This project introduces a custom CRD designed to enhance cluster safety by tracking objects that are updated or removed from your Kubernetes Cluster. It acts as a recycle bin, ensuring that deleted or modified items are temporarily (based on configuration) stored to be udited or recovered. [WIP]
1 - Tracks deletions and updates across the cluster.
2 - Provides a sort of "Recycle Bin" for Kubernetes resources.
3 - Cli plugin to interact with the trashedresources (restore or prune) via kubectl.
kubectl apply -f https://raw.githubusercontent.com/oliveiraxavier/trashed-resources-k8s-crd/1.0.1/dist/install.yamlBy default, the configmap is:
apiVersion: v1
kind: ConfigMap
metadata:
name: trashed-resources-trashedresources-config
namespace: trashed-resources-system
data:
actionsToObserve: delete #or update
kindsToObserve: Deployment; Secret; ConfigMap
namespacesToIgnore: istio-system; kube-node-lease; kube-public; kube-system
daysToKeep: "0"
hoursToKeep: "0"
minutesToKeep: "10"You must configure it according to your scenario. Restart controller pod after change this configmap.
Eg. After delete a deployment, a new trashed resource is generated. The generated trashedresource name is composed of the "trashed-action + resource type + resource name + date + time" (eg. trashed-deleted-deployment-nginx-20260301-230159 or trashed-updated-deployment-nginx-20260301-230159)
1 - With curl
curl https://raw.githubusercontent.com/oliveiraxavier/trashed-resources-k8s-crd/1.0.1/bin/kubectl-trashedresources \
-O --output-dir ~/.local/bin- Add it to your path if necessary
echo -e '\nexport PATH=~/.local/bin:$PATH' >> ~/.bashrc2 - From source
make createcmdbin
export PATH=$PATH:$(pwd)/bin
# Or set in your ~/.bashrc (Linux)
echo export PATH=$PATH:$(pwd)/bin >> ~/.bashrc
# Or set in your ~/.bashrc (Mac)
echo export PATH=$PATH:$(pwd)/bin >> ~/.zshrc# For trashed-resource named trashed-deleted-deployment-nginx-deployment-20260301-230159
kubectl trashedresources prune --name trashed-deleted-deployment-nginx-deployment-20260301-230159 --namespace default
# For trashed-resource named trashed-deleted-deployment-nginx-deployment-20260301-230159 and age older than 12 minutes
kubectl trashedresources prune --name trashed-deleted-deployment-nginx-deployment-20260301-230159 --older-than 12m --namespace default
# For trashed-resource named trashed-deleted-deployment-nginx-deployment-20260301-230159 and age older than 1 hour
kubectl trashedresources prune --name trashed-deleted-deployment-nginx-deployment-20260301-230159 --older-than 1h --namespace default
# For trashed-resource named trashed-deleted-deployment-nginx-deployment-20260301-230159 and age older than 1 day
kubectl trashedresources prune --name trashed-deleted-deployment-nginx-deployment-20260301-230159 --older-than 1d --namespace default
# For all trashed-resources in the cluster with age older than 1 day
kubectl trashedresources prune --older-than 1d --namespace default- go version v1.26.1
- docker version 29.3.0+.
- kubectl version v1.32.0+.
- Access to a Kubernetes v1.11.3+ cluster.
make runBuild and push your image to the location specified by IMG:
make docker-build docker-push IMG=<some-registry>/trashed-resources-controller:tagNOTE: This image ought to be published in the personal registry you specified. And it is required to have access to pull the image from the working environment. Make sure you have the proper permission to the registry if the above commands don’t work.
Install the CRDs into the cluster:
make installDeploy the Manager to the cluster with the image specified by IMG:
make deploy IMG=<some-registry>/trashed-resources-controller:tagNOTE: If you encounter RBAC errors, you may need to grant yourself cluster-admin privileges or be logged in as admin.
Create instances of your solution You can apply the samples (examples) from the config/sample:
kubectl apply -k config/samples/NOTE: Ensure that the samples has default values to test it out.
Delete the instances (CRs) from the cluster:
kubectl delete -k config/samples/Delete the APIs(CRDs) from the cluster:
make uninstallUnDeploy the controller from the cluster:
make undeployFollowing the options to release and provide this solution to the users.
- Build the installer for the image built and published in the registry:
make build-installer IMG=<some-registry>/trashed-resources:tagNOTE: The makefile target mentioned above generates an 'install.yaml' file in the dist directory. This file contains all the resources built with Kustomize, which are necessary to install this project without its dependencies.
1 - Build the chart using the optional helm plugin
kubebuilder edit --plugins=helm/v1-alpha2 - See that a chart was generated under 'dist/chart', and users can obtain this solution from there.
NOTE: If you change the project, you need to update the Helm Chart using the same command above to sync the latest changes. Furthermore, if you create webhooks, you need to use the above command with the '--force' flag and manually ensure that any custom configuration previously added to 'dist/chart/values.yaml' or 'dist/chart/manager/manager.yaml' is manually re-applied afterwards.
// TODO(user): Add detailed information on how you would like others to contribute to this project
NOTE: Run make help for more information on all potential make targets
More information can be found via the Kubebuilder Documentation
Copyright 2026.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.