Immutable CRD?

I am developing a controller and I’d like my object to be immutable. Meaning, objects can be created and deleted but I want to prevent modifications. I couldn’t find anything in the but maybe I just missed. Suggestions or hints on how to make an object immutable? Thanks.

One possibility is to use Validating webhooks and fail any updates. Using such webhooks would be simpler if you develop your controller with a tool such as kubebuilder.


Yes, we are using kubebuilder. Thanks, I’ll dig into “validating webhooks”.

If I can delete object X and create a new object with the same name,
is it really immutable?

It is really about the resources that I manage with the CR. They themselves are immutable so having to handle modifications doesn’t make much sense.

I understand that perspective, having dealt with it in other places,
but I want to argue the opposite. If users REALLY want to mutate it,
they will. You’re just forcing them to jump through hoops to do it
(delete, recreate). You could handle the delete/recreate yourself.