Split scripts

etiennetremel · etiennetremel · commit 7ab0920a7a23 · 2019-06-14T17:39:24.000+02:00
diff --git a/README.md b/README.md
@@ -3,25 +3,49 @@ Kubectl plugins
 
 > Kubectl plugins repository.
 
-|        plugin       | description |
-|---------------------|-------------|
-| prune               | Delete secrets or configmaps that are not being used in a given namespace. It checks from mounted volumes, env, envFrom and imagePullSecrets.
+|        plugin    | description |
+|------------------|-------------|
+| prune-configmaps | Delete configmaps that are not being used in a given namespace. It checks against all resources from mounted volumes, env and envFrom.
+| prune-secrets    | Delete secrets that are not being used in a given namespace. It checks against all resources from mounted volumes, env, envFrom and imagePullSecrets.
 
 ## Getting started
 
 Install [krew](https://krew.dev) to manage Kubectl plugins. Refer to the
 [Krew documentation](https://krew.dev) to get started.
 
 ```bash
-# install the prune plugin
-$ kubectl krew install prune
+# install the prune-configmaps and prune-secrets plugins
+$ kubectl krew install prune-configmaps
+$ kubectl krew install prune-secrets
+```
+
+### Prune configmaps usage
+
+```bash
+$ kubectl prune-configmaps -h
+Delete configmaps that are not being used in a given namespace. It
+checks against all resources from mounted volumes, env and envFrom.
+
+Usage:
+    kubectl prune-configmaps [options]
 
-# usage
-$ kubectl prune <resource type> <namespace>
+Options:
+    -n, --namespace='': If present, the namespace scope for this CLI request
+    -h, --help='': Deplay this help
+```
+
+### prune-secrets usage
+
+```bash
+$ kubectl prune-secrets -h
+Delete secrets that are not being used in a given namespace. It
+checks against all resources from mounted volumes, env, envFrom and
+imagePullSecrets.
 
-# delete unused secrets
-$ kubectl prune secrets my-namespace
+Usage:
+    kubectl prune-secrets [options]
 
-# delete unused configmaps
-$ kubectl prune configmaps my-namespace
+Options:
+    -n, --namespace='': If present, the namespace scope for this CLI request
+    -h, --help='': Deplay this help
 ```
diff --git a/prune/kubectl-prune-configmaps.sh b/prune/kubectl-prune-configmaps.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+# Delete unused configmaps by checking references from env, envFrom and volumes.
+
+set -e
+
+namespace_arg=""
+while test $# -gt 0
+do
+  case "$1" in
+    -n|--namespace)
+      shift
+      namespace_arg="--namespace=$1"
+      shift
+      ;;
+    -h|--help)
+      echo "Delete configmaps that are not being used in a given namespace. It"
+      echo "checks against all resources from mounted volumes, env and envFrom."
+      echo ""
+      echo "Usage:"
+      echo "    kubectl prune-configmaps [options]"
+      echo ""
+      echo "Options:"
+      echo "    -n, --namespace='': If present, the namespace scope for this CLI request"
+      echo "    -h, --help='': Deplay this help"
+      exit 0
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+declare -a pod_field_list=(
+  "containers[*].envFrom[*].configMapRef.name"
+  "containers[*].env[*].valueFrom.configMapKeyRef.name"
+  "initContainers[*].envFrom[*].configMapRef.name"
+  "initContainers[*].env[*].valueFrom.configMapKeyRef.name"
+  "volumes[*].configMap.name"
+)
+
+for field in ${pod_field_list[@]}
+do
+  cronjob_resources=$(kubectl get cronjobs $namespace_arg \
+      -o jsonpath='{.items[*].spec.jobTemplate.spec.template.spec.'${field}'}')
+  deploy_resources=$(kubectl get deploy $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  job_resources=$(kubectl get jobs $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  pod_resources=$(kubectl get pods $namespace_arg \
+      -o jsonpath='{.items[*].spec.'${field}'}')
+  rs_resources=$(kubectl get rs $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  rc_resources=$(kubectl get rc $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  sts_resources=$(kubectl get sts $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+
+  resources=$(echo "
+    ${cronjob_resources}
+    ${deploy_resources}
+    ${job_resources}
+    ${pod_resources}
+    ${rc_resources}
+    ${rs_resources}
+    ${sts_resources}
+  " | xargs -n1 | uniq)
+
+  used_resources="${used_resources} ${resources}"
+done
+
+# get all configmaps
+available_resources=$(kubectl get configmaps $namespace_arg \
+  -o jsonpath='{.items[*].metadata.name}' | xargs -n1 | uniq)
+
+# only keep unused configmaps
+resource_name_list=""
+for available_name in $available_resources
+do
+  delete=true
+  for resource_name in $used_resources
+  do
+    if [ "$available_name" == "$resource_name" ]
+    then
+      delete=false
+      break
+    fi
+  done
+
+  if [ "$delete" == "true" ]
+  then
+    resource_name_list="${available_name} ${resource_name_list}"
+  fi
+done
+
+if [ "$resource_name_list" == "" ]
+then
+  echo "No resource found."
+  exit 0
+fi
+
+echo "About to delete the following configMaps: ${resource_name_list}"
+
+# confirmation prompt
+read -p "Delete listed resources? (yes/no): " -r
+if [[ $REPLY =~ ^[Yy]es$ ]]
+then
+  for resource_name in $resource_name_list
+  do
+    kubectl delete configmap $resource_name $namespace_arg
+  done
+fi
diff --git a/prune/kubectl-prune-secrets.sh b/prune/kubectl-prune-secrets.sh
@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+# Delete unused secrets by checking references from env, envFrom, volumes and
+# imagePullSecrets.
+
+set -e
+
+namespace_arg=""
+while test $# -gt 0
+do
+  case "$1" in
+    -n|--namespace)
+      shift
+      namespace_arg="--namespace=$1"
+      shift
+      ;;
+    -h|--help)
+      echo "Delete secrets that are not being used in a given namespace. It "
+      echo "checks against all resources from mounted volumes, env, envFrom and"
+      echo "imagePullSecrets."
+      echo ""
+      echo "Usage:"
+      echo "    kubectl prune-secrets [options]"
+      echo ""
+      echo "Options:"
+      echo "    -n, --namespace='': If present, the namespace scope for this CLI request"
+      echo "    -h, --help='': Deplay this help"
+      exit 0
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+declare -a pod_field_list=(
+  "containers[*].envFrom[*].secretRef.name"
+  "containers[*].env[*].valueFrom.secretKeyRef.name"
+  "imagePullSecrets[*].name"
+  "initContainers[*].envFrom[*].secretRef.name"
+  "initContainers[*].env[*].valueFrom.secretKeyRef.name"
+  "volumes[*].secret.secretName"
+)
+
+for field in ${pod_field_list[@]}
+do
+  cronjob_resources=$(kubectl get cronjobs $namespace_arg \
+      -o jsonpath='{.items[*].spec.jobTemplate.spec.template.spec.'${field}'}')
+  deploy_resources=$(kubectl get deploy $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  job_resources=$(kubectl get jobs $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  pod_resources=$(kubectl get pods $namespace_arg \
+      -o jsonpath='{.items[*].spec.'${field}'}')
+  rs_resources=$(kubectl get rs $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  rc_resources=$(kubectl get rc $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+  sts_resources=$(kubectl get sts $namespace_arg \
+      -o jsonpath='{.items[*].spec.template.spec.'${field}'}')
+
+  resources=$(echo "
+    ${cronjob_resources}
+    ${deploy_resources}
+    ${job_resources}
+    ${pod_resources}
+    ${rc_resources}
+    ${rs_resources}
+    ${sts_resources}
+  " | xargs -n1 | uniq)
+
+  used_resources="${used_resources} ${resources}"
+done
+
+# get all secrets
+available_resources=$(kubectl get secrets $namespace_arg \
+  -o jsonpath='{.items[*].metadata.name}' | xargs -n1 | uniq)
+
+# only keep unused secrets
+resource_name_list=""
+for available_name in $available_resources
+do
+  delete=true
+  for resource_name in $used_resources
+  do
+    if [ "$available_name" == "$resource_name" ]
+    then
+      delete=false
+      break
+    fi
+  done
+
+  if [ "$delete" == "true" ]
+  then
+    resource_name_list="${available_name} ${resource_name_list}"
+  fi
+done
+
+if [ "$resource_name_list" == "" ]
+then
+  echo "No resource found."
+  exit 0
+fi
+
+echo "About to delete the following secrets: ${resource_name_list}"
+
+# confirmation prompt
+read -p "Delete listed resources? (yes/no): " -r
+if [[ $REPLY =~ ^[Yy]es$ ]]
+then
+  for resource_name in $resource_name_list
+  do
+    kubectl delete secret $resource_name $namespace_arg
+  done
+fi
diff --git a/prune/kubectl-prune.sh b/prune/kubectl-prune.sh
