|
|
|
|
|
|
by nrmitchi
2130 days ago
|
|
|
This is, in my opinion, the most dangerous thing about CRDs, especially for resources that are not scoped the the cluster. It is way to easy to accidently delete something you need. PV's were my first experience dealing with this (a chart upgrade recreated a PVC, the old one unbound, and was immediately cleaned up), and it's not a risk that I want to see extended to buckets, RDS instances, etc. The other side of this is that CRDs can lead to abandoned resources; if you find your cluster borked, or shut down improperly, any resources which existed as CRDs (or in cloud Kubernetes land, include LoadBalancers) probably did not get cleaned up, and will be abandoned (but left running). It's not clear that there is actually a good solution here that fits neatly in with existing CRD behaviour. |
|
|
Which makes your first big "accidentally deleted" concern pretty near moot, so long as it's your ci/CD tools with permissions & they are using helm. So long as random cluster users aren't futzing around randomly poking at & deleting things.
Yes, you have to go way further & prevent your idiot users from being dumb, if you are giving them cluster role permissions. But again, have you considered not doing that?
Abandoned resources is no less of an issue. If there are external resources that don't have state (such as your Load balancer examp, the good news is you can delete them all & let the resource controllers recreate the real ones.
In general I feel like you are letting the 1% of concerns dominate & dissuade you, & that most people can make it very far with nothing extra.