Do not delete Keycloak items on Kubernetes object deletion by default #18
Comments
|
@julianbuettner Hello, I think we can make this field immutable and not allow such operations but force the user to create a new realm. @zmotso, what do you think? Since Keycloak API doesn't allow such stuff, recreation operations can be dangerous. |
|
@SergK @julianbuettner Hi. Yes, we can add some annotation/parameter to the CR to prevent deletion of the realm. We can implement it shortly (in a week or two). |
|
It would be great to have it for other (all?) object kinds as well, like |
Added 'edp.epam.com/preserve-resources-on-deletion: true' annotation processing to prevent the operator from deleting resources from keycloak. Change-Id: I0301c611b7e2de8388363297720650340c891c15
|
It appears to me the issue is fixed, so I will close this issue now. |
|
@julianbuettner, please expect till the end of this week. |
Is your feature request related to a problem? Please describe.
I just renamed the
KeycloakRealmobject and accidentally deleted the staging realm.(renaming +
kubectl apply= delete + create?)There were backups in place, so everything turned out fine, but it's a hell of a trap to fall in.
Describe the solution you'd like
I would like to not have my realms deleted.
Maybe an annotation like
delete-keycloak-object-on-kubernetes-deletionwith a default offalse,which has to be explicitly set to
trueto keep the current behaviour. Examples could be updated, so the issue isdirectly recognized by users not thinking much (like me).
(Compare
"helm.sh/resource-policy": "keep")Describe alternatives you've considered
Not using this product, because it contains a rather big footgun.
But I would like to use it in production, because it's otherwise exactly what I need.
Additional context
N/A
The text was updated successfully, but these errors were encountered: