Skip to main content
Version: v1.6

Deletion Protection

FEATURE STATE: Kruise v0.9.0

This feature provides a safety policy which could help users protect Kubernetes resources and applications' availability from the cascading deletion mechanism.

Usage

Firstly, users have to enable the ResourcesDeletionProtection feature-gate during Kruise installation or upgrade.

Then, users can add the label named policy.kruise.io/delete-protection to some specific resources. The values can be:

  • Always: this object will always be forbidden to be deleted, unless the label is removed
  • Cascading: this object will be forbidden to be deleted, if it has active resources owned

The resources supported and the cascading judgement relationship:

KindGroupVersionCascading judgement
Namespacecorev1whether there is active Pods in this namespace
CustomResourceDefinitionapiextensions.k8s.iov1beta1, v1whether there is existing CRs of this CRD
Deploymentappsv1whether the replicas is 0
StatefulSetappsv1whether the replicas is 0
ReplicaSetappsv1whether the replicas is 0
CloneSetapps.kruise.iov1alpha1whether the replicas is 0
StatefulSetapps.kruise.iov1alpha1, v1beta1whether the replicas is 0
UnitedDeploymentapps.kruise.iov1alpha1whether the replicas is 0

Deletion Protection of service and ingress

FEATURE STATE: Kruise v1.6.0

Kruise support the deletion protection of service and ingress resources, the strategy only supports Always, for example:

apiVersion: v1
kind: Service
metadata:
labels:
policy.kruise.io/delete-protection: Always
name: test-web

Risk

Using objectSelector in webhook configuration, Kruise webhook will only handle those Namespace/CustomResourceDefinition/Deployment/StatefulSet/ReplicaSet resources with policy.kruise.io/delete-protection label.

So, if all kruise-manager Pods are crashed or in other abnormal states, kube-apiserver fails to call the deletion webhook, only the resources with policy.kruise.io/delete-protection label can not be deleted temporarily.