Skip to main content
Version: 2.0 🆕

Configure Lock Schema

Introduction ​

In Devtron, you can create CRDs for defining lock schema. Your lock schema will be used to determine the fields (in the resource manifest) that cannot be added/updated/deleted by non-superadmins. This is especially useful for preventing unwanted edits to the manifests of pod, deployment, configmap, and many more.

Who Can Perform This Action?

Only a Super-Admin can configure Lock Schema.

Editing Lock Schema​

  1. Go to Resource Browser and select your cluster.

  2. Use the searchbox labelled 'Jump to Kind' and search for LockSchema.

    Figure 1: Searching Lock Schema

  3. Click the Lock Schema you wish to edit. In case no Lock Schema exists, you may create a Lock Schema for your resource kind.

    Figure 2: Click Lock Schema

  4. Click Edit Live Manifest to modify the YAML.

    Figure 3: Edit Live Manifest

  5. Locate the lockedPaths list and specify the fields/paths you wish to lock from unwanted edits by non-superadmins in the manifest.

    Figure 4: Modifying Schema

  6. Click Apply Changes.

Create your own Lock Schema​

  1. Go to Resource Browser and select your cluster.

  2. Click Create Resource at the top.

  3. Use the following template and specify the fields/paths you wish to lock in the lockedPaths list, also specify the resource kinds in applyTo. Once done, click Apply.

Lock Schema for ConfigMap
apiVersion: crd.devtron.ai/alpha1
kind: LockSchema
name: devtron-cm-lock-schema
spec:
applyTo:
    - group: ""
    kind: ConfigMap
    version: v1
lockedPaths:
    - data.ENABLE_CI_JOB