Data PVC Protection

Protected Data

As an additional layer of data protection (besides backups, redundant backups, etc) we manually add finalizers to our PVCs that are long-lived and hold business-critical data. This includes:

backup PVCs
All PVCs produced by the PostgresCluster CRD

We manually add an natsuite.nrs.gov.bc.ca/deletion-protection string entry to the finalizers array.

This typically appears as:

  finalizers:
    - kubernetes.io/pvc-protection
    - natsuite.nrs.gov.bc.ca/deletion-protection

The other entry kubernetes.io/pvc-protection is produced by the cluster for any pvc in use by a pod. Since natsuite.nrs.gov.bc.ca/deletion-protection is a custom and manually added string, no automation will ever remove it and no deletion can succeed until the finalizers array is empty. This means all critical PVCs deletions are intentional. To undo this protection, a developer simply needs to remove natsuite.nrs.gov.bc.ca/deletion-protection from the finalizers array to resume normal kubernetes behavior.

Data PVC Protection

Protected Data

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally