Delete stale review-app namespaces

Not based on a k8s secret it contains, but rather based on the namespace name

Delete stale review-app namespaces
a211f8fe · ddieulivol · 75a9b23f · a211f8fe · a211f8fe · a211f8fe
--- a/scripts/review_apps/automated_cleanup.rb
+++ b/scripts/review_apps/automated_cleanup.rb
@@ -14,7 +14,6 @@ class AutomatedCleanup
      review_app: 'review/',
      docs_review_app: 'review-docs/'
    }.freeze
-    HELM_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/.freeze
    IGNORED_HELM_ERRORS = [
      'transport is closing',
      'error upgrading connection',
@@ -149,7 +148,7 @@ def perform_helm_releases_cleanup!(days:)

      helm_releases.each do |release|
        # Prevents deleting `dns-gitlab-review-app` releases or other unrelated releases
-        next unless HELM_ALLOWED_NAMESPACES_REGEX.match?(release.namespace)
+        next unless Tooling::KubernetesClient::K8S_ALLOWED_NAMESPACES_REGEX.match?(release.namespace)
        next unless release.name.start_with?('review-')

        if release.status == 'failed' || release.last_update < threshold

--- a/spec/tooling/lib/tooling/kubernetes_client_spec.rb
+++ b/spec/tooling/lib/tooling/kubernetes_client_spec.rb
@@ -250,7 +250,7 @@
  describe '#review_app_namespaces_created_before' do
    let(:three_days_ago) { Time.now - 3600 * 24 * 3 }
    let(:two_days_ago) { Time.now - 3600 * 24 * 2 }
-    let(:namespace_created_three_days_ago) { 'namespace-created-three-days-ago' }
+    let(:namespace_created_three_days_ago) { 'review-ns-created-three-days-ago' }
    let(:resource_type) { 'namespace' }
    let(:raw_resources) do
      {
@@ -260,10 +260,7 @@
            kind: "Namespace",
            metadata: {
              creationTimestamp: three_days_ago,
-              name: namespace_created_three_days_ago,
-              labels: {
-                tls: 'review-apps-tls'
-              }
+              name: namespace_created_three_days_ago
            }
          },
          {
@@ -271,10 +268,7 @@
            kind: "Namespace",
            metadata: {
              creationTimestamp: Time.now,
-              name: 'another-pvc',
-              labels: {
-                tls: 'review-apps-tls'
-              }
+              name: 'another-namespace'
            }
          }
        ]
@@ -283,12 +277,10 @@

    specify do
      expect(Gitlab::Popen).to receive(:popen_with_detail)
-                                 .with(["kubectl get namespace " \
-                                          "-l tls=review-apps-tls " \
-                                          "--sort-by='{.metadata.creationTimestamp}' -o json"])
-                                 .and_return(Gitlab::Popen::Result.new([], raw_resources, '', double(success?: true)))
+                          .with(["kubectl get namespace --sort-by='{.metadata.creationTimestamp}' -o json"])
+                          .and_return(Gitlab::Popen::Result.new([], raw_resources, '', double(success?: true)))

-      expect(subject.__send__(:review_app_namespaces_created_before, created_before: two_days_ago)).to contain_exactly(namespace_created_three_days_ago)
+      expect(subject.__send__(:review_app_namespaces_created_before, created_before: two_days_ago)).to eq([namespace_created_three_days_ago])
    end
  end
 end
--- a/tooling/lib/tooling/kubernetes_client.rb
+++ b/tooling/lib/tooling/kubernetes_client.rb
@@ -6,8 +6,9 @@

 module Tooling
  class KubernetesClient
-    RESOURCE_LIST = 'ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,crd'
-    CommandFailedError = Class.new(StandardError)
+    RESOURCE_LIST                = 'ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,crd'
+    K8S_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/.freeze
+    CommandFailedError           = Class.new(StandardError)

    attr_reader :namespace

@@ -129,14 +130,16 @@ def review_app_namespaces_created_before(created_before:)
      command = [
        'get',
        'namespace',
-        "-l tls=review-apps-tls", # Get only namespaces used for review-apps
        "--sort-by='{.metadata.creationTimestamp}'",
        '-o json'
      ]

      response = run_command(command)

-      resources_created_before_date(response, created_before)
+      stale_namespaces = resources_created_before_date(response, created_before)
+
+      # `kubectl` doesn't allow us to filter namespaces with a regexp. We therefore do the filtering in Ruby.
+      stale_namespaces.select { |ns| K8S_ALLOWED_NAMESPACES_REGEX.match?(ns) }
    end

    def resources_created_before_date(response, date)