Termination Protection
Termination Protection
Overview¶
The Kubernetes Operations Platform now includes a termination protection feature for GitOps System Sync interface, offering an additional safeguard against accidental deletion of clusters and environments. When enabled, this protection prevents the deletion of clusters and environments through the GitOps System Sync interface, ensuring controlled and secure operations. This feature enhances governance by allowing users to configure termination protection based on specific requirements, with clear logging and access control for complete transparency.
It's important to note that this protection is exclusive to GitOps System Sync and does not apply to other interfaces, such as the UI, CLI, or Terraform.
Configure Termination Protection¶
- From the console, go to System and select Settings
- In the Settings section, locate Termination Protection Settings
- Two toggle options are available for Cluster and Environment Termination Protection is enabled by default for the DELETE function via GitOps System Sync to safeguard the cluster and environment
Note: In the future, additional resources will be included under termination protection as part of ongoing platform enhancements.
- Use the toggles to enable or disable termination protection
- Enabled: Prevents accidental deletions via GitOps System Sync. Resource files will be deleted from the Git repository, but the cluster will exist in the controller, leaving actual resources intact
- Disabled: Results in the deletion of both the cluster resources in the controller and the resource files in the Git repository
- After making changes, click Save
Pipeline Behavior¶
When a cluster resource(s) file are deleted from the Git repository, a pipeline is automatically triggered to process the change. However, if termination protection is toggles ON, the following happens:
- The deletion operation does not proceed
- The pipeline will fail, preventing unintended resource removal
- A failure message is displayed, as shown below
If termination protection is toggled OFF and the resource has been synced from Git at least once, the pipeline will proceed with the deletion as intended.
Access Control and Audit Logs¶
- Only the Org Admin role governs deletion actions, ensuring that authorized users can toggle the Termination Protection settings on or off
- Comprehensive Audit Logs track all actions related to termination protection changes and DELETE operations. These logs ensure a complete record of actions for accountability and governance