Skip to content

AleksanderWWW/kube-dangler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 

Repository files navigation

kube-dangler: K8s Orphaned Pod Finder

Minimal CLI to list potentially dangling (attached to no Service) Pods in Kubernetes

Designed for Site Reliability Engineers (SREs) to identify "dangling" Pods—containers that are running and consuming resources but are not targeted by any Kubernetes Service.

This tool helps you identify:

  • Stranded Deployments: Services deleted without removing the underlying Deployment.
  • Label Mismatches: Pods that aren't receiving traffic because their labels don't match the Service selector.
  • Leaked Pods: Standalone pods created manually or by older operator versions that were never cleaned up.

Features

  • Context-Aware: Automatically detects if it's running inside a cluster (using In-Cluster config) or locally (using ~/.kube/config).
  • Noise Reduction: Automatically ignores Pods owned by Jobs (which are naturally service-less).
  • Namespace Scoping: Filter by a specific namespace or scan the entire cluster.
  • Safety First: Kube-* namespaces (e.g. kube-system, kube-public etc.) excluded from search by default.
  • Flexibility Use a special annotation to exclude pods from being listed by the tool.

Installation

Build from source:

git clone https://github.com/AleksanderWWW/kube-dangler.git

cd kube-dangler

go build -o kubedangler main.go

./kubedangler --help

From Github Releases:

export TAG="0.1.0"

wget https://github.com/AleksanderWWW/kube-dangler/releases/download/${TAG}/kubedangler-${TAG}.tar.gz

tar -xzf kubedangler-${TAG}.tar.gz

chmod +x kubedangler

./kubedangler --help

Expected output:

$ ./kubedangler --help
NAME:
   kubedangler - find potentially dangling Pods (attached to no Service)

USAGE:
   kubedangler [global options]

GLOBAL OPTIONS:
   --namespace string, -n string  namespace to check for dangling pods (default: look through all namespaces)
   --min-age duration             minimal age of potentially dangling pods (default: 1h0m0s)
   --include-kube-ns              whether to also include checking the kube namespaces
   --version                      print version number and exit
   --fail-on-found                whether to return non-zero exit code when (potentially) dangling pods are found
   --help, -h                     show help

Exclude pods from being listed

If you have pods you know are not attached to any service and want to exclude them from being reported by kube-dangler, add the following annotation to pod's metadata:

spec:
  metadata:
    annotations:
      kubedangler/skip: "true"

Note that this needs to be the annotation of the pod, and not the deployment.

Fail on finding (potentially) dangling pods

Adding --fail-on-found flag to the kubedangler command causes the program to return a non-zero exit code if any service-less pod is found. This is useful for implementing a CI pipeline (e.g. in GitHub Actions) that audits a namespace (or an entire cluster) and alerts on presence of potentially wasteful resources. It is adviced to combine it with the skip annotation to avert false-positives from workloads you expect to have no service attached.

About

Minimal CLI to list potentially dangling (attached to no Service) Pods in Kubernetes

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Initial release Latest
Mar 6, 2026

Packages

 
 
 

Contributors

Languages