Let's say I want to minimize any chance of my resources being deleted while I manage them with ASO. From the ASO side, I have an option to set serviceoperator.azure.com/reconcile-policy: detach-on-delete to prevent accidental deletes of K8s objects from being reconciled with Azure. However, those resources can still be deleted from the Azure Portal. It would be great to use ASO to have an option to set a lock to prevent them from being deleted from the Azure Portal.
There are 2 types of locks:
Read-only, which can be projected to serviceoperator.azure.com/reconcile-policy: skip
Delete - this feature request.
The way I propose implementing delete lock is through an annotation like serviceoperator.azure.com/reconcile-policy: lock-delete, which can be used only in combination with serviceoperator.azure.com/reconcile-policy: detach-on-delete, unless you consider combining them together into a single annotation like serviceoperator.azure.com/reconcile-policy: locked-detach-on-delete
Add implementation to lock resources to prevent them from being destroyed in the Azure Portal while ASO keeps managing them.
Lock your resources to protect your infrastructure
Let's say I want to minimize any chance of my resources being deleted while I manage them with ASO. From the ASO side, I have an option to set
serviceoperator.azure.com/reconcile-policy: detach-on-delete
to prevent accidental deletes of K8s objects from being reconciled with Azure. However, those resources can still be deleted from the Azure Portal. It would be great to use ASO to have an option to set a lock to prevent them from being deleted from the Azure Portal.There are 2 types of locks:
serviceoperator.azure.com/reconcile-policy: skip
The way I propose implementing delete lock is through an annotation like
serviceoperator.azure.com/reconcile-policy: lock-delete
, which can be used only in combination withserviceoperator.azure.com/reconcile-policy: detach-on-delete
, unless you consider combining them together into a single annotation likeserviceoperator.azure.com/reconcile-policy: locked-detach-on-delete