Configure Lock Schema for Manifests

Introduction

In Devtron, you can create CRDs for defining lock schema. Your lock schema will be used to determine the fields (in the resource manifest) that cannot be added/updated/deleted by non-superadmins. This is especially useful for preventing unwanted edits to the manifests of pod, deployment, configmap, and many more.

Editing Lock Schema

Go to Resource Browser and select your cluster.
Use the searchbox labelled 'Jump to Kind' and search for LockSchema.
Figure 1: Searching Lock Schema
Click the Lock Schema you wish to edit. In case no Lock Schema exists, you may create a Lock Schema for your resource kind.
Figure 2: Click Lock Schema
Click Edit Live Manifest to modify the YAML.
Figure 3: Edit Live Manifest
Locate the lockedPaths list and specify the fields/paths you wish to lock from unwanted edits by non-superadmins in the manifest.
Figure 4: Modifying Schema
Click Apply Changes.

Create your own Lock Schema

Go to Resource Browser and select your cluster.
Click Create Resource at the top.

Use the following template and specify the fields/paths you wish to lock in the lockedPaths list, also specify the resource kinds in applyTo. Once done, click Apply.

Lock Schema for ConfigMap

apiVersion: crd.devtron.ai/alpha1
kind: LockSchema
name: devtron-cm-lock-schema
spec:
applyTo:
    - group: ""
    kind: ConfigMap
    version: v1
lockedPaths:
    - data.ENABLE_CI_JOB

PreviousConfigure GUI Schema for Manifests NextGlossary

Last updated 8 days ago