Skip to content

[firestartr-bootstrap] Add gatekeeper constrain to avoid deletion of customer namespaces #470

Open
Open
[firestartr-bootstrap] Add gatekeeper constrain to avoid deletion of customer namespaces#470
@alambike

Description

@alambike
alambike
opened on May 15, 2026

Motivation

We need to add a new Gatekeeper constrain when new customer is added, to firestartr-pro/state-sys-services repository, to avoid deletions of customer namespaces.

This constrain should have the following format:

apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sBlockNamespaceDelete
metadata:
  name: block-<CUSTOMER>-ns-delete
spec:
  enforcementAction: deny
  match:
    kinds:
      - apiGroups: [""]
        kinds: ["Namespace"]
  parameters:
    protectedPrefix:
      - "<CUSTOMER>-"

See https://github.com/firestartr-pro/state-sys-services/pull/180/changes

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions