{"id":13627392,"url":"https://github.com/yonahd/kor","last_synced_at":"2026-01-28T23:10:13.870Z","repository":{"id":183173612,"uuid":"662734440","full_name":"yonahd/kor","owner":"yonahd","description":"A Golang Tool to discover unused Kubernetes Resources ","archived":false,"fork":false,"pushed_at":"2025-04-13T17:31:31.000Z","size":1094,"stargazers_count":1168,"open_issues_count":18,"forks_count":99,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-04-13T18:37:21.069Z","etag":null,"topics":["go","golang","k8s","kubernetes","resource-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yonahd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-05T19:13:12.000Z","updated_at":"2025-04-13T18:17:16.000Z","dependencies_parsed_at":"2023-12-09T20:24:39.866Z","dependency_job_id":"38d10365-62c5-40a2-b1e7-b25eed67dfb2","html_url":"https://github.com/yonahd/kor","commit_stats":null,"previous_names":["yonahd/kor"],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yonahd%2Fkor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yonahd%2Fkor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yonahd%2Fkor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yonahd%2Fkor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yonahd","download_url":"https://codeload.github.com/yonahd/kor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249268556,"owners_count":21240944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","k8s","kubernetes","resource-management"],"created_at":"2024-08-01T22:00:33.576Z","updated_at":"2026-01-28T23:10:13.860Z","avatar_url":"https://github.com/yonahd.png","language":"Go","readme":"![GitHub go.mod Go version (subdirectory of monorepo)](https://img.shields.io/github/go-mod/go-version/yonahd/kor)\n![GitHub Release](https://img.shields.io/github/v/release/yonahd/kor?filter=v*\u0026color=green\u0026link=https://github.com/yonahd/kor/releases)\n![GitHub Release](https://img.shields.io/github/v/release/yonahd/kor?filter=kor-*\u0026logo=Helm\u0026color=green\u0026link=https://github.com/yonahd/kor/releases)\n![Docker Pulls](https://img.shields.io/docker/pulls/yonahdissen/kor)\n[![codecov](https://codecov.io/gh/yonahd/kor/branch/main/graph/badge.svg?token=tNKcOjlxLo)](https://codecov.io/gh/yonahd/kor)\n[![Discord](https://discord.com/api/guilds/1159544275722321990/embed.png)](https://discord.gg/ajptYPwcJY)\n[![KorPro Available](https://img.shields.io/badge/KorPro-Available-blue)](https://korpro.io)\n\n\n# Kor - Kubernetes Orphaned Resources Finder\n\n![Kor Logo](/images/kor_logo.png)\n\nKor is a tool to discover unused Kubernetes resources. Currently, Kor can identify and list unused:\n\n- ConfigMaps\n- Secrets\n- Services\n- ServiceAccounts\n- Deployments\n- StatefulSets\n- Roles\n- ClusterRoles\n- ClusterRoleBindings\n- HPAs\n- PVCs\n- Ingresses\n- PDBs\n- CRDs\n- PVs\n- Pods\n- Jobs\n- ReplicaSets\n- DaemonSets\n- StorageClasses\n- NetworkPolicies\n- RoleBindings\n- VolumeAttachments\n- PriorityClasses\n\n\u003e **Looking for cost analysis and multi-cluster management?** Check out [KorPro](#korpro), our cloud-based platform built on top of Kor.\n\n![Kor Screenshot](/images/show_reason_screenshot.png)\n\n## Installation\n\nDownload the binary for your operating system from the [releases page](https://github.com/yonahd/kor/releases) and add it to your system's PATH.\n\n### Homebrew\n\nFor macOS users, you can install Kor using Homebrew:\n\n```sh\nbrew install kor\n```\n\n### Build from development branch\n\nInstall the binary to your `$GOBIN` or `$GOPATH/bin`:\n\n```sh\ngo install github.com/yonahd/kor@latest\n```\n\n### Build from source\n\nBuild the locally cloned source code:\n\n```sh\ngo build main.go\n```\n\n### Docker\n\nRun a container with your kubeconfig mounted:\n\n```sh\ndocker run --rm -i yonahdissen/kor\n\ndocker run --rm -i -v \"/path/to/.kube/config:/root/.kube/config\" yonahdissen/kor all\n```\n\n### Kubectl plugin (\u003cimg src=\"https://raw.githubusercontent.com/kubernetes-sigs/krew/master/assets/logo/horizontal/color/krew-horizontal-color.png\" alt=\"krew\" width=\"48\"/\u003e)\n\n```sh\nkubectl krew install kor\n```\n\n### Helm\n\n```sh\nhelm repo add kor https://yonahd.github.io/kor\n```\n\nRun as a cronjob in your Cluster (with an option for sending slack updates)\n\n```sh\nhelm upgrade -i kor \\\n --namespace kor \\\n --create-namespace \\\n --set cronJob.enabled=true\n ./charts/kor\n```\n\nRun as a deployment in your Cluster exposing prometheus metrics\n\n```sh\nhelm upgrade -i kor \\\n --namespace kor \\\n --create-namespace \\\n ./charts/kor\n```\n\nFor more information see [in cluster usage](#in-cluster-usage)\n\n## Usage\n\nKor provides various subcommands to identify and list unused resources. The available commands are:\n\n- `all` - Gets all unused resources for the specified namespace or all namespaces.\n- `configmap` - Gets unused ConfigMaps for the specified namespace or all namespaces.\n- `secret` - Gets unused Secrets for the specified namespace or all namespaces.\n- `service` - Gets unused Services for the specified namespace or all namespaces.\n- `serviceaccount` - Gets unused ServiceAccounts for the specified namespace or all namespaces.\n- `deployment` - Gets unused Deployments for the specified namespace or all namespaces.\n- `statefulset` - Gets unused StatefulSets for the specified namespace or all namespaces.\n- `role` - Gets unused Roles for the specified namespace or all namespaces.\n- `clusterrole` - Gets unused ClusterRoles for the specified namespace or all namespaces (namespace refers to RoleBinding).\n- `clusterrolebinding` - Gets unused ClusterRoleBindings in the cluster (non namespaced resource).\n- `rolebinding` - Gets unused RoleBindings for the specified namespace or all namespaces.\n- `hpa` - Gets unused HPAs for the specified namespace or all namespaces.\n- `pod` - Gets unused Pods for the specified namespace or all namespaces.\n- `pvc` - Gets unused PVCs for the specified namespace or all namespaces.\n- `pv` - Gets unused PVs in the cluster (non namespaced resource).\n- `storageclass` - Gets unused StorageClasses in the cluster (non namespaced resource).\n- `ingress` - Gets unused Ingresses for the specified namespace or all namespaces.\n- `pdb` - Gets unused PDBs for the specified namespace or all namespaces.\n- `crd` - Gets unused CRDs in the cluster (non namespaced resource).\n- `job` - Gets unused jobs for the specified namespace or all namespaces.\n- `replicaset` - Gets unused replicaSets for the specified namespace or all namespaces.\n- `daemonset`- Gets unused DaemonSets for the specified namespace or all namespaces.\n- `volumeattachment` - Gets unused VolumeAttachments in the cluster (non-namespaced resource).\n- `priorityclass` - Gets unused PriorityClasses in the cluster (non-namespaced resource).\n- `finalizer` - Gets unused pending deletion resources for the specified namespace or all namespaces.\n- `networkpolicy` - Gets unused NetworkPolicies for the specified namespace or all namespaces.\n- `exporter` - Export Prometheus metrics.\n- `version` - Print kor version information.\n\n### Supported Flags\n\n```\n --delete Delete unused resources\n -l, --exclude-labels strings Selector to filter out, Example: --exclude-labels key1=value1,key2=value2. If --include-labels is set, --exclude-labels will be ignored\n -e, --exclude-namespaces strings Namespaces to be excluded, split by commas. Example: --exclude-namespaces ns1,ns2,ns3. If --include-namespaces is set, --exclude-namespaces will be ignored\n --group-by string Group output by (namespace, resource) (default \"namespace\")\n -h, --help help for kor\n --include-labels string Selector to filter in, Example: --include-labels key1=value1 (currently supports one label)\n -n, --include-namespaces strings Namespaces to run on, split by commas. Example: --include-namespaces ns1,ns2,ns3. If set, non-namespaced resources will be ignored\n -k, --kubeconfig string Path to kubeconfig file (optional)\n --newer-than string The maximum age of the resources to be considered unused. This flag cannot be used together with older-than flag. Example: --newer-than=1h2m\n --no-interactive Do not prompt for confirmation when deleting resources. Be careful when using this flag!\n --older-than string The minimum age of the resources to be considered unused. This flag cannot be used together with newer-than flag. Example: --older-than=1h2m\n -o, --output string Output format (table, json or yaml) (default \"table\")\n --show-reason Print reason resource is considered unused\n --ignore-owner-references Skip resources that have ownerReferences set (for all resource types)\n --slack-auth-token string Slack auth token to send notifications to, requires --slack-channel to be set\n --slack-channel string Slack channel to send notifications to, requires --slack-auth-token to be set\n --slack-webhook-url string Slack webhook URL to send notifications to\n -v, --verbose Verbose output (print empty namespaces)\n```\n\nTo use a specific subcommand, run `kor [subcommand] [flags]`.\n\n```sh\nkor all --include-namespaces my-namespace\n```\n\nFor more information about each subcommand and its available flags, you can use the `--help` flag.\n\n```sh\nkor [subcommand] --help\n```\n\n### Supported resources and limitations\n\n| Resource | What it looks for | Known False Positives ⚠️ |\n| --------------- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| ConfigMaps | ConfigMaps not used in the following places:\u003cbr/\u003e- Pods\u003cbr/\u003e- Containers\u003cbr/\u003e- ConfigMaps used through Volumes\u003cbr/\u003e- ConfigMaps used through environment variables | ConfigMaps used by resources which don't explicitly state them in the config.\u003cbr/\u003e e.g Grafana dashboards loaded dynamically OPA policies fluentd configs CRD configs |\n| CRDs | CRDs not used the cluster | |\n| ClusterRoleBindings | ClusterRoleBindings referencing invalid ClusterRole or ServiceAccounts | |\n| ClusterRoles | ClusterRoles not used in RoleBinding or ClusterRoleBinding\u003cbr/\u003eClusterRoles not used in ClusterRole aggregation | |\n| DaemonSets | DaemonSets not scheduled on any nodes | |\n| Deployments | Deployments with no replicas | |\n| HPAs | HPAs not used in Deployments\u003cbr/\u003e HPAs not used in StatefulSets | |\n| Ingresses | Ingresses not pointing at any Service | |\n| Jobs | Jobs status is completed\u003cbr/\u003e Jobs status is suspended\u003cbr/\u003e Jobs failed with backoff limit exceeded (including indexed jobs) \u003cbr/\u003e Jobs failed with dedaline exceeded | |\n| NetworkPolicies | NetworkPolicies with no Pods selected by podSelector or Ingress / Egress rules |\n| PDBs | PDBs not used in Deployments / StatefulSets (templates) or in arbitrary Pods\u003cbr/\u003ePDBs with empty selectors (match every pod) but no running pods in namespace | |\n| Pods | Pods in `Failed` phase with reason `Evicted` (i.e., evicted pods)\u003cbr/\u003e Pods in Crashloopbackoff | |\n| PVs | PVs not bound to a PVC | |\n| PVCs | PVCs not used in Pods | |\n| PriorityClasses | PriorityClasses not used by any Pods | |\n| ReplicaSets | ReplicaSets that specify replicas to 0 and has already completed it's work | |\n| RoleBindings | RoleBindings referencing invalid Role, ClusterRole, or ServiceAccounts | |\n| Roles | Roles not used in RoleBinding | |\n| Secrets | Secrets not used in the following places:\u003cbr/\u003e- Pods\u003cbr/\u003e- Containers\u003cbr/\u003e- Secrets used through volumes\u003cbr/\u003e- Secrets used through environment variables\u003cbr/\u003e- Secrets used by Ingress TLS\u003cbr/\u003e- Secrets used by ServiceAccounts | Secrets used by resources which don't explicitly state them in the config e.g. secrets used by CRDs |\n| ServiceAccounts | ServiceAccounts unused by Pods\u003cbr/\u003eServiceAccounts unused by RoleBinding or ClusterRoleBinding | |\n| Services | Services with no endpoints | |\n| StatefulSets | StatefulSets with no replicas | |\n| StorageClasses | StorageClasses not used by any PVs / PVCs | |\n| VolumeAttachments | VolumeAttachments referencing a non-existent Node, PV, or CSIDriver |\n\n### Deleting Unused resources\n\nIf you want to delete resources in an interactive way using Kor you can run:\n\n```sh\nkor configmap --include-namespaces my-namespace --delete\n```\n\nYou will be prompted with:\n\n```sh\nDo you want to delete ConfigMap test-configmap in namespace my-namespace? (Y/N):\n```\n\nTo delete with no prompt (⚠️ use with caution):\n\n```sh\nkor configmap --include-namespaces my-namespace --delete --no-interactive\n```\n\n### Ignore Resources\n\nThe resources labeled with:\n\n```sh\nkor/used=true\n```\n\nWill be ignored by kor even if they are unused. You can add this label to resources you want to ignore.\n\n### Force clean Resources\n\nThe resources labeled with:\n\n```sh\nkor/used=false\n```\n\nWill be cleaned always. This is a good way to mark resources for later cleanup.\n\n### Output Formats\n\nKor supports three output formats: `table`, `json`, and `yaml`. The default output format is `table`.\nAdditionally, you can use the `--group-by` flag to group the output by `namespace` or `resource`.\n\n#### Show reason\n\n```sh\nkor all -n test --show-reason\n```\n\n```\nUnused resources in namespace: \"test\"\n+---+----------------+----------------------------------------------+--------------------------------------------------------+\n| # | RESOURCE TYPE | RESOURCE NAME | REASON |\n+---+----------------+----------------------------------------------+--------------------------------------------------------+\n| 1 | Service | do-not-delete | Marked with unused label |\n| 2 | Ingress | example-ingress | Ingress does not have a valid backend service |\n| 3 | Ingress | example-ingress2 | Ingress does not have a valid backend service |\n| 4 | ConfigMap | prober-blackbox-config | ConfigMap is not used in any pod or container |\n| 5 | ConfigMap | release-name-prober-operator-blackbox-config | ConfigMap is not used in any pod or container |\n| 6 | ConfigMap | unused-cm | ConfigMap is not used in any pod or container |\n| 7 | ServiceAccount | my-service-account2 | ServiceAccount is not in use |\n| 8 | Pdb | my-pdb | Pdb is not referencing any deployments or statefulsets |\n+---+----------------+----------------------------------------------+--------------------------------------------------------+\n```\n\n#### Group by resource\n\n```sh\nkor all --group-by=resource --output=table\n```\n\n```\nUnused ConfigMaps:\n+---+-----------+---------------+\n| # | NAMESPACE | RESOURCE NAME |\n+---+-----------+---------------+\n| 1 | ns1 | cm1 |\n| 2 | ns1 | cm2 |\n| 3 | ns2 | cm3 |\n+---+-----------+---------------+\nUnused Deployments:\n+---+-----------+---------------+\n| # | NAMESPACE | RESOURCE NAME |\n+---+-----------+---------------+\n| 1 | ns1 | deploy1 |\n| 2 | ns2 | deploy2 |\n+---+-----------+---------------+\nUnused ReplicaSets:\n+---+-----------+--------------------+\n| # | NAMESPACE | RESOURCE NAME |\n+---+-----------+--------------------+\n| 1 | ns1 | deploy1-654d48b75f |\n| 2 | ns2 | deploy2-79f48888c6 |\n+---+-----------+--------------------+\n```\n\n#### Group by namespace\n\n```sh\nkor all --group-by=namespace --output=table\n```\n\n```\nUnused resources in namespace: \"ns1\"\n+---+---------------+--------------------+\n| # | RESOURCE TYPE | RESOURCE NAME |\n+---+---------------+--------------------+\n| 1 | ConfigMap | cm1 |\n| 2 | ConfigMap | cm2 |\n| 3 | ReplicaSet | deploy1-654d48b75f |\n| 4 | Deployment | deploy1 |\n+---+---------------+--------------------+\nUnused resources in namespace: \"ns2\"\n+---+---------------+--------------------+\n| # | RESOURCE TYPE | RESOURCE NAME |\n+---+---------------+--------------------+\n| 1 | ReplicaSet | deploy2-79f48888c6 |\n| 2 | ConfigMap | cm3 |\n| 3 | Deployment | deploy2 |\n+---+---------------+--------------------+\n```\n\n## In Cluster Usage\n\nTo use this tool inside the cluster running as a CronJob and sending the results to a Slack Webhook as raw text (has characters limits of 4000) or to a Slack channel by uploading a file (recommended), you can use the following commands:\n\n```sh\n# Send to a Slack webhook as raw text\nhelm upgrade -i kor \\\n --namespace kor \\\n --create-namespace \\\n --set cronJob.slackWebhookUrl=\u003cslack-webhook-url\u003e \\\n ./charts/kor\n```\n\n```sh\n# Send to a Slack channel by uploading a file\nhelm upgrade -i kor \\\n --namespace kor \\\n --create-namespace \\\n --set cronJob.slackChannel=\u003cslack-channel\u003e \\\n --set cronJob.slackToken=\u003cslack-token\u003e \\\n ./charts/kor\n```\n\n\u003e Note: To send it to Slack as a file it's required to set the `slackToken` and `slackChannel` values.\n\nIt's set to run every Monday at 1 a.m. by default. You can change the schedule by setting the `cronJob.schedule` value.\n\n```sh\nhelm upgrade -i kor \\\n --namespace kor \\\n --create-namespace \\\n --set cronJob.slackChannel=\u003cslack-channel\u003e \\\n --set cronJob.slackToken=\u003cslack-token\u003e \\\n --set cronJob.schedule=\"0 1 * * 1\" \\\n ./charts/kor\n```\n\n## Grafana Dashboard\n\nDashboard can be found [here](https://grafana.com/grafana/dashboards/19863-kor-dashboard/).\n![Grafana Dashboard](/grafana/dashboard-screenshot-1.png)\n\n## KorPro\n\n![KorPro Logo](/images/korpro-logo-transparent.png)\n\nKor is available as an open-source CLI tool. For organizations requiring multi-cloud management, cost analysis, and advanced analytics, [KorPro](https://korpro.io) offers a cloud-based platform built on top of Kor.\n\n## Contributing\n\nContributions are welcome! If you encounter any bugs or have suggestions for improvements, please open an issue in the [issue tracker](https://github.com/yonahd/kor/issues).\n\nFollow [CONTRIBUTING.md](./CONTRIBUTING.md) for more.\n\n## License\n\nThis open-source project is available under the [MIT License](LICENSE). Feel free to use, modify, and distribute it as per the terms of the license.\n","funding_links":[],"categories":["Projects by main language","Containers","Go","kubernetes","\u003ca name=\"Go\"\u003e\u003c/a\u003eGo"],"sub_categories":["go","Kubernetes"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyonahd%2Fkor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyonahd%2Fkor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyonahd%2Fkor/lists"}