MCPcopy
hub / github.com/yonahd/kor

github.com/yonahd/kor @v0.6.8 sqlite

repository ↗ · DeepWiki ↗ · release v0.6.8 ↗
457 symbols 2,097 edges 101 files 26 documented · 6%
README

GitHub go.mod Go version (subdirectory of monorepo) GitHub Release GitHub Release Docker Pulls codecov Discord KorPro Available

yonahd%2Fkor | Trendshift

Kor - Kubernetes Orphaned Resources Finder

Kor Logo

Kor is a tool to discover unused Kubernetes resources. Currently, Kor can identify and list unused:

  • ConfigMaps
  • Secrets
  • Services
  • ServiceAccounts
  • Deployments
  • StatefulSets
  • Roles
  • ClusterRoles
  • ClusterRoleBindings
  • HPAs
  • PVCs
  • Ingresses
  • PDBs
  • CRDs
  • PVs
  • Pods
  • Jobs
  • ReplicaSets
  • DaemonSets
  • StorageClasses
  • NetworkPolicies
  • RoleBindings
  • VolumeAttachments
  • PriorityClasses

Looking for cost analysis and multi-cluster management? Check out KorPro, our cloud-based platform built on top of Kor.

Kor Screenshot

Installation

Download the binary for your operating system from the releases page and add it to your system's PATH.

Homebrew

For macOS users, you can install Kor using Homebrew:

brew install kor

Build from development branch

Install the binary to your $GOBIN or $GOPATH/bin:

go install github.com/yonahd/kor@latest

Build from source

Build the locally cloned source code:

go build main.go

Docker

Run a container with your kubeconfig mounted:

docker run --rm -i yonahdissen/kor

docker run --rm -i -v "/path/to/.kube/config:/root/.kube/config" yonahdissen/kor all

Kubectl plugin (krew)

kubectl krew install kor

Helm

helm repo add kor https://yonahd.github.io/kor

Run as a cronjob in your Cluster (with an option for sending slack updates)

helm upgrade -i kor \
    --namespace kor \
    --create-namespace \
    --set cronJob.enabled=true
    ./charts/kor

Run as a deployment in your Cluster exposing prometheus metrics

helm upgrade -i kor \
    --namespace kor \
    --create-namespace \
    ./charts/kor

For more information see in cluster usage

Usage

Kor provides various subcommands to identify and list unused resources. The available commands are:

  • all - Gets all unused resources for the specified namespace or all namespaces.
  • configmap - Gets unused ConfigMaps for the specified namespace or all namespaces.
  • secret - Gets unused Secrets for the specified namespace or all namespaces.
  • service - Gets unused Services for the specified namespace or all namespaces.
  • serviceaccount - Gets unused ServiceAccounts for the specified namespace or all namespaces.
  • deployment - Gets unused Deployments for the specified namespace or all namespaces.
  • statefulset - Gets unused StatefulSets for the specified namespace or all namespaces.
  • role - Gets unused Roles for the specified namespace or all namespaces.
  • clusterrole - Gets unused ClusterRoles for the specified namespace or all namespaces (namespace refers to RoleBinding).
  • clusterrolebinding - Gets unused ClusterRoleBindings in the cluster (non namespaced resource).
  • rolebinding - Gets unused RoleBindings for the specified namespace or all namespaces.
  • hpa - Gets unused HPAs for the specified namespace or all namespaces.
  • pod - Gets unused Pods for the specified namespace or all namespaces.
  • pvc - Gets unused PVCs for the specified namespace or all namespaces.
  • pv - Gets unused PVs in the cluster (non namespaced resource).
  • storageclass - Gets unused StorageClasses in the cluster (non namespaced resource).
  • ingress - Gets unused Ingresses for the specified namespace or all namespaces.
  • pdb - Gets unused PDBs for the specified namespace or all namespaces.
  • crd - Gets unused CRDs in the cluster (non namespaced resource).
  • job - Gets unused jobs for the specified namespace or all namespaces.
  • replicaset - Gets unused replicaSets for the specified namespace or all namespaces.
  • daemonset- Gets unused DaemonSets for the specified namespace or all namespaces.
  • volumeattachment - Gets unused VolumeAttachments in the cluster (non-namespaced resource).
  • priorityclass - Gets unused PriorityClasses in the cluster (non-namespaced resource).
  • finalizer - Gets unused pending deletion resources for the specified namespace or all namespaces.
  • networkpolicy - Gets unused NetworkPolicies for the specified namespace or all namespaces.
  • exporter - Export Prometheus metrics.
  • version - Print kor version information.

Supported Flags

      --delete                       Delete unused resources
  -l, --exclude-labels strings       Selector to filter out, Example: --exclude-labels key1=value1,key2=value2. If --include-labels is set, --exclude-labels will be ignored
  -e, --exclude-namespaces strings   Namespaces to be excluded, split by commas. Example: --exclude-namespaces ns1,ns2,ns3. If --include-namespaces is set, --exclude-namespaces will be ignored
      --group-by string              Group output by (namespace, resource) (default "namespace")
  -h, --help                         help for kor
      --include-labels string        Selector to filter in, Example: --include-labels key1=value1 (currently supports one label)
  -n, --include-namespaces strings   Namespaces to run on, split by commas. Example: --include-namespaces ns1,ns2,ns3. If set, non-namespaced resources will be ignored
  -k, --kubeconfig string            Path to kubeconfig file (optional)
      --newer-than string            The maximum age of the resources to be considered unused. This flag cannot be used together with older-than flag. Example: --newer-than=1h2m
      --no-interactive               Do not prompt for confirmation when deleting resources. Be careful when using this flag!
      --older-than string            The minimum age of the resources to be considered unused. This flag cannot be used together with newer-than flag. Example: --older-than=1h2m
  -o, --output string                Output format (table, json or yaml) (default "table")
      --show-reason                  Print reason resource is considered unused
      --ignore-owner-references      Skip resources that have ownerReferences set (for all resource types)
      --slack-auth-token string      Slack auth token to send notifications to, requires --slack-channel to be set
      --slack-channel string         Slack channel to send notifications to, requires --slack-auth-token to be set
      --slack-webhook-url string     Slack webhook URL to send notifications to
  -v, --verbose                      Verbose output (print empty namespaces)

To use a specific subcommand, run kor [subcommand] [flags].

kor all --include-namespaces my-namespace

For more information about each subcommand and its available flags, you can use the --help flag.

kor [subcommand] --help

Supported resources and limitations

Resource What it looks for Known False Positives ⚠️
ConfigMaps ConfigMaps not used in the following places:
  • Pods

  • Containers

  • ConfigMaps used through Volumes

  • ConfigMaps used through environment variables | ConfigMaps used by resources which don't explicitly state them in the config.

e.g Grafana dashboards loaded dynamically OPA policies fluentd configs CRD configs | | CRDs | CRDs not used the cluster | | | ClusterRoleBindings | ClusterRoleBindings referencing invalid ClusterRole or ServiceAccounts | | | ClusterRoles | ClusterRoles not used in RoleBinding or ClusterRoleBinding

ClusterRoles not used in ClusterRole aggregation | | | DaemonSets | DaemonSets not scheduled on any nodes | | | Deployments | Deployments with no replicas | | | HPAs | HPAs not used in Deployments

HPAs not used in StatefulSets | | | Ingresses | Ingresses not pointing at any Service | | | Jobs | Jobs status is completed

Jobs status is suspended

Jobs failed with backoff limit exceeded (including indexed jobs)

Jobs failed with dedaline exceeded | | | NetworkPolicies | NetworkPolicies with no Pods selected by podSelector or Ingress / Egress rules | | PDBs | PDBs not used in Deployments / StatefulSets (templates) or in arbitrary Pods

PDBs with empty selectors (match every pod) but no running pods in namespace | | | Pods | Pods in Failed phase with reason Evicted (i.e., evicted pods)

Pods in Crashloopbackoff | | | PVs | PVs not bound to a PVC | | | PVCs | PVCs not used in Pods

Extension points exported contracts — how you extend this code

Framework (Interface)
Framework is a filter framework [1 implementers]
pkg/filters/interface.go
SendMessageToSlack (Interface)
(no doc) [1 implementers]
pkg/utils/slack.go
FilterFunc (FuncType)
FilterFunc is a filter that is a function If the resource is legal, return true example: deployment.Spec.Replicas > 0; r
pkg/filters/interface.go

Core symbols most depended-on inside this repo

Namespaces
called by 63
pkg/filters/options.go
appendResources
called by 50
pkg/kor/formatter.go
Run
called by 32
pkg/filters/interface.go
GetKubeClient
called by 30
pkg/kor/kor.go
CreateTestPod
called by 30
pkg/kor/create_test_resources.go
unusedResourceFormatter
called by 28
pkg/kor/formatter.go
FormatOutput
called by 28
pkg/kor/formatter.go
PrintLogo
called by 27
pkg/utils/banner.go

Shape

Function 418
Method 21
Struct 14
Interface 2
FuncType 1
TypeAlias 1

Languages

Go100%

Modules by API surface

pkg/kor/create_test_resources.go39 symbols
pkg/kor/all.go30 symbols
pkg/kor/kor.go19 symbols
pkg/kor/kor_test.go13 symbols
pkg/kor/serviceaccounts_test.go10 symbols
pkg/kor/secrets_test.go10 symbols
pkg/kor/networkpolicies_test.go10 symbols
pkg/kor/formatter.go10 symbols
pkg/filters/frameworks.go10 symbols
pkg/kor/clusterroles_test.go9 symbols
cmd/kor/root.go8 symbols
pkg/utils/slack_test.go7 symbols

Dependencies from manifests, versioned

github.com/beorn7/perksv1.0.1 · 1×
github.com/cespare/xxhash/v2v2.3.0 · 1×
github.com/davecgh/go-spewv1.1.2-0.20180830191 · 1×
github.com/fxamacker/cbor/v2v2.9.0 · 1×
github.com/go-logr/logrv1.4.3 · 1×
github.com/go-openapi/jsonpointerv0.21.0 · 1×
github.com/go-openapi/jsonreferencev0.20.2 · 1×
github.com/go-openapi/swagv0.23.0 · 1×
github.com/go-viper/mapstructure/v2v2.4.0 · 1×

For agents

$ claude mcp add kor \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact