Cannot Delete Protected Cluster

This document describes how to protect specific VM instances from deletion past setting the deletionProtection belongings on an Instance resource. To learn more near VM instances, read the Instances documentation.

As office of your workload, at that place might be certain VM instances that are critical to running your application or services, such as an instance running a SQL server, a server used equally a license manager, and then on. These VM instances might need to stay running indefinitely so you lot need a fashion to protect these VMs from existence deleted.

By setting the deletionProtection flag, a VM example can be protected from accidental deletion. If a user attempts to delete a VM instance for which you have set the deletionProtection flag, the request fails. Simply a user that has been granted a role with compute.instances.create permission tin reset the flag to allow the resource to be deleted.

Before you begin

• If you want to use the control-line examples in this guide, practise the following:
  1. Install or update to the latest version of the Google Deject CLI.
  2. Set up a default region and zone.
• If you lot want to utilize the API examples in this guide, gear up upward API access.
• Read the Instances documentation.

Specifications

• Deletion prevention does not prevent the following actions:

  • Terminating an instance from within the VM (such every bit running the shutdown command)
  • Stopping an instance
  • Resetting an case
  • Suspending an instance
  • Instances being removed due to fraud and abuse after being detected past Google
  • Instances being removed due to project termination

• Deletion protection can be practical to both regular VMs and preemptible VMs.

• Deletion protection cannot be practical to VMs that are part of a managed instance group but can be practical to instances that are function of unmanaged case groups.

• Deletion prevention cannot exist specified in case templates.

Permissions

To perform this task, yous must have been granted the following permissions OR one of the following IAM roles on the resource.

Permissions

• compute.instances.create

Roles

• compute.admin
• compute.instanceAdmin.v1

Setting deletion protection during instance cosmos

By default, deletion protection is disabled for your instance. Enable deletion protection using the instructions beneath.

Console

1. In the Google Cloud Console, go to the Create an case page.

   Go to Create an example

2. Expand the Networking, disks, security, management, sole tenancy section and do the post-obit:

   1. Expand the Management section.
   2. Select the Enable deletion protection checkbox.

3. Continue with the VM creation process.

gcloud

When creating a VM instance, include either the --deletion-protection or no-deletion-protection flags. Deletion protection is disabled by default so to enable deletion protection:

              gcloud compute instances create [INSTANCE_NAME] --deletion-protection                          

where [INSTANCE_NAME] is the name of the desired example.

To disable deletion protection during creation:

              gcloud compute instances create [INSTANCE_NAME] --no-deletion-protection                          

API

In the API, when creating a VM instance, include the deletionProtection property in your request body. For example:

              POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances  {   "name": "[INSTANCE_NAME]",   "deletionProtection": "truthful",   ... }                          

To disable deletion protection, prepare deletionProtection to simulated.

Toggling deletion protection for existing instances

You can toggle deletion protection for an existing example, irrespective of the instance's current status. Specifically, you practise not have to stop the example before you lot tin can enable or disable deletion protection.

Console

1. Go to the VM instances page.

   Go to VM instances

2. If prompted, select your project and click Continue.

3. Click the name of the instance for which you want to toggle deletion protection. The instance details page displays.

4. From the case details page, consummate the following steps:

   1. Click the Edit button at the top of the page.

   2. Nether Deletion Protection, check the box to enable or uncheck the box to disable deletion protection.

      

   3. Save your changes.

gcloud

Using the gcloud CLI, run the update control with either the --deletion-protection or --no-deletion-protection flag:

              gcloud compute instances update [INSTANCE_NAME] \     [--deletion-protection | --no-deletion-protection]                          

For case, to enable deletion protection for an example named example-vm:

              gcloud compute instances update example-vm --deletion-protection                          

API

In the API, make a POST asking to the setDeletionProtection method with the delectionProtection query parameter. For instance:

              Post https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]/setDeletionProtection?deletionProtection=truthful                          

To disable deletion protection, gear up deletionProtection to false. Do not provide a request torso with the asking.

Determining if an instance has deletion protection enabled

You tin determine if an example has deletion protection enabled in the gcloud tool or in the API.

Console

1. Go to the VM instances page.

   Get to VM instances

2. If prompted, select your project and click Continue.

3. On the VM instances folio, pull down the Columns menu and enable Deletion protection.

   

4. A new column appears with the deletion protection icon. If a VM has deletion protection enabled, the icon appears side by side to the example name.

gcloud

In the gcloud CLI, run the instances depict command and search for the deletion protection field. For example:

              gcloud compute instances describe example-instance | grep "deletionProtection"                          

The tool returns the value of the deletionProtection property, either set up to true or simulated:

              deletionProtection: imitation                          

API

In the API, make a Become request and look for the deletionProtection field:

              Get https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]                          

What's next

• Larn how to terminate an instance.
• Delete your instances if you no longer need them.

blackwastams99.blogspot.com

Source: https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion

Share this post