feat: Double make sure the --prune will not harm, limit scope of ob…

…ject types that could be deleted jenkins-x#2963 https://kubernetes.slack.com/archives/C9MBGQJRH/p1647955769010979
keskad · Mar 22, 2022 · 18a1aed · 18a1aed
1 parent c76a3e7
commit 18a1aed
Showing 1 changed file with 19 additions and 4 deletions.
diff --git a/src/Makefile.mk b/src/Makefile.mk
@@ -45,6 +45,21 @@ KUBECTL_APPLY_FLAGS ?= --force
 
 SOURCE_DIR ?= /workspace/source
 
+# Only stateless resources, excluding also Namespaces
+ALLOWED_PRUNE_RESOURCES = --prune-whitelist core/v1/ConfigMap \
+	--prune-whitelist core/v1/Endpoints \
+	--prune-whitelist core/v1/Pod \
+	--prune-whitelist core/v1/ReplicationController \
+	--prune-whitelist core/v1/Secret \
+	--prune-whitelist core/v1/Service \
+	--prune-whitelist batch/v1/Job \
+	--prune-whitelist batch/v1/CronJob \
+	--prune-whitelist networking.k8s.io/v1/Ingress \
+	--prune-whitelist apps/v1/DaemonSet \
+	--prune-whitelist apps/v1/Deployment \
+	--prune-whitelist apps/v1/ReplicaSet \
+	--prune-whitelist apps/v1/StatefulSet
+
 
 # NOTE to enable debug logging of 'helmfile template' to diagnose any issues with values.yaml templating
 # you can run:
@@ -287,10 +302,10 @@ kubectl-apply:
 	@echo "using kubectl to apply resources"
 
 # NOTE be very careful about these 2 labels as getting them wrong can remove stuff in you cluster!
-	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=customresourcedefinitions -R -f $(OUTPUT_DIR)/customresourcedefinitions
-	kubectl apply $(KUBECTL_APPLY_FLAGS) -l=gitops.jenkins-x.io/pipeline=cluster                           -R -f $(OUTPUT_DIR)/cluster/namespaces
-	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=cluster                   -R -f $(OUTPUT_DIR)/cluster/resources
-	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=namespaces                -R -f $(OUTPUT_DIR)/namespaces
+	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=customresourcedefinitions ${ALLOWED_PRUNE_RESOURCES} -R -f $(OUTPUT_DIR)/customresourcedefinitions
+	kubectl apply $(KUBECTL_APPLY_FLAGS) -l=gitops.jenkins-x.io/pipeline=cluster                           ${ALLOWED_PRUNE_RESOURCES} -R -f $(OUTPUT_DIR)/cluster/namespaces
+	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=cluster                   ${ALLOWED_PRUNE_RESOURCES} -R -f $(OUTPUT_DIR)/cluster/resources
+	kubectl apply $(KUBECTL_APPLY_FLAGS) --prune -l=gitops.jenkins-x.io/pipeline=namespaces                ${ALLOWED_PRUNE_RESOURCES} -R -f $(OUTPUT_DIR)/namespaces
 
 # lets apply any infrastructure specific labels or annotations to enable IAM roles on ServiceAccounts etc
 	jx gitops postprocess