Skip to content

Prevent deletion of namespaces and cluster #651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 24, 2025
Merged

Prevent deletion of namespaces and cluster #651

merged 4 commits into from
Feb 24, 2025

Conversation

@dharmit
Copy link
Contributor

@dharmit dharmit commented Feb 10, 2025
edited
Loading

Issue:

rancher/rancher#32745
rancher/rancher#48303

Problem

  • Presently, it's possible to delete local cluster (both kinds clusters.provisioning.cattle.io and cluster.management.cattle.io) using kubectl delete commands.
  • Presently, it's possible to delete local and fleet-local namespaces using kubectl delete.

Solution

All aforementioned deletions can be prevented using the proposed PR.

$ k delete clusters.provisioning.cattle.io -n fleet-local local
Error from server (BadRequest): admission webhook "rancher.cattle.io.clusters.provisioning.cattle.io" denied the request: can't delete local cluster

$ k delete cluster.management.cattle.io local
Error from server (BadRequest): admission webhook "rancher.cattle.io.clusters.management.cattle.io" denied the request: cannot delete the local cluster

$ k delete ns local
Error from server (BadRequest): admission webhook "rancher.cattle.io.namespaces.delete-namespace" denied the request: deletion of namespace "local" is not allowed

$ k delete ns fleet-local
Error from server (BadRequest): admission webhook "rancher.cattle.io.namespaces.delete-namespace" denied the request: deletion of namespace "fleet-local" is not allowed

CheckList

  • Test
  • Docs

@dharmit
Ignore namespace delete operation
18c520c 
Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
@dharmit dharmit marked this pull request as ready for review February 19, 2025 15:10
@dharmit dharmit requested a review from a team as a code owner February 19, 2025 15:10
crobby
crobby reviewed Feb 20, 2025
View reviewed changes
Copy link
Collaborator

@crobby crobby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple comments on the error messages. If you're passionate about the way they are, I can live with them, but I think they could be better.

@dharmit
Prevent deletion of local and fleet-local namespaces
3589cfa 
Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
@dharmit
Prevent deletion of local cluster
da8aa46 
It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.
@dharmit
Fixes to tests based on CI feedback
f312334
@dharmit
Copy link
Contributor Author

dharmit commented Feb 20, 2025

@crobby I modified the error message for all deletions. PTAL. :)

@dharmit dharmit merged commit 1d2796d into rancher:main Feb 24, 2025
2 checks passed
@dharmit dharmit deleted the fix-r/r-48303 branch February 24, 2025 04:23
dharmit added a commit to dharmit/rancher-webhook that referenced this pull request Feb 24, 2025
@dharmit
Prevent deletion of namespaces and cluster (rancher#651)
8d4d373 
* Ignore namespace delete operation

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of `local` and `fleet-local` namespaces

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of local cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.

* Fixes to tests based on CI feedback

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
@dharmit dharmit mentioned this pull request Feb 24, 2025
Merged
2 tasks
dharmit added a commit to dharmit/rancher-webhook that referenced this pull request Feb 24, 2025
@dharmit
Prevent deletion of namespaces and cluster (rancher#651)
a209467 
* Ignore namespace delete operation

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of `local` and `fleet-local` namespaces

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>

* Prevent deletion of local cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.

* Fixes to tests based on CI feedback

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
This was referenced Feb 24, 2025
Merged
Closed
dharmit added a commit that referenced this pull request Mar 6, 2025
@dharmit
Prevent deletion of namespaces and cluster (#651) (#722)
c4778ee 
* Ignore namespace delete operation



* Prevent deletion of `local` and `fleet-local` namespaces



* Prevent deletion of local cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.

* Fixes to tests based on CI feedback

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
dharmit added a commit that referenced this pull request Mar 6, 2025
@dharmit
Prevent deletion of namespaces and cluster (#651) (#725)
a61a17a 
* Ignore namespace delete operation



* Prevent deletion of `local` and `fleet-local` namespaces



* Prevent deletion of local cluster

It prevents deletion of both clusters.provisioning.cattle.io and
cluster.management.cattle.io resources of the named local.

* Fixes to tests based on CI feedback

---------

Signed-off-by: Dharmit Shah <dharmit.shah@suse.com>
This was referenced Mar 28, 2025
Closed
Merged
This was referenced Jul 28, 2025
Merged
Merged
This was referenced Nov 19, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crobby crobby crobby approved these changes

@tomleb tomleb tomleb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dharmit @crobby @tomleb