[dilyevsky]

Finalizers dont do much for safety. They are simply there to ensure controller (in this case ACK) won’t miss the deletion event and leave the resource dangling. To actually prevent object from being deleted you need a validation webhook

[robszumski]

An interesting part of the Operator Lifecycle Manager (OLM) is the capability to scaffold webhooks for Operators, rotate their secrets, etc to make this type protection easy for everyone to provide. All you need to do is bring your validation logic specific to the app.

https://olm.operatorframework.io/docs/advanced-tasks/adding-...

[an_opabinia]

Kubernetes complexity: The amount of indirection for “you must write a --force flag to delete something” is astounding.