{"id":13687788,"url":"https://github.com/raffis/gitops-zombies","last_synced_at":"2025-04-06T08:13:48.701Z","repository":{"id":60983557,"uuid":"546586476","full_name":"raffis/gitops-zombies","owner":"raffis","description":"Identify kubernetes resources which are not managed by GitOps","archived":false,"fork":false,"pushed_at":"2025-03-15T09:16:11.000Z","size":594,"stargazers_count":100,"open_issues_count":13,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-30T06:11:08.649Z","etag":null,"topics":["cli","drift-detection","flux","flux2","gitops","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raffis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-06T10:10:29.000Z","updated_at":"2025-02-27T15:31:30.000Z","dependencies_parsed_at":"2024-05-18T13:22:48.384Z","dependency_job_id":"719ad50a-21aa-4f31-b646-904f0cfce660","html_url":"https://github.com/raffis/gitops-zombies","commit_stats":{"total_commits":108,"total_committers":6,"mean_commits":18.0,"dds":0.5555555555555556,"last_synced_commit":"fd02abe41aff000a89eade334eea168797dfa64f"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raffis%2Fgitops-zombies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raffis%2Fgitops-zombies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raffis%2Fgitops-zombies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raffis%2Fgitops-zombies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raffis","download_url":"https://codeload.github.com/raffis/gitops-zombies/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247451665,"owners_count":20940944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","drift-detection","flux","flux2","gitops","kubernetes"],"created_at":"2024-08-02T15:01:00.605Z","updated_at":"2025-04-06T08:13:48.663Z","avatar_url":"https://github.com/raffis.png","language":"Go","funding_links":[],"categories":["cli","kubernetes"],"sub_categories":[],"readme":"# GitOps zombies\n\n![Release](https://img.shields.io/github/v/release/raffis/gitops-zombies)\n[![release](https://github.com/raffis/gitops-zombies/actions/workflows/release.yaml/badge.svg)](https://github.com/raffis/gitops-zombies/actions/workflows/release.yaml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/raffis/gitops-zombies)](https://goreportcard.com/report/github.com/raffis/gitops-zombies)\n[![Coverage Status](https://coveralls.io/repos/github/raffis/gitops-zombies/badge.svg?branch=main)](https://coveralls.io/github/raffis/gitops-zombies?branch=main)\n\nThis simple tool will help you find kubernetes resources which are not managed via GitOps (flux2).\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/raffis/gitops-zombies/blob/main/assets/logo.png?raw=true\" alt=\"logo\"/\u003e\u003c/p\u003e\n\n## How does it work?\n\ngitops-zombies discovers all apis installed on a cluster and identify resources which are not part of a Kustomization or a HelmRelease.\nIt also acknowledges the following facts:\n\n* Ignores resources which are owned by a parent resource (For example pods which are created by a deployment)\n* Ignores resources which are considered dynamic (metrics, leases, events, endpoints, ...)\n* Filter out resources which are created by the apiserver itself (like default rbacs)\n* Filters secrets which are managed by other parties including helm or ServiceAccount tokens\n* Checks if the referenced HelmRelease or Kustomization exists\n* Checks if resources are still part of the kustomization inventory\n* Supports cross cluster kustomizations\n\n\n## How do I install it?\n\n```\nbrew tap raffis/gitops-zombies\nbrew install gitops-zombies\n```\n\n## How to use\n\n```\ngitops-zombies\n```\n\nA more advanced call might include a filter like the following to exclude certain resources which are considered dynamic (besides the builtin exclusions):\n```\ngitops-zombies --context staging -l app.kubernetes.io/managed-by!=kops,app.kubernetes.io/name!=velero,io.cilium.k8s.policy.cluster!=default\n```\n\nAlso you might want to exclude some specific resources based on their names. It can be achieved through YAML configuration:\n```yaml\n---\napiVersion: gitopszombies/v1\nkind: Config\nexcludeResources:\n- name: default\n apiVersion: v1\n kind: ServiceAccount\n- name: velero-capi-backup-.*\n namespace: velero\n apiVersion: velero.io/v1\n kind: Backup\n cluster: management\n```\n\n## CLI reference\n\n```\nFinds all kubernetes resources from all installed apis on a kubernetes cluste and evaluates whether they are managed by a flux kustomization or a helmrelease.\n\nUsage:\n gitops-zombies [flags]\n\nFlags:\n --add_dir_header If true, adds the file directory to the header of the log messages\n --alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)\n --as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace.\n --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.\n --as-uid string UID to impersonate for the operation.\n --cache-dir string Default cache directory (default \"~/.kube/cache\")\n --certificate-authority string Path to a cert file for the certificate authority\n --client-certificate string Path to a client certificate file for TLS\n --client-key string Path to a client key file for TLS\n --cluster string The name of the kubeconfig cluster to use\n --config string Config file (default \"~/.gitops-zombies.yaml\")\n --context string The name of the kubeconfig context to use\n --disable-compression If true, opt-out of response compression for all requests to the server\n --exclude-cluster strings Exclude cluster from zombie detection (default none)\n --fail Exit with an exit code \u003e 0 if zombies are detected\n -h, --help help for gitops-zombies\n -a, --include-all Includes resources which are considered dynamic resources\n --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure\n --kubeconfig string Path to the kubeconfig file to use for CLI requests.\n --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)\n --log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)\n --log_file string If non-empty, use this log file (no effect when -logtostderr=true)\n --log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)\n --logtostderr log to standard error instead of files (default true)\n -n, --namespace string If present, the namespace scope for this CLI request\n --no-stream Display discovered resources at the end instead of live\n --one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)\n -o, --output string Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file, custom-columns, custom-columns-file, wide). See custom columns [https://kubernetes.io/docs/reference/kubectl/overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [https://kubernetes.io/docs/reference/kubectl/jsonpath/].\n --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default \"0\")\n -l, --selector string Label selector (Is used for all apis)\n -s, --server string The address and port of the Kubernetes API server\n --skip_headers If true, avoid header prefixes in the log messages\n --skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)\n --stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)\n --tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used\n --token string Bearer token for authentication to the API server\n --user string The name of the kubeconfig user to use\n -v, --v Level number for the log level verbosity\n --version Print version and exit\n --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraffis%2Fgitops-zombies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraffis%2Fgitops-zombies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraffis%2Fgitops-zombies/lists"}