Orphaned Resource
A Kubernetes resource that is no longer referenced by any active workload but continues to exist in the cluster, often incurring cost.
What is Orphaned Resource?
An orphaned resource is any Kubernetes object that has lost its functional purpose — it is no longer referenced by a running workload, not owned by an active controller, and not serving any active traffic — yet continues to exist in the cluster. Orphaning happens through gradual cluster evolution: a Deployment is deleted but its Service remains; a StatefulSet is scaled to zero but its PVCs persist; a Helm chart is uninstalled but its PVCs, ConfigMaps, and Secrets survive because the chart deliberately preserves them.
Orphaned resources fall into two cost categories. Storage-cost orphans (PersistentVolumeClaims, PersistentVolumes) directly generate ongoing cloud bills — a forgotten 500Gi SSD PVC costs ~$85/month on GKE whether any Pod reads from it or not. Metadata-cost orphans (ConfigMaps, Secrets, Services, RoleBindings, unused ServiceAccounts) don't directly bill but consume etcd storage, degrade API server performance at scale, inflate audit logs, and — in the case of Secrets and RBAC objects — create persistent security risks.
Detecting orphaned resources is non-trivial because Kubernetes has no built-in garbage collection for user-created resources not managed by a controller. Orphan detection requires analyzing the ownership graph across multiple resource types simultaneously: a ConfigMap is orphaned only if no Pod, Deployment, StatefulSet, Job, or other controller references it directly or through cascading relationships. Volume claims are orphaned only if no Pod mounts them and no active StatefulSet owns them.
Example
# Find PVCs not mounted by any pod
kubectl get pvc --all-namespaces -o json | jq -r '.items[] | select(.status.phase != "Bound") | "\(.metadata.namespace)/\(.metadata.name)"'
# Find services with no endpoints (selector matches no running pods)
kubectl get endpoints --all-namespaces -o json | jq -r '.items[] | select(.subsets == null) | "\(.metadata.namespace)/\(.metadata.name)"'
# Find configmaps not in kube-system (heuristic for non-system configmaps)
kubectl get configmaps --all-namespaces | grep -v kube-systemCost & Waste Implications
Orphaned PVCs are the highest direct cost — industry surveys show that 20–35% of PVC storage in large Kubernetes environments is orphaned, representing thousands of dollars per month at scale. Orphaned load balancer Services carry $18–$36/month each in cloud load balancer fees. Enterprises running 50+ clusters commonly find that orphaned resources represent 15–25% of their total Kubernetes cloud bill.
How KorPro Helps
KorPro's core feature is orphaned resource detection — it maps the full dependency graph across ConfigMaps, Secrets, PVCs, Services, ServiceAccounts, RoleBindings, and custom resources to identify resources with no live workload references, estimating each resource's monthly cost contribution.
Scan Your Cluster FreeRelated Terms
PersistentVolumeClaim(PVC)
StorageA namespaced request for persistent storage that binds to a PersistentVolume and mounts it into a Pod.
Read definitionConfigMap
ConfigurationAn API object that stores non-sensitive configuration data as key-value pairs, injected into Pods as env vars or mounted files.
Read definitionSecret
ConfigurationAn API object for storing sensitive data such as passwords, tokens, and TLS certificates, base64-encoded in etcd.
Read definitionKubernetes Resource Waste
FinOpsThe gap between what Kubernetes workloads reserve in resource requests and what they actually consume at runtime.
Read definitionStop Wasting Money on Orphaned Kubernetes Resources
KorPro connects to your clusters across GCP, AWS, and Azure — no agents, no installation — and surfaces every orphaned resource with its monthly cost estimate.