Introduction
In K8s, when a namespace is deleted, pods and other resources that belong to this namespace will be deleted soon.
However, the namespace deleting operation may be a mistake.
This project is used to prevent important resources from being deleted.
How it works
-
hook the namespace deleting operation by k8s webhook
-
get resources in this namespace
-
if something important exists,the delete operation will be rejected
How to use
- enable webhook by adding
ValidatingAdmissionWebhookto kube-apiserver flag--admission-control - get all resources,
kubectl api-resources -namespaced=true - modify the config.json to ignore the unimportant resources.
- deploy this project. using k8s Deployment and Service is recommended. ServiceAccount is also needed.
- the certs and caBundle can be generated by vault.
- get more in Makefile.
- have a try.