Open rflorenc opened 3 years ago
It seems to me that this feature would break the fully declarative approach to managing configuration moving towards an imperative model. In general the rule is that if you don't want an object, you should not create it. Can you make a realistic example where this would be useful?
I have been testing the resource-locker-operator with the end goal of locking/patching resources feed in by ArgoCD in a GitOps scenario. One use case that comes to mind is the possibility to also delete resources which are not owned by Argo/Helm applications, like for example APIServer or Node resources.
This could be done via a new
action
field in the RL CR spec, which could then perform the delete operation on the resource. Example:End result being the secret being deleted and enforce deleted by the RLO. Would this be something that could be added as a feature to the RLO?