From 0e1184c5e5ddaa25a06999f609304771d7c06389 Mon Sep 17 00:00:00 2001 From: Henry Whitaker Date: Thu, 27 Jul 2023 23:31:31 +0100 Subject: [PATCH 1/4] added k3s and longhorn exclusion bundles (incomplete) --- charts/argo-zombies/Chart.yaml | 4 +- charts/argo-zombies/templates/configmap.yaml | 2 + charts/argo-zombies/values.yaml | 1 + cmd/root.go | 2 +- internal/config/bundles.go | 8 + internal/config/config.go | 32 +++ internal/config/exclusions.go | 1 + internal/config/k3s.go | 208 +++++++++++++++++++ internal/config/longhorn.go | 174 ++++++++++++++++ internal/detector/filters.go | 13 +- 10 files changed, 441 insertions(+), 4 deletions(-) create mode 100644 internal/config/bundles.go create mode 100644 internal/config/k3s.go create mode 100644 internal/config/longhorn.go diff --git a/charts/argo-zombies/Chart.yaml b/charts/argo-zombies/Chart.yaml index 57bc34f..9482a47 100644 --- a/charts/argo-zombies/Chart.yaml +++ b/charts/argo-zombies/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.2" +appVersion: "0.1.3" diff --git a/charts/argo-zombies/templates/configmap.yaml b/charts/argo-zombies/templates/configmap.yaml index 59ab60b..94f22ac 100644 --- a/charts/argo-zombies/templates/configmap.yaml +++ b/charts/argo-zombies/templates/configmap.yaml @@ -17,3 +17,5 @@ data: {{- .Values.config.exclusions.selectors | toYaml | nindent 8 }} gvrs: {{- .Values.config.exclusions.gvrs | toYaml | nindent 8 }} + bundles: + {{- .Values.config.exclusions.bundles | toYaml | nindent 8 }} diff --git a/charts/argo-zombies/values.yaml b/charts/argo-zombies/values.yaml index 72c4e16..8a690a9 100644 --- a/charts/argo-zombies/values.yaml +++ b/charts/argo-zombies/values.yaml @@ -45,3 +45,4 @@ config: gvrs: [] resources: [] selectors: [] + bundles: [] diff --git a/cmd/root.go b/cmd/root.go index 3698b0b..c288e29 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -13,7 +13,7 @@ import ( var rootCmd = &cobra.Command{ Use: "argo-zombies", Short: "Find kubernetes resources which are not managed by ArgoCD", - Version: "0.1.2", + Version: "0.1.3", // Uncomment the following line if your bare application // has an action associated with it: // Run: func(cmd *cobra.Command, args []string) { }, diff --git a/internal/config/bundles.go b/internal/config/bundles.go new file mode 100644 index 0000000..2ababde --- /dev/null +++ b/internal/config/bundles.go @@ -0,0 +1,8 @@ +package config + +type bundleFunc func() Exclusions + +var bundles map[string]bundleFunc = map[string]bundleFunc{ + "k3s": k3sBundle(), + "longhorn": longhornBundle(), +} diff --git a/internal/config/config.go b/internal/config/config.go index 47f9f3e..caea608 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -33,6 +33,8 @@ func LoadConfig(path string) error { return err } + Cfg.addBundles() + return nil } @@ -43,6 +45,36 @@ func (c *Config) setDefaults() { Namespaces: []string{}, Selectors: []ExcludedMetadata{}, GroupVersionResources: []ExcludedGroupVersionResource{}, + Bundles: []string{}, } } } + +func (c *Config) addBundles() { + for _, bundle := range c.Exclusions.Bundles { + if f, valid := bundles[bundle]; valid { + excls := f() + + c.mergeResources(excls.Resources) + c.mergeNamespaces(excls.Namespaces) + c.mergeSelectors(excls.Selectors) + c.mergeGroupVersionResources(excls.GroupVersionResources) + } + } +} + +func (c *Config) mergeResources(r []ExcludedResource) { + c.Exclusions.Resources = append(c.Exclusions.Resources, r...) +} + +func (c *Config) mergeNamespaces(ns []string) { + c.Exclusions.Namespaces = append(c.Exclusions.Namespaces, ns...) +} + +func (c *Config) mergeSelectors(s []ExcludedMetadata) { + c.Exclusions.Selectors = append(c.Exclusions.Selectors, s...) +} + +func (c *Config) mergeGroupVersionResources(g []ExcludedGroupVersionResource) { + c.Exclusions.GroupVersionResources = append(c.Exclusions.GroupVersionResources, g...) +} diff --git a/internal/config/exclusions.go b/internal/config/exclusions.go index fe56321..7f36170 100644 --- a/internal/config/exclusions.go +++ b/internal/config/exclusions.go @@ -5,6 +5,7 @@ type Exclusions struct { Namespaces []string `yaml:"namespaces"` Selectors []ExcludedMetadata `yaml:"selectors"` GroupVersionResources []ExcludedGroupVersionResource `yaml:"gvrs"` + Bundles []string `yaml:"bundles"` } type ExcludedResource struct { diff --git a/internal/config/k3s.go b/internal/config/k3s.go new file mode 100644 index 0000000..02d6ad4 --- /dev/null +++ b/internal/config/k3s.go @@ -0,0 +1,208 @@ +package config + +// Add exclusions for k3s resources +func k3sBundle() bundleFunc { + return func() Exclusions { + e := Exclusions{ + Resources: []ExcludedResource{ + { + Name: "attachdetach-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "certificate-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "clusterrole-aggregation-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "coredns", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "cronjob-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "daemon-set-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "deployment-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "disruption-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "endpoint-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "endpointslice-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "endpointslicemirroring-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "ephemeral-volume-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "expand-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "generic-garbage-collector", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "horizontal-pod-autoscaler", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "job-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "Namespace-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "node-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "persistent-volume-binder", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "pod-garbage-collector", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "pv-protection-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "pvc-protection-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "replicaset-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "replication-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "resourcequota-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "root-ca-cert-publisher", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "service-account-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "statefulset-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "token-cleaner", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "ttl-after-finished-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: "ttl-controller", + Namespace: "kube-system", + Kind: "ServiceAccount", + Version: "v1", + }, + { + Name: ".*node-password.k3s", + Namespace: "kube-system", + Kind: "Secret", + Version: "v1", + }, + }, + GroupVersionResources: []ExcludedGroupVersionResource{}, + Namespaces: []string{}, + Selectors: []ExcludedMetadata{}, + } + + return e + } +} diff --git a/internal/config/longhorn.go b/internal/config/longhorn.go new file mode 100644 index 0000000..45033a3 --- /dev/null +++ b/internal/config/longhorn.go @@ -0,0 +1,174 @@ +package config + +func longhornBundle() bundleFunc { + return func() Exclusions { + longhorn := Exclusions{ + GroupVersionResources: []ExcludedGroupVersionResource{ + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "backingimages", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "backingimages", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "backups", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "backups", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "backuptargets", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "backuptargets", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "backupvolumes", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "backupvolumes", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "engineimages", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "engineimages", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "engines", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "engines", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "instancemanagers", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "instancemanagers", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "nodes", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "nodes", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "orphans", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "recurringjobs", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "recurringjobs", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "replicas", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "replicas", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "settings", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "settings", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "sharemanagers", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "sharemanagers", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "snapshots", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "supportbundles", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "systembackups", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "systemrestores", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "volumeattachments", + }, + { + Group: "longhorn.io", + Version: "v1beta1", + Resource: "volumes", + }, + { + Group: "longhorn.io", + Version: "v1beta2", + Resource: "volumes", + }, + }, + Namespaces: []string{}, + Selectors: []ExcludedMetadata{}, + } + + return longhorn + } +} diff --git a/internal/detector/filters.go b/internal/detector/filters.go index 1a9e8dd..5317564 100644 --- a/internal/detector/filters.go +++ b/internal/detector/filters.go @@ -1,6 +1,8 @@ package detector import ( + "regexp" + "github.com/henrywhitaker3/argo-zombies/internal/config" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) @@ -155,5 +157,14 @@ func resourceMatchesAPIVersionKind(version, kind string, item unstructured.Unstr } func resourceMatchesName(name string, item unstructured.Unstructured) bool { - return item.GetName() == name + if item.GetName() == name { + return true + } + + match, err := regexp.MatchString(`^`+name+`$`, item.GetName()) + if err != nil { + return false + } + + return match } From 4a9fdf2ed3e4076b8d369d631597cd17e1ca6beb Mon Sep 17 00:00:00 2001 From: Henry Whitaker Date: Thu, 27 Jul 2023 23:38:43 +0100 Subject: [PATCH 2/4] update longhorn exclusions bundle --- internal/config/k3s.go | 2 +- internal/config/longhorn.go | 97 +++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) diff --git a/internal/config/k3s.go b/internal/config/k3s.go index 02d6ad4..834a33b 100644 --- a/internal/config/k3s.go +++ b/internal/config/k3s.go @@ -102,7 +102,7 @@ func k3sBundle() bundleFunc { Version: "v1", }, { - Name: "Namespace-controller", + Name: "namespace-controller", Namespace: "kube-system", Kind: "ServiceAccount", Version: "v1", diff --git a/internal/config/longhorn.go b/internal/config/longhorn.go index 45033a3..7031b5b 100644 --- a/internal/config/longhorn.go +++ b/internal/config/longhorn.go @@ -167,6 +167,103 @@ func longhornBundle() bundleFunc { }, Namespaces: []string{}, Selectors: []ExcludedMetadata{}, + Resources: []ExcludedResource{ + { + Name: "csi-attacher", + Namespace: "longhorn-system", + Kind: "Service", + Version: "v1", + }, + { + Name: "csi-provisioner", + Namespace: "longhorn-system", + Kind: "Service", + Version: "v1", + }, + { + Name: "csi-resizer", + Namespace: "longhorn-system", + Kind: "Service", + Version: "v1", + }, + { + Name: "csi-snapshotter", + Namespace: "longhorn-system", + Kind: "Service", + Version: "v1", + }, + { + Name: "csi-attacher", + Namespace: "longhorn-system", + Kind: "Deployment", + Version: "apps/v1", + }, + { + Name: "csi-provisioner", + Namespace: "longhorn-system", + Kind: "Deployment", + Version: "apps/v1", + }, + { + Name: "csi-resizer", + Namespace: "longhorn-system", + Kind: "Deployment", + Version: "apps/v1", + }, + { + Name: "csi-snapshotter", + Namespace: "longhorn-system", + Kind: "Deployment", + Version: "apps/v1", + }, + { + Name: "csi-attacher", + Namespace: "longhorn-system", + Kind: "PodDisruptionBudget", + Version: "policy/v1", + }, + { + Name: "csi-provisioner", + Namespace: "longhorn-system", + Kind: "PodDisruptionBudget", + Version: "policy/v1", + }, + { + Name: "instance-manager-.*", + Namespace: "longhorn-system", + Kind: "PodDisruptionBudget", + Version: "policy/v1", + }, + { + Name: "longhorn-csi-plugin", + Namespace: "longhorn-system", + Kind: "DaemonSet", + Version: "apps/v1", + }, + { + Name: "longhorn-webhook-ca", + Namespace: "longhorn-system", + Kind: "Secret", + Version: "v1", + }, + { + Name: "longhorn-webhook-tls", + Namespace: "longhorn-system", + Kind: "Secret", + Version: "v1", + }, + { + Name: "recovery-backend-share-manager-.*", + Namespace: "longhorn-system", + Kind: "ConfigMap", + Version: "v1", + }, + { + Name: "driver.longhorn.io", + Kind: "CSIDriver", + Version: "storage.k8s.io/v1", + }, + }, } return longhorn From e10edf43c61dafd20f551aca01b3eddf00c460c4 Mon Sep 17 00:00:00 2001 From: Henry Whitaker Date: Thu, 27 Jul 2023 23:52:01 +0100 Subject: [PATCH 3/4] added more rules --- internal/config/k3s.go | 22 +++++++++++++++++++--- internal/config/longhorn.go | 5 +++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/internal/config/k3s.go b/internal/config/k3s.go index 834a33b..ce012c1 100644 --- a/internal/config/k3s.go +++ b/internal/config/k3s.go @@ -198,9 +198,25 @@ func k3sBundle() bundleFunc { Version: "v1", }, }, - GroupVersionResources: []ExcludedGroupVersionResource{}, - Namespaces: []string{}, - Selectors: []ExcludedMetadata{}, + GroupVersionResources: []ExcludedGroupVersionResource{ + { + Group: "k3s.cattle.io", + Version: "v1", + Resource: "addons", + }, + { + Group: "helm.cattle.io", + Version: "v1", + Resource: "helmchartconfigs", + }, + { + Group: "helm.cattle.io", + Version: "v1", + Resource: "helmcharts", + }, + }, + Namespaces: []string{}, + Selectors: []ExcludedMetadata{}, } return e diff --git a/internal/config/longhorn.go b/internal/config/longhorn.go index 7031b5b..91ec6b8 100644 --- a/internal/config/longhorn.go +++ b/internal/config/longhorn.go @@ -263,6 +263,11 @@ func longhornBundle() bundleFunc { Kind: "CSIDriver", Version: "storage.k8s.io/v1", }, + { + Name: "longhorn", + Kind: "StorageClass", + Version: "storage.k8s.io/v1", + }, }, } From cbb70d8f542f936c765c1414ec5df9f298ddd756 Mon Sep 17 00:00:00 2001 From: Henry Whitaker Date: Fri, 28 Jul 2023 01:33:12 +0100 Subject: [PATCH 4/4] update hcr --- .cr.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.cr.yaml b/.cr.yaml index 9106e30..e16284d 100644 --- a/.cr.yaml +++ b/.cr.yaml @@ -1 +1,2 @@ release-name-template: "{{ .Name }}-chart-{{ .Version }}" +make-release-latest: "false"