PVC Protection

This page describes PersistentVolumeClaim (PVC) protection for AIStor Object Store deployments on Kubernetes. When enabled, PVC protection prevents accidental data loss by blocking PVC deletion until the protection is explicitly removed.

Kubernetes uses finalizers to prevent the deletion of resources until specific cleanup operations complete. The AIStor Operator can add the aistor.min.io/pvc-protection finalizer to all PVCs created by an Object Store deployment.

When PVC protection is enabled:

1. The Operator adds the aistor.min.io/pvc-protection finalizer to each PVC at its creation.
2. The finalizer prevents any attempt to delete a protected PVC (including namespace deletion). Remove the finalizer to allow deletion.
3. The PVC remains in a Terminating state until you explicitly remove the finalizer.

This layer of protection can provide value in situations such as the following:

• Activities may inadvertently delete a namespace.
• Automation or scripts have access that may remove storage resources.
• Multiple teams share a cluster, making accidental deletions possible.

PVC protection is disabled by default. To enable it, set objectStore.pvcProtection to true in your Helm values:

objectStore:
  pvcProtection: true

Apply the configuration when deploying or upgrading your Object Store:

helm upgrade -n OBJECT-STORE-NAMESPACE OBJECT-STORE-NAME minio/aistor-objectstore -f aistor-objectstore-values.yaml

Replace OBJECT-STORE-NAMESPACE with your Object Store namespace and OBJECT-STORE-NAME with the Helm release name.

The Operator adds the finalizer to all existing and new PVCs for the Object Store.

To delete individual PVCs while protection remains enabled, you must first remove the finalizer from those PVCs. Alternatively, you can disable PVC protection entirely, which automatically removes finalizers from all PVCs.

Use kubectl patch to remove the finalizer from a specific PVC to allow its deletion:

kubectl patch pvc PVC-NAME -n OBJECT-STORE-NAMESPACE -p '{"metadata":{"finalizers":null}}' --type=merge

Replace PVC-NAME with the name of the PVC and OBJECT-STORE-NAMESPACE with the Object Store namespace.

You can then remove the PVC.

To disable PVC protection, set objectStore.pvcProtection to false:

objectStore:
  pvcProtection: false

The Operator automatically removes the aistor.min.io/pvc-protection finalizer from all existing PVCs when you disable protection.

The AIStor Operator configures StatefulSets with a PVC retention policy of Retain for both WhenDeleted and WhenScaled operations. This ensures the preservation of PVCs when deleting or scaling down StatefulSets.

PVC protection complements but does not replace the StorageClass reclaim policy. The finalizer prevents PVC deletion, but if you remove the finalizer and delete the PVC, the reclaim policy determines what happens to the underlying storage:

• If the reclaim policy is Delete, the underlying PersistentVolume (PV) and its data are deleted.
• If the reclaim policy is Retain, the PV and its data persist, allowing recovery.

For maximum data protection, combine PVC protection with a Retain reclaim policy on your StorageClass. This provides two layers of defense: the finalizer prevents accidental PVC deletion, and the Retain policy preserves data even if deletion occurs.

• Object Store Helm Chart - Complete Helm chart reference including the pvcProtection field
• Kubernetes Finalizers - Official Kubernetes documentation on finalizers
• Storage Classes - Configure reclaim policies for PersistentVolumes