kube-sherlock
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode
.gitignore
README.md
azure-pipelines.yml
config.yaml
dockerfile
go.mod
go.sum
kube-sherlock.go
kube-sherlock.yaml
service-account.yaml

README.md

Build Status

kube-sherlock

kube-sherlock lists all pods which do not have the labels listed in the config.yaml file.

The default config.yaml values are:

labels:
  - "app.kubernetes.io/name"
  - "app.kubernetes.io/instance"
  - "app.kubernetes.io/version"
  - "app.kubernetes.io/component"
  - "app.kubernetes.io/part-of"
  - "app.kubernetes.io/managed-by"

It's also possible to specify the namespaces you want to scan in the config.yaml:

namespaces:
  - default
labels:
  - "app.kubernetes.io/name"
  - "app.kubernetes.io/instance"
  - "app.kubernetes.io/version"
  - "app.kubernetes.io/component"
  - "app.kubernetes.io/part-of"
  - "app.kubernetes.io/managed-by"

Running in a Kubernetes cluster without RBAC enabled

kubectl run --rm -i -t kube-sherlock --image=cmendibl3/kube-sherlock:0.1 --restart=Never

Running in a Kubernetes cluster with RBAC enabled

kubectl apply -f service-account.yaml
kubectl run --rm -i -t kube-sherlock --image=cmendibl3/kube-sherlock:0.1 --restart=Never --overrides='{ \"apiVersion\": \"v1\", \"spec\": { \"serviceAccountName\": \"kube-sherlock\" } }'

Sample results

+------------------------------+-------------+-----------------------------------------------------------------+
|            LABEL             |  NAMESPACE  |                            POD NAME                             |
+------------------------------+-------------+-----------------------------------------------------------------+
| app.kubernetes.io/version    | default     | mypod                                                           |
+                              +-------------+-----------------------------------------------------------------+
|                              | kube-system | aci-connector-linux-79b768b6d6-fhb9d                            |
+                              +             +-----------------------------------------------------------------+
|                              |             | addon-http-application-routing-default-http-backend-5ccb95j9dgb |