Show HN: K8s Cleaner – Roomba for Kubernetes (sveltos.projectsveltos.io)
I'm excited to share K8s Cleaner, a tool designed to help you clean up your Kubernetes clusters.
As Kubernetes environments grow, they often accumulate unused resources, leading to confusion, waste, and clutter. K8s-cleaner simplifies the process of identifying and removing unnecessary components.
The tool scans your Kubernetes clusters for unused or orphaned resources—including pods, services, ingresses, and secrets—and removes them safely. You can fully customize which resources to scan and delete, maintaining complete control over what stays and what goes.
Getting Started:
Visit https://sveltos.projectsveltos.io/k8sCleaner.html and click the "Getting Started" button to try K8s-cleaner.
Key Features:
- Easy to Use: No complex setup or configuration required—perfect for developers and operators alike - Open Source: Modify the code to better fit your specific needs - Community Driven: We welcome your feedback, feature ideas, and bug reports to help improve K8s-cleaner for everyone
I'm here to answer questions, address feedback, and discuss ideas for future improvements.
Looking forward to your thoughts! And make sure your all you kubernetes clusters are sparkling clean for the holidays. :-)
Simone
63 comments
[ 3.6 ms ] story [ 148 ms ] threadK8s-cleaner serves as a helpful safety net to automate the identification and cleanup of these resources, reducing manual overhead and minimizing human error. It allows teams to focus on strategic tasks instead of day-to-day resource management.
So, as a DevOps practitioner myself, I had enough say within the organizations I worked at, who are now clients, and also my other clients, that anything not in a dev environment goes through our GitOps pipeline. Other than the GitOps pipeline, there is zero write access to anything not dev.
If we stop using a resource, we remove a line or two (usually just one) in a manifest file, the GitOps pipeline takes care of the rest.
Not a single thing is unaccounted for, even if indirectly.
That said, the DevOps-in-name-only clowns far outnumber actual DevOps people, and there is no doubt a large market for your product.
edited: added clarity
So a K8s namespace named test02, another named test-featurebranch, and another named staging-featurebranch, all have their own Git branch with whatever Helm, OpenTOFU, etc.
With this pattern, and other patterns, we have a principle "if it's in the Git branch, we intend for it to there, if it's not in the Git branch it can't be there".
We use Helm to apply and remove things -- and we loved version 3 when it came out -- so there's not really any way for anything to linger.
This sounds like experience that’s mainly at small/medium sized orgs. At large orgs the devops/cloud people are constantly under pressure to install random stuff from random vendors. That pressure comes from every direction because every department head (infosec/engineering/data science) is trying to spend huge budgets to justify their own salary/headcount and maintain job security, because it’s harder to fire someone if you’re in the middle of a migrate-to-vendor process they championed, and you’re locked into the vendor contract, etc etc. People also will seek to undermine every reasonable standard about isolation and break down the walls you design between environments so that even QA or QC type vendors want their claws in prod. Best practice or not, You can’t really say no to all of it all the time or it’s perceived as obstructionist.
Thus there’s constant churn of junk you don’t want and don’t need that’s “supposed to be available” everywhere and the list is always changing. Of course in the limit there is crusty unused junk and we barely know what’s running anywhere in clouds or clusters. Regardless of the state of the art with Devops, most orgs are going to have clutter because those orgs are operating in a changing world and without a decisive or even consistent vision of what they want/need.
Two of our clients are large (15,000+ employees, and 22,000+ employees) orgs. Their tech execs are happy with our work, specifically our software delivery pipeline with guard rails and where we emphasize a "Heroku-like experience".
One of their projects needed HiTRUST, and we made it happen for them in under four weeks (no we're not geniuses, we stole the smarts of the AWS DoD-compliant architecture & deployment patterns) and the tone of the execs seemed to change pretty significantly after that.
One of these clients laid off more than half their IT staff suddenly this year.
When I was in individual contributor role in a mid-size (just under 3,000 employees), I wrote my thoughts, "internal whitepaper" or whatever being fully candid about the absurd struggles we were having (why does instantiating a VM take over three weeks?), and sent it to the CTO (and also the CEO, but the CTO didn't know about that) and some things changed pretty quickly.
But yeah, things suck in large orgs, that's why large orgs are outsourcing which is in the most-downstream customers' (the American peoples') best interests too -- a win-win-win all around.
Just outsource.
Outsource to those who do have DevOps people who know what they're doing -- most companies do this already in one form or another.
We (the team I built out since a couple years ago) carve out a new AWS subaccount / GCP Project or bare-metal K8s or whatever the environment is, instantiate our GitOps pipeline, and services get cut-over in order to get supported.
When I was working in individual contributor roles, I managed to "manage upward" enough that I could establish boundaries on what could be supported or not. Yes this did involve a lot of "soft skills" (something I'm capable of doing even though my posts on this board are rather curt).
"Every DevOps job is a political job" rings true.
Do not support incumbent K8s clusters, as a famous -- more like infamous -- radio host used to say on 97.1 FM in the 90s: dump that bitch.
It seems like a tool that can propose a good guess about where you landed is strictly useful and good?
I am very convinced it does not. I think where the apex between our viewpoints lies is what we recognize (or not) as "best" teams.
Hackers would be immediately bifurcated into those who followed that practice and those who are helpless.
This thread is about K8s Pods (and other K8s resources) that have been sitting idle, not memory leaks in software.
As far as "spilling" memory, the problem has already been solved by Rust which does not do garbage collection because it has static memory mapping. Does this mean egregious amounts of memory won't be used by some Rust programs? No. But unlike languages with garbage collection, where Rust is using that memory it is actually doing something with that memory.
Rust makes an interesting and demonstrably pragmatic set of tradeoffs here as opposed to e.g. C/C++: treating std::move as a default (aka linear typing) prevents a lot of leaks. But it still has pointers (Arc, etc.) and it still has tables: it’s still easy to leak in a long-lived process doing interesting things. For a lot of use cases it’s the better default and it’s popular as a result.
But neither Rust nor k8s have solved computer science.
This makes sense for K8s resources that ARE still serving production traffic. But this overall thread is about a tool to remove applications ARE NOT serving production traffic.
> Migrations at large companies can take multiple years
Depends who is in charge and who management considers worth listening to (some of us don't struggle so hard in this area).
> I can install this tool with helm in approximately half a day.
A script I wrote to find unused resources took less than 10 minutes to write.
And it is also the reality that not every infra team gets final say on what operators we have to deploy to our clusters (yet we're stuck cleaning up the messes they leave behind).
edit: yes I see a "dry run" option, which is how I would use it. I also see a "scheduled" option which is probably what you're criticizing. Hard to tell, you're quicker with the insulting than the arguing.
Any reason why you chose this approach over something like a CLI tool you can run on your cluster?
You would need to do that only if you have your own proprietary CRDs or some use case that is not already covered.
More on report: https://gianlucam76.github.io/k8s-cleaner/reports/k8s-cleane...
Because, if you want to have a product to sell out of this (and I guess you do?), your n.1 client will be (IMO) big enterprises, which usually have a lot of cruft in their clusters and go after cost optimizations. But they also usually don't shove manifests in directly, they have at least one solution on top of it that takes care of resources lifecycle. So, IMO, if you want your product to be useful for those kind of customers, this is something that need to be improved.
Kubernetes clutter can quickly become a headache, and having a tool like this to identify and remove unused resources has made my workflow so much smoother.
If you have resources that need to be regularly created and deleted, I feel a cronjob running `kubectl delete -l <your-label-selector>` should be more than enough, and less risker than installing a 3rd party software with cluster wide list/delete permission.
Presumably running some sort of analysis tool in a dry-run mode would help, no?
And most of the times, when it is a shared cluster, you don't even know what else is being deployed.
Useful project nevertheless!