To be or not to be,that's your question
During the Cold War between one of my female friends / (ex-)girlfriends ( She said that we were done ) in these days , there was a crazy idea flashed through my mind:
How about deleting ALL resources in production Kubernetes cluster environment without reasons?
So, I create such a super Kubernetes virus, I would like to call it kube-killer.
🤣 kube-killer is a tool helping you kill (unused) kubernetes‘s resource.
You can delete kubernetes‘s resource (deploy,pod,statefulset and so on) based on time schedule ⏰, custom metrics or custom condition.
It is a humane killer, he could also freeze the deploy without killing it (scale to 0).
You could run as web server, binary and CLI mode.
A long run web server using endless loop.
First of all,please make sure that:
- You are the master of the MYSQL .
rootis the best! And you should make sure that the MYSQL database is reachable for the remote Kubernetes cluster. - You are the administrator of the Kubernetes cluster. Admin of the “kube-system” will be the best!
You can create a scalable test environment by deleting those unused Kubernetes resources.
kube-killer is another implementation of serverless - automatically cleaning up unused resources to keep your cluster lean and efficient.
You can DELETE KEY RESOURCES SNEAKILY if your boss has no plan to raise your salary.
Please do not use it for bad purposes. (🤣I bet you will)
Just remember:
Easy to hurt, hard to forgive, just make FUN.
--dry-run mode first to preview what will be deleted. Use --interactive mode for additional safety. The --mafia flag will delete ALL resources regardless of their state - use with extreme caution!
kube-killer can run as a Kubernetes Operator that watches KubeKiller Custom Resources and automatically cleans up Kubernetes resources based on the configured mode and schedule.
- Install the CRD:
kubectl apply -f deploy/operator/crd.yaml- Deploy the Operator:
kubectl apply -f deploy/operator/rbac.yaml
kubectl apply -f deploy/operator/deployment.yaml- Verify the operator is running:
kubectl get pods -n kube-system | grep kube-killerAfter deploying the operator, you can create KubeKiller resources to control the cleanup behavior.
Demon mode will KILL ALL PODS at every interval. It is unstoppable and will kill any pod that gets created.
apiVersion: kubekiller.p-program.github.io/v1alpha1
kind: KubeKiller
metadata:
name: kube-killer-demon
namespace: default
spec:
mode: demon
interval: "5m"
dryRun: falseApply it:
kubectl apply -f - <<EOF
apiVersion: kubekiller.p-program.github.io/v1alpha1
kind: KubeKiller
metadata:
name: kube-killer-demon
namespace: default
spec:
mode: demon
interval: "5m"
dryRun: false
EOFIllidan mode hunts unhealthy Kubernetes resources at every period. It will clean up:
- Completed/Failed pods
- Completed jobs
- Unused PVCs and PVs
- Services without pods
- Unused ConfigMaps and Secrets
apiVersion: kubekiller.p-program.github.io/v1alpha1
kind: KubeKiller
metadata:
name: kube-killer-illidan
namespace: default
spec:
mode: illidan
interval: "10m"
dryRun: false
resources:
- pod
- job
- pvc
- pv
- service
- configmap
- secret
excludeNamespaces:
- kube-system
- kube-public
- kube-node-leaseApply it:
kubectl apply -f deploy/operator/example.yamlThe KubeKiller CRD supports the following configuration:
- mode: Operation mode -
demon(kills all pods) orillidan(hunts unhealthy resources) - interval: How often the killer should run (e.g., "5m", "1h", "30s")
- namespaces: Specific namespaces to operate on (empty means all except kube-system)
- excludeNamespaces: Namespaces to exclude from operations
- dryRun: If true, only log what would be deleted without actually deleting
- resources: Resource types to kill (only used in illidan mode): pod, job, pvc, pv, service, configmap, secret
Check the status of your KubeKiller resources:
kubectl get kubekiller
kubectl describe kubekiller kube-killer-illidanThe status will show:
lastRunTime: When the killer last ranlastRunResult: Result of the last runresourcesKilled: Number of resources killedphase: Current phase (Ready, Running, Error)
Once the kube-killer server is ready,you can use the CLI mode .
kube-killer supports killing the following Kubernetes resources:
- Pod (
pod,po,p) - Deletes completed/failed pods or all pods (in mafia mode) - ConfigMap (
configmap,cm) - Deletes unused ConfigMaps - Secret (
secret,secrets) - Deletes unused Secrets - Service (
service,svc,s) - Deletes services without pods - PVC (
pvc) - Deletes unbound or unused PersistentVolumeClaims - PV (
pv) - Deletes unused PersistentVolumes (cluster-scoped) - Job (
job,jobs) - Deletes completed/failed jobs - Node (
node,n,no) - Cordon and drain a node (requires node name) - Namespace (
namespace,ns) - Deletes a namespace and all its resources - StatefulSet (
statefulset,sts) - Deletes StatefulSets - Deployment (
deployment,deploy,d) - Deletes deployments - CustomResource (
cr,customresource) - Deletes Custom Resources by group pattern (e.g.,*.example.com) - CustomResourceDefinition (
crd,customresourcedefinition) - Deletes CRDs by group pattern - Zeusro (
zeusro) - Unpredictable mode: 50% chance nothing happens (Valar Dohaeris), 50% chance randomly deletes 50% of pods (Thanos mode)
# Delete unused pods in default namespace
kube-killer kill pod
# Delete unused pods in all namespaces (except kube-system)
kube-killer kill pod -A
# Delete unused pods with dry-run mode (preview only)
kube-killer kill pod -d
# Delete unused pods with interactive confirmation
kube-killer kill pod -i
# Delete all pods (mafia mode)
kube-killer kill pod --mafia
# Delete half of the pods randomly (mafia + half mode)
kube-killer kill pod --mafia --half
# Delete unused ConfigMaps
kube-killer kill configmap -n default
# Delete unused Secrets
kube-killer kill secret -A
# Delete unused Services
kube-killer kill service -n default
# Delete unused PVCs
kube-killer kill pvc -A
# Delete unused PVs (cluster-scoped, no namespace needed)
kube-killer kill pv
# Delete completed/failed Jobs
kube-killer kill job -n default
# Delete a StatefulSet
kube-killer kill statefulset my-sts -n default
# Delete a Deployment
kube-killer kill deployment my-app -n default
# Cordon and drain a node
kube-killer kill node my-node-name
# Delete a namespace (and all its resources)
kube-killer kill namespace my-namespace
# Delete a namespace forcefully (removes finalizers if stuck)
kube-killer kill namespace my-namespace --mafia
# Delete Custom Resources by group pattern
kube-killer kill cr "*.example.com" -n default
# Delete Custom Resources in all namespaces
kube-killer kill cr "*.example.com" -A
# Delete CustomResourceDefinitions by group pattern
kube-killer kill crd "*.example.com"
# Zeusro mode - 50% chance nothing happens, 50% chance deletes 50% of pods randomly
kube-killer kill zeusro -n default
# Zeusro mode with dry-run
kube-killer kill zeusro -d-n, --namespace: Target namespace (default: "default")-A, --all-namespaces: Operate on all namespaces (except kube-system)-d, --dryrun: Dry-run mode - preview what would be deleted without actually deleting-i, --interactive: Interactive mode - prompt for confirmation before deleting each resource--mafia: Mafia mode - kill all resources regardless of their state--half: Half mode - when used with--mafia, randomly delete half of the resources
# scale “my-girlfriends” deployment’s spec.replicas to 0 now
kube-killer freeze deployment my-girlfriends -a
# scale “my-girlfriends” deployment’s spec.replicas to 0 after 1 hour
kube-killer freeze deployment my-girlfriends -a 1h
You can find more examples in the test cases
You can expose the kube-killer server by using a NodePort service.
Then the kube-killer server would become some kind of backdoor.
Finally, you are free to destroy the whole production Kubernetes cluster remotely (Hhhhhhhhhhhhhhhhhhhhh).
The following features are implemented:
- Kill completed/failed pods automatically
- Kill unused PVs
- Kill unused PVCs
- Kill services without pods
- Kill unused ConfigMaps
- Kill unused Secrets
- Kill completed/failed jobs
- Kill StatefulSets
- Kill Deployments
- Kill nodes gracefully (cordon and drain)
- Kill namespaces (including stuck Terminating namespaces)
- Kill Custom Resources by group pattern
- Kill CustomResourceDefinitions by group pattern
- Support
--all-namespacesflag - Support
--interactivemode - Support
--dry-runmode - Support
--mafiamode (kill all resources) - Support
--halfmode (randomly kill half of resources) - Zeusro mode (unpredictable: 50% chance nothing happens, 50% chance deletes 50% pods)
- Kill satan (
⚠️ Do not use)
kube-killer can be used as a kubectl plugin! Install it and use kubectl kill to delete unused Kubernetes resources.
Installation:
# Build and install the plugin
make build-kubectl-plugin
make install-kubectl-plugin
# Or install to a custom location
make install-kubectl-plugin PREFIX=/usr/local/binUsage:
# Delete unused pods
kubectl kill pod
# Delete unused pods in all namespaces
kubectl kill pod -A
# Dry run to see what would be deleted
kubectl kill pod -d
# Delete unused services
kubectl kill service -n defaultFor more details, see the kubectl plugin documentation.
# Delete unused pods
kube-killer kill pod
# Delete unused pods in all namespaces
kube-killer kill pod -A
# Delete with dry-run mode
kube-killer kill pod -d
# Delete with interactive mode
kube-killer kill pod -i
# Delete all pods (mafia mode)
kube-killer kill pod --mafia
# Delete half of pods randomly
kube-killer kill pod --mafia --halfFor more examples, see the CLI usage section above.
kube-killer kill me!!!WARNING!!!:PLEASE DO NOT USE.
It‘s an unpredictable command🤣.
kube-killer kill zeusro!!!WARNING!!!: Unpredictable command - 50% chance nothing happens (Valar Dohaeris), 50% chance randomly deletes 50% of pods (Thanos mode).
The coin decides your fate! 🎲
Coding is easy, but it is really hard to figure out why she is so angry.
Should I tell her to DRINK MORE HOT WATER ?
What exactly does she want? Please tell me if you know the answer. Thank you very much!