Protect Resources From Deletion/Modification
KubeRocketCI allows to prevent accidental resource deletion and modification by applying a protected label. This page describes the protected label feature, its purpose, types, and usage.
Overviewβ
Protected label is a Kubernetes label that tells KubeRocketCI to block any delete or edit operations with the resource. The platform checks the label first before performing an operation with the resource.
Protected labels support the following resources:
Protection Typesβ
Protection label can optionally block specific operations over a resource:
- app.edp.epam.com/edit-protection: delete-update - Blocks both the delete and modify operations;
- app.edp.epam.com/edit-protection: delete - Blocks only delete operations;
- app.edp.epam.com/edit-protection: update - Blocks only modify operations.
Apply Protected Labelβ
To apply the resource deletion and modification block, follow the steps below. We will use a codebase resource as an example, but the procedure applies to all the supported resources:
-
Open the terminal which has access to the cluster that runs KubeRocketCI.
-
Get the codebase list:
kubectl get codebase -n krci
-
Define the codebase you want to protect from accidental deletion and/or modification.
-
Enter the resource edit menu:
kubectl edit codebase <codebase name> -n krci
-
In the labels section of the codebase specifications, add the label from the Protection Types list.
-
Save and quit the menu.
Remove Protected Labelβ
To remove a label, navigate back to the resource, edit the resource by removing the label, and save the changes.