README
¶
ezadmis-deny-ns-deletion
This admission webhook will deny namespace deletion, unless the namespace has an annotation:
ezadmis.yankeguo.github.io/deletion-allowed: "true"
Installation
Assuming we are installing to namespace autoops
- complete RBAC Initialization for ezadmis-install
- deploy YAML resources
apiVersion: v1
kind: ConfigMap
metadata:
name: install-ezadmis-deny-ns-deletion-cfg
namespace: autoops
data:
config.json: |
{
"name": "ezadmis-deny-ns-deletion",
"namespace": "autoops",
"mutating": false,
"admissionRules": [
{
"apiGroups": [""],
"apiVersions": ["*"],
"resources": ["namespaces"],
"operations": ["DELETE"]
}
],
"sideEffect": "None",
"image": "yankeguo/ezadmis-deny-ns-deletion"
}
---
# Job
apiVersion: batch/v1
kind: Job
metadata:
name: install-ezadmis-deny-ns-deletion
namespace: autoops
spec:
template:
spec:
serviceAccount: ezadmis-install
containers:
- name: install-ezadmis-deny-ns-deletion
image: yankeguo/ezadmis-install
args:
- /ezadmis-install
- -conf
- /config.json
volumeMounts:
- name: vol-cfg
mountPath: /config.json
subPath: config.json
volumes:
- name: vol-cfg
configMap:
name: install-ezadmis-deny-ns-deletion-cfg
restartPolicy: OnFailure
Credits
GUO YANKE, MIT License
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.