How do you prevent accidental namespace deletion?

📰

How do you prevent accidental namespace deletion?

Reddit r/kubernetes·u/guettli·about 1 month ago

#namespace #deletion #prevent #accidental #kubernetes #article

Reading 0:00

15s threshold

I accidentally deleted a namespace in a Kubernetes testing cluster. Luckily, it was only a test environment, but it made me wonder how this should be prevented in a safer way.

What are the best practices to protect namespaces from accidental deletion?

Finalizers won't help. This is too late.

Best answer, my pov:

Yes you can do with CEL expressions using validatingadmissionpolicy https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/

Backup, GitOps, RBACs are useful, too. But they don't prevent the deletion of a namespace. Kyverno would, but validating admission policy is easier.

Menu

How do you prevent accidental namespace deletion?