New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not delete Keycloak items on Kubernetes object deletion by default #18
Comments
@julianbuettner Hello, I think we can make this field immutable and not allow such operations but force the user to create a new realm. @zmotso, what do you think? Since Keycloak API doesn't allow such stuff, recreation operations can be dangerous. |
@SergK @julianbuettner Hi. Yes, we can add some annotation/parameter to the CR to prevent deletion of the realm. We can implement it shortly (in a week or two). |
It would be great to have it for other (all?) object kinds as well, like |
Added 'edp.epam.com/preserve-resources-on-deletion: true' annotation processing to prevent the operator from deleting resources from keycloak. Change-Id: I0301c611b7e2de8388363297720650340c891c15
It appears to me the issue is fixed, so I will close this issue now. |
@julianbuettner, please expect till the end of this week. |
Is your feature request related to a problem? Please describe.
I just renamed the
KeycloakRealm
object and accidentally deleted the staging realm.(renaming +
kubectl apply
= delete + create?)There were backups in place, so everything turned out fine, but it's a hell of a trap to fall in.
Describe the solution you'd like
I would like to not have my realms deleted.
Maybe an annotation like
delete-keycloak-object-on-kubernetes-deletion
with a default offalse
,which has to be explicitly set to
true
to keep the current behaviour. Examples could be updated, so the issue isdirectly recognized by users not thinking much (like me).
(Compare
"helm.sh/resource-policy": "keep"
)Describe alternatives you've considered
Not using this product, because it contains a rather big footgun.
But I would like to use it in production, because it's otherwise exactly what I need.
Additional context
N/A
The text was updated successfully, but these errors were encountered: