cluster-samples-operator
+---+---------------+-------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME      |
+---+---------------+-------------------------+
| 1 | ConfigMap     | imagestreamtag-to-image |
+---+---------------+-------------------------+


Unused Resources in Namespace: openshift-controller-manager
+---+---------------+-------------------------------+
| # | RESOURCE TYPE |         RESOURCE NAME         |
+---+---------------+-------------------------------+
| 1 | ConfigMap     | openshift-master-controllers  |
| 2 | ConfigMap     | openshift-service-ca          |
| 3 | ReplicaSet    | controller-manager-6f547445f7 |
| 4 | ReplicaSet    | controller-manager-6fd95964d7 |
| 5 | ReplicaSet    | controller-manager-c6444598d  |
+---+---------------+-------------------------------+

Unused Resources in Namespace: openshift-oauth-apiserver
+---+---------------+-------------------------------+
| # | RESOURCE TYPE |         RESOURCE NAME         |
+---+---------------+-------------------------------+
| 1 | ConfigMap     | audit                         |
| 2 | ConfigMap     | revision-status-1             |
| 3 | Secret        | openshift-authenticator-certs |
| 4 | ReplicaSet    | apiserver-6dd6fb6f7b          |
| 5 | ReplicaSet    | apiserver-9549986d6           |
+---+---------------+-------------------------------+


Unused Resources in Namespace: openshift-config
+----+---------------+-----------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME              |
+----+---------------+-----------------------------------------+
|  1 | ConfigMap     | admin-acks                              |
|  2 | ConfigMap     | admin-kubeconfig-client-ca              |
|  3 | ConfigMap     | etcd-ca-bundle                          |
|  4 | ConfigMap     | etcd-metric-serving-ca                  |
|  5 | ConfigMap     | etcd-serving-ca                         |
|  6 | ConfigMap     | initial-kube-apiserver-server-ca        |
|  7 | ConfigMap     | openshift-install-manifests             |
|  8 | Secret        | etcd-client                             |
|  9 | Secret        | etcd-metric-client                      |
| 10 | Secret        | etcd-metric-signer                      |
| 11 | Secret        | etcd-signer                             |
| 12 | Secret        | initial-service-account-private-key     |
| 13 | Secret        | webhook-authentication-integrated-oauth |
+----+---------------+-----------------------------------------+

Unused Resources in Namespace: openshift-image-registry
+---+---------------+---------------+
| # | RESOURCE TYPE | RESOURCE NAME |
+---+---------------+---------------+
| 1 | ConfigMap     | serviceca     |
+---+---------------+---------------+



Unused Resources in Namespace: openshift-kube-apiserver-operator
+----+---------------+----------------------------------------+
| #  | RESOURCE TYPE |             RESOURCE NAME              |
+----+---------------+----------------------------------------+
|  1 | ConfigMap     | kube-apiserver-to-kubelet-client-ca    |
|  2 | ConfigMap     | kube-control-plane-signer-ca           |
|  3 | ConfigMap     | loadbalancer-serving-ca                |
|  4 | ConfigMap     | localhost-recovery-serving-ca          |
|  5 | ConfigMap     | localhost-serving-ca                   |
|  6 | ConfigMap     | node-system-admin-ca                   |
|  7 | ConfigMap     | service-network-serving-ca             |
|  8 | Secret        | aggregator-client-signer               |
|  9 | Secret        | kube-apiserver-to-kubelet-signer       |
| 10 | Secret        | kube-control-plane-signer              |
| 11 | Secret        | loadbalancer-serving-signer            |
| 12 | Secret        | localhost-recovery-serving-signer      |
| 13 | Secret        | localhost-serving-signer               |
| 14 | Secret        | next-bound-service-account-signing-key |
| 15 | Secret        | node-system-admin-client               |
| 16 | Secret        | node-system-admin-signer               |
| 17 | Secret        | service-network-serving-signer         |
+----+---------------+----------------------------------------+


Unused Resources in Namespace: openshift-operator-lifecycle-manager
+---+---------------+-----------------------------+
| # | RESOURCE TYPE |        RESOURCE NAME        |
+---+---------------+-----------------------------+
| 1 | ConfigMap     | catalog-operator-heap-4hd9f |
| 2 | ConfigMap     | olm-operator-heap-8qpq7     |
| 3 | Pdb           | packageserver-pdb           |
| 4 | Job           | collect-profiles-28583850   |
| 5 | Job           | collect-profiles-28583865   |
| 6 | Job           | collect-profiles-28583880   |
+---+---------------+-----------------------------+



Unused Resources in Namespace: openshift-apiserver
+---+---------------+---------------------+
| # | RESOURCE TYPE |    RESOURCE NAME    |
+---+---------------+---------------------+
| 1 | ConfigMap     | audit               |
| 2 | ConfigMap     | revision-status-1   |
| 3 | ReplicaSet    | apiserver-c7f89cff6 |
+---+---------------+---------------------+


Unused Resources in Namespace: openshift-controller-manager-operator
+---+---------------+-------------------------------------+
| # | RESOURCE TYPE |            RESOURCE NAME            |
+---+---------------+-------------------------------------+
| 1 | ConfigMap     | openshift-controller-manager-images |
+---+---------------+-------------------------------------+

Unused Resources in Namespace: openshift-etcd-operator
+---+---------------+------------------------+
| # | RESOURCE TYPE |     RESOURCE NAME      |
+---+---------------+------------------------+
| 1 | ConfigMap     | etcd-metric-serving-ca |
| 2 | Secret        | etcd-metric-client     |
+---+---------------+------------------------+

Unused Resources in Namespace: openshift-machine-config-operator
+---+---------------+---------------------------+
| # | RESOURCE TYPE |       RESOURCE NAME       |
+---+---------------+---------------------------+
| 1 | ConfigMap     | coreos-bootimages         |
| 2 | ConfigMap     | machine-config-osimageurl |
+---+---------------+---------------------------+


Unused Resources in Namespace: openshift-authentication
+---+---------------+-----------------------------+
| # | RESOURCE TYPE |        RESOURCE NAME        |
+---+---------------+-----------------------------+
| 1 | ConfigMap     | v4-0-config-system-metadata |
| 2 | ReplicaSet    | oauth-openshift-5f7bff87b6  |
| 3 | ReplicaSet    | oauth-openshift-745f9cb764  |
| 4 | ReplicaSet    | oauth-openshift-8497f7787b  |
+---+---------------+-----------------------------+

Unused Resources in Namespace: openshift-kube-controller-manager
+----+----------------+------------------------------------------+
| #  | RESOURCE TYPE  |              RESOURCE NAME               |
+----+----------------+------------------------------------------+
|  1 | ConfigMap      | aggregator-client-ca                     |
|  2 | ConfigMap      | client-ca                                |
|  3 | ConfigMap      | cluster-policy-controller-config         |
|  4 | ConfigMap      | cluster-policy-controller-config-2       |
|  5 | ConfigMap      | cluster-policy-controller-config-3       |
|  6 | ConfigMap      | cluster-policy-controller-config-4       |
|  7 | ConfigMap      | cluster-policy-controller-config-5       |
|  8 | ConfigMap      | cluster-policy-controller-config-6       |
|  9 | ConfigMap      | config                                   |
| 10 | ConfigMap      | config-2                                 |
| 11 | ConfigMap      | config-3                                 |
| 12 | ConfigMap      | config-4                                 |
| 13 | ConfigMap      | config-5                                 |
| 14 | ConfigMap      | config-6                                 |
| 15 | ConfigMap      | controller-manager-kubeconfig            |
| 16 | ConfigMap      | controller-manager-kubeconfig-2          |
| 17 | ConfigMap      | controller-manager-kubeconfig-3          |
| 18 | ConfigMap      | controller-manager-kubeconfig-4          |
| 19 | ConfigMap      | controller-manager-kubeconfig-5          |
| 20 | ConfigMap      | controller-manager-kubeconfig-6          |
| 21 | ConfigMap      | kube-controller-cert-syncer-kubeconfig   |
| 22 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-2 |
| 23 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-3 |
| 24 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-4 |
| 25 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-5 |
| 26 | ConfigMap      | kube-controller-cert-syncer-kubeconfig-6 |
| 27 | ConfigMap      | kube-controller-manager-pod              |
| 28 | ConfigMap      | kube-controller-manager-pod-2            |
| 29 | ConfigMap      | kube-controller-manager-pod-3            |
| 30 | ConfigMap      | kube-controller-manager-pod-4            |
| 31 | ConfigMap      | kube-controller-manager-pod-5            |
| 32 | ConfigMap      | kube-controller-manager-pod-6            |
| 33 | ConfigMap      | recycler-config                          |
| 34 | ConfigMap      | recycler-config-2                        |
| 35 | ConfigMap      | recycler-config-3                        |
| 36 | ConfigMap      | recycler-config-4                        |
| 37 | ConfigMap      | recycler-config-5                        |
| 38 | ConfigMap      | recycler-config-6                        |
| 39 | ConfigMap      | revision-status-1                        |
| 40 | ConfigMap      | revision-status-2                        |
| 41 | ConfigMap      | revision-status-3                        |
| 42 | ConfigMap      | revision-status-4                        |
| 43 | ConfigMap      | revision-status-5                        |
| 44 | ConfigMap      | revision-status-6                        |
| 45 | ConfigMap      | service-ca                               |
| 46 | ConfigMap      | service-ca-2                             |
| 47 | ConfigMap      | service-ca-3                             |
| 48 | ConfigMap      | service-ca-4                             |
| 49 | ConfigMap      | service-ca-5                             |
| 50 | ConfigMap      | service-ca-6                             |
| 51 | ConfigMap      | serviceaccount-ca                        |
| 52 | ConfigMap      | serviceaccount-ca-2                      |
| 53 | ConfigMap      | serviceaccount-ca-3                      |
| 54 | ConfigMap      | serviceaccount-ca-4                      |
| 55 | ConfigMap      | serviceaccount-ca-5                      |
| 56 | ConfigMap      | serviceaccount-ca-6                      |
| 57 | ConfigMap      | trusted-ca-bundle                        |
| 58 | Secret         | csr-signer                               |
| 59 | Secret         | kube-controller-manager-client-cert-key  |
| 60 | Secret         | localhost-recovery-client-token-2        |
| 61 | Secret         | localhost-recovery-client-token-3        |
| 62 | Secret         | localhost-recovery-client-token-4        |
| 63 | Secret         | localhost-recovery-client-token-5        |
| 64 | Secret         | localhost-recovery-client-token-6        |
| 65 | Secret         | service-account-private-key              |
| 66 | Secret         | service-account-private-key-2            |
| 67 | Secret         | service-account-private-key-3            |
| 68 | Secret         | service-account-private-key-4            |
| 69 | Secret         | service-account-private-key-5            |
| 70 | Secret         | service-account-private-key-6            |
| 71 | Secret         | serving-cert                             |
| 72 | Secret         | serving-cert-2                           |
| 73 | Secret         | serving-cert-3                           |
| 74 | Secret         | serving-cert-4                           |
| 75 | Secret         | serving-cert-5                           |
| 76 | Secret         | serving-cert-6                           |
| 77 | ServiceAccount | kube-controller-manager-sa               |
+----+----------------+------------------------------------------+

Unused Resources in Namespace: openshift-kube-scheduler
+----+---------------+-----------------------------------------+
| #  | RESOURCE TYPE |              RESOURCE NAME              |
+----+---------------+-----------------------------------------+
|  1 | ConfigMap     | config                                  |
|  2 | ConfigMap     | config-2                                |
|  3 | ConfigMap     | config-3                                |
|  4 | ConfigMap     | config-4                                |
|  5 | ConfigMap     | config-5                                |
|  6 | ConfigMap     | config-6                                |
|  7 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig   |
|  8 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-2 |
|  9 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-3 |
| 10 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-4 |
| 11 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-5 |
| 12 | ConfigMap     | kube-scheduler-cert-syncer-kubeconfig-6 |
| 13 | ConfigMap     | kube-scheduler-pod                      |
| 14 | ConfigMap     | kube-scheduler-pod-2                    |
| 15 | ConfigMap     | kube-scheduler-pod-3                    |
| 16 | ConfigMap     | kube-scheduler-pod-4                    |
| 17 | ConfigMap     | kube-scheduler-pod-5                    |
| 18 | ConfigMap     | kube-scheduler-pod-6                    |
| 19 | ConfigMap     | revision-status-2                       |
| 20 | ConfigMap     | revision-status-3                       |
| 21 | ConfigMap     | revision-status-4                       |
| 22 | ConfigMap     | revision-status-5                       |
| 23 | ConfigMap     | revision-status-6                       |
| 24 | ConfigMap     | scheduler-kubeconfig                    |
| 25 | ConfigMap     | scheduler-kubeconfig-2                  |
| 26 | ConfigMap     | scheduler-kubeconfig-3                  |
| 27 | ConfigMap     | scheduler-kubeconfig-4                  |
| 28 | ConfigMap     | scheduler-kubeconfig-5                  |
| 29 | ConfigMap     | scheduler-kubeconfig-6                  |
| 30 | ConfigMap     | serviceaccount-ca                       |
| 31 | ConfigMap     | serviceaccount-ca-2                     |
| 32 | ConfigMap     | serviceaccount-ca-3                     |
| 33 | ConfigMap     | serviceaccount-ca-4                     |
| 34 | ConfigMap     | serviceaccount-ca-5                     |
| 35 | ConfigMap     | serviceaccount-ca-6                     |
| 36 | Secret        | kube-scheduler-client-cert-key          |
| 37 | Secret        | localhost-recovery-client-token-2       |
| 38 | Secret        | localhost-recovery-client-token-3       |
| 39 | Secret        | localhost-recovery-client-token-4       |
| 40 | Secret        | localhost-recovery-client-token-5       |
| 41 | Secret        | localhost-recovery-client-token-6       |
| 42 | Secret        | serving-cert                            |
| 43 | Secret        | serving-cert-2                          |
| 44 | Secret        | serving-cert-3                          |
| 45 | Secret        | serving-cert-4                          |
| 46 | Secret        | serving-cert-5                          |
| 47 | Secret        | serving-cert-6                          |
+----+---------------+-----------------------------------------+

Unused Resources in Namespace: openshift-marketplace
+---+---------------+---------------------------+
| # | RESOURCE TYPE |       RESOURCE NAME       |
+---+---------------+---------------------------+
| 1 | ConfigMap     | marketplace-operator-lock |
+---+---------------+---------------------------+





Unused Resources in Namespace: openshift-cloud-controller-manager
+---+---------------+----------------+
| # | RESOURCE TYPE | RESOURCE NAME  |
+---+---------------+----------------+
| 1 | ConfigMap     | ccm-trusted-ca |
+---+---------------+----------------+

Unused Resources in Namespace: openshift-kube-controller-manager-operator
+---+---------------+----------------------------------+
| # | RESOURCE TYPE |          RESOURCE NAME           |
+---+---------------+----------------------------------+
| 1 | ConfigMap     | csr-controller-ca                |
| 2 | ConfigMap     | csr-controller-signer-ca         |
| 3 | ConfigMap     | csr-signer-ca                    |
| 4 | Secret        | csr-signer                       |
| 5 | Secret        | csr-signer-signer                |
| 6 | Secret        | next-service-account-private-key |
+---+---------------+----------------------------------+



Unused Resources in Namespace: openshift-console-user-settings
+---+---------------+-------------------------+
| # | RESOURCE TYPE |      RESOURCE NAME      |
+---+---------------+-------------------------+
| 1 | ConfigMap     | user-settings-kubeadmin |
+---+---------------+-------------------------+

Awaiting #249 to be merged and then I'll apply that logic in this PR.

@doronkg doronkg closed this Jun 18, 2024
@doronkg doronkg deleted the openshift-exceptions branch June 18, 2024 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Map false unused resources: Openshift
7 participants
@doronkg @codecov-commenter @pbr0ck3r @Itaykal @matazr @kvanzuijlen @yonahd