Skip to content

feat(namespaces): add empty namespace detection and removal#249

Open
isindir wants to merge 15 commits into
yonahd:mainfrom
isindir:unused_namespaces
Open

feat(namespaces): add empty namespace detection and removal#249
isindir wants to merge 15 commits into
yonahd:mainfrom
isindir:unused_namespaces

Conversation

@isindir

@isindir isindir commented Apr 28, 2024

Copy link
Copy Markdown
Contributor

What this PR does / why we need it?

This PR finds empty and non-default kubernetes namespaces, and if instructed removes these from the cluster.

PR Checklist

  • This PR adds K8s exceptions (false positives)
  • This PR adds new code
  • This PR includes tests for new/existing code
  • This PR adds docs

GitHub Issue

Closes [#92]

Notes for your reviewers

@isindir

isindir commented Apr 28, 2024

Copy link
Copy Markdown
Contributor Author

fixes #92

This PR is still WIP, as it lacks parallel processing of the namespaces as well as unit tests, could you please review if in principle it is what you'd be happy to accept ?

@yonahd

yonahd commented Apr 30, 2024

Copy link
Copy Markdown
Owner

fixes #92

This PR is still WIP, as it lacks parallel processing of the namespaces as well as unit tests, could you please review if in principle it is what you'd be happy to accept ?

Hey @isindir
I'll take a look at the code in the next couple of days

@doronkg

doronkg commented May 1, 2024

Copy link
Copy Markdown
Contributor

Hi @isindir,
In order for the new feature to be completed, several additional files should be modified accordingly.

Take a look at https://github.com/yonahd/kor/blob/main/CONTRIBUTING.md#repository-structure.

@isindir isindir force-pushed the unused_namespaces branch from 2460fbc to b86c7df Compare May 1, 2024 08:30
@codecov-commenter

codecov-commenter commented May 1, 2024

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 68.31683% with 64 lines in your changes missing coverage. Please review.
✅ Project coverage is 51.92%. Comparing base (dc72918) to head (5ba575d).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
pkg/kor/namespaces.go 74.09% 24 Missing and 19 partials ⚠️
pkg/kor/kor.go 39.13% 12 Missing and 2 partials ⚠️
pkg/kor/delete.go 46.15% 7 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #249      +/-   ##
==========================================
+ Coverage   46.57%   51.92%   +5.35%     
==========================================
  Files          69       40      -29     
  Lines        3957     3811     -146     
==========================================
+ Hits         1843     1979     +136     
+ Misses       1806     1503     -303     
- Partials      308      329      +21     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@yonahd

yonahd commented May 1, 2024

Copy link
Copy Markdown
Owner

fixes #92

This PR is still WIP, as it lacks parallel processing of the namespaces as well as unit tests, could you please review if in principle it is what you'd be happy to accept ?

This is definitely a good direction(this is not a simple one).
Definitely need to review this thoroughly but in principal this is good

Comment thread pkg/kor/namespaces.go Outdated
@isindir

isindir commented May 1, 2024

Copy link
Copy Markdown
Contributor Author

@doronkg,

Hi @isindir, In order for the new feature to be completed, several additional files should be modified accordingly.

Take a look at https://github.com/yonahd/kor/blob/main/CONTRIBUTING.md#repository-structure.

Helm chart I think needs extra changes:

  • at the moment it is not possible to configure kor in a deployment for example to automatically remove any orphaned resources - rbac lacks such permissions.
  • I think it would be more useful to split cronjobs so that several such jobs are configured with different schedules (may become handy when removing some resources and then namespaces in a separate run.

I'm looking to work on unit tests if time allows these weekends.

@yonahd yonahd requested a review from luisdavim May 4, 2024 18:45
@isindir isindir force-pushed the unused_namespaces branch 3 times, most recently from 07bc31c to 7246d82 Compare May 5, 2024 20:53
@doronkg

doronkg commented May 6, 2024

Copy link
Copy Markdown
Contributor

Helm chart I think needs extra changes:

  • at the moment it is not possible to configure kor in a deployment for example to automatically remove any orphaned resources - rbac lacks such permissions.

Correct, currently the deployment is only used to export metrics, hence read-only RBAC, but we can consider going that way.

  • I think it would be more useful to split cronjobs so that several such jobs are configured with different schedules (may become handy when removing some resources and then namespaces in a separate run.

Interesting, especially when scanning unused resources in high-scaled clusters that might take more time than the interval set.

We can continue with progress on both comments in separated issues/discussions (or in our Discord channel) as they are out-of-scope for this PR, but should be dippen into. I'd like to futher discuss them.

Referring to https://github.com/yonahd/kor/blob/main/CONTRIBUTING.md#repository-structure was made to make sure you modify all required files, as adding any new unused resource support should address them.

@isindir

isindir commented May 6, 2024

Copy link
Copy Markdown
Contributor Author

@doronkg ,

Referring to https://github.com/yonahd/kor/blob/main/CONTRIBUTING.md#repository-structure was made to make sure you modify all required files, as adding any new unused resource support should address them.

Thank you, I think I covered most of the files except helm chart and some unit tests, atm I'm trying to figure out if I can use fake clients to reliably test a feature I'm implementing. I deliberately left chart untouched as the change already looks very big.

btw, for chart - it will be better to have fine-tuned RBAC - possibility to enable only those read/write/per namespace permissions per feature (resource).

Comment thread pkg/kor/namespaces.go Outdated
Comment thread pkg/filters/filters.go Outdated
@isindir isindir force-pushed the unused_namespaces branch from 1ac441f to cc034af Compare May 8, 2024 08:03
@doronkg doronkg mentioned this pull request May 9, 2024
3 tasks
@doronkg doronkg mentioned this pull request May 23, 2024
3 tasks
@isindir isindir force-pushed the unused_namespaces branch from ac738c6 to 5b15ce6 Compare June 8, 2024 07:44
@isindir

isindir commented Jun 9, 2024

Copy link
Copy Markdown
Contributor Author

@yonahd @luisdavim @doronkg, I finally found time and adding some more testing to the namespace removal - but I was not following if json configs with resources to skip from namespace evaluation for different k8s distros is fully implemented or not. Could you please suggest and review if my testing in pkg/kor/namespacesMoreTests_test.go is acceptable ? Thanks

@yonahd

yonahd commented Jun 21, 2024

Copy link
Copy Markdown
Owner

@yonahd @luisdavim @doronkg, I finally found time and adding some more testing to the namespace removal - but I was not following if json configs with resources to skip from namespace evaluation for different k8s distros is fully implemented or not. Could you please suggest and review if my testing in pkg/kor/namespacesMoreTests_test.go is acceptable ? Thanks

The resource exceptions are merged fully.
Not sure we will use the namespaces exceptions as we worked around it

@yonahd

yonahd commented Jun 21, 2024

Copy link
Copy Markdown
Owner

Let me know when this is ready for review. This is a massive pr and will take quite a while to review

@isindir isindir force-pushed the unused_namespaces branch from b6dd857 to 02a3f7e Compare July 7, 2024 15:09
@isindir

isindir commented Jul 7, 2024

Copy link
Copy Markdown
Contributor Author

@yonahd I feel that I'll not be able to do 100% unit test coverage for my new code, please review this PR. Thanks.

@isindir

isindir commented Nov 28, 2024

Copy link
Copy Markdown
Contributor Author

@yonahd - I rebased the PR to the latest, would you have time to review and may be merge it ? We could negotiate next course of actions if needed from my side on a call, please reach me out on keybase , same uid as here.

@isindir isindir requested a review from yonahd November 28, 2024 16:20
@yonahd

yonahd commented Dec 2, 2024

Copy link
Copy Markdown
Owner

@yonahd - I rebased the PR to the latest, would you have time to review and may be merge it ? We could negotiate next course of actions if needed from my side on a call, please reach me out on keybase , same uid as here.

Thanks for the PR
I'm currently very short in time. Any chance @doronkg or @luisdavim can you review this?

@doronkg

doronkg commented Dec 9, 2024

Copy link
Copy Markdown
Contributor

@yonahd - I rebased the PR to the latest, would you have time to review and may be merge it ? We could negotiate next course of actions if needed from my side on a call, please reach me out on keybase , same uid as here.

Thanks for the PR

I'm currently very short in time. Any chance @doronkg or @luisdavim can you review this?

Hi, sorry for the late response.
I'm currently on vacation so my time is very limited. From a quick glimpse - I won't be able to review this PR thoroughly in the following weeks unfortunately.

@yonahd yonahd requested review from Copilot and removed request for doronkg September 1, 2025 18:53

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds empty namespace detection functionality to the Kor tool. It introduces the ability to scan Kubernetes clusters for unused namespaces and optionally remove them based on specific criteria.

  • Implements namespace scanning logic to identify empty or unused namespaces
  • Adds comprehensive test coverage for namespace detection functionality
  • Integrates namespace deletion capabilities into the existing resource deletion framework

Reviewed Changes

Copilot reviewed 16 out of 17 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
pkg/kor/namespaces.go Core namespace scanning and detection logic
pkg/kor/namespaces_test.go Unit tests for helper functions (getGVR, ignoreResourceType)
pkg/kor/namespaces_IsNamespaceUsed_test.go Comprehensive tests for namespace usage detection
pkg/kor/namespaces_GetUnusedNamespaces_test.go Integration tests for the main namespace scanning function
pkg/kor/kor.go Extended exception handling to support namespaced resources
pkg/kor/delete.go Enhanced deletion logic to support namespaces and improved messaging
cmd/kor/namespaces.go CLI command interface for namespace operations
pkg/filters/options.go Added filtering options for resource types
pkg/kor/exceptions/ Configuration files for namespace and resource exceptions

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread pkg/kor/exceptions/namespaces/namespaces.json Outdated
Comment thread pkg/kor/namespaces_GetUnusedNamespaces_test.go Outdated
Comment thread pkg/kor/namespaces_GetUnusedNamespaces_test.go Outdated
Comment thread pkg/kor/namespaces.go Outdated
@isindir

isindir commented Jan 19, 2026

Copy link
Copy Markdown
Contributor Author

rebased

@isindir isindir force-pushed the unused_namespaces branch 2 times, most recently from 077fc2a to 39b8f79 Compare January 25, 2026 21:38
@isindir isindir force-pushed the unused_namespaces branch from 33e6383 to a08e7c2 Compare June 20, 2026 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants