Lock Deployment Configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
The might contain certain configurations intended for the DevOps team (e.g., ingress), and not meant for developers to modify.
Therefore, Devtron allows super-admins to restrict such fields from modification or deletion.
This stands true for deployment templates in:
How is this different from the 'Protect Configuration' feature?
Whereas, the 'lock deployment configuration' feature goes one step further. It is meant to prevent any edits to specific keys by non-super-admins. This applies only to deployment templates and is performed at global-level. -->
Go to Global Configurations → Lock Deployment Config. Click Configure Lock.
(Optional) Click Refer Values.YAML to check which keys you wish to lock.
Click Save.
A confirmation dialog box would appear. Read it and click Confirm.
User can hide/unhide the locked keys as shown below.
Let's assume the user edits one of the locked keys...
...and saves the changes.
A modal window will appear on the right highlighting the non-eligible edits.
Let's assume the user edits a key that is not locked or adds a new key.
The modal window will highlight the eligible edits. However, it will not let the user save those eligible edits unless the user clicks the checkbox: Save changes which are eligible for update.
Only a super-admin, manager, or application admin can edit the configuration values.
Once the user clicks the Update button, the permissible changes will reflect in the deployment template.
The same result can be seen if the user tries to edit environment-specific deployment templates.
The 'protect configuration' feature is meant to verify the edits by introducing an approval flow for any changes made to the configuration files, i.e., Deployment template, ConfigMaps, and Secrets. Refer .
Enter the keys inside the editor on the left-hand side, e.g., autoscaling.MaxReplicas. Use to enter specific keys, lists, or objects to lock.
While super-admins can directly edit the locked keys, let's look at a scenario where a user (non-super-admin) tries to edit the same in an base deployment template.
If you select 'Basic' mode instead of 'Advanced (YAML)', all the keys meant for basic mode will be displayed in the GUI even if some are locked. While users can modify these keys, they cannot save the changes made to the locked keys.
However, if it's a , the user will require the approval of a as shown below.
