diff --git a/scripts/review_apps/automated_cleanup.rb b/scripts/review_apps/automated_cleanup.rb
index a1810526550d25e705ab6846c487dada480ded4e..7e606b74de9fb78012ac22f519d8c67828ab44c1 100755
--- a/scripts/review_apps/automated_cleanup.rb
+++ b/scripts/review_apps/automated_cleanup.rb
@@ -14,7 +14,6 @@ class AutomatedCleanup
       review_app: 'review/',
       docs_review_app: 'review-docs/'
     }.freeze
-    HELM_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/.freeze
     IGNORED_HELM_ERRORS = [
       'transport is closing',
       'error upgrading connection',
@@ -149,7 +148,7 @@ def perform_helm_releases_cleanup!(days:)
 
       helm_releases.each do |release|
         # Prevents deleting `dns-gitlab-review-app` releases or other unrelated releases
-        next unless HELM_ALLOWED_NAMESPACES_REGEX.match?(release.namespace)
+        next unless Tooling::KubernetesClient::K8S_ALLOWED_NAMESPACES_REGEX.match?(release.namespace)
         next unless release.name.start_with?('review-')
 
         if release.status == 'failed' || release.last_update < threshold
diff --git a/spec/tooling/lib/tooling/kubernetes_client_spec.rb b/spec/tooling/lib/tooling/kubernetes_client_spec.rb
index a7f50b0bb501fb18375292e2b955da87554d1472..50d33182a42c08b8b0f4895be4fc6d970ca3a5e9 100644
--- a/spec/tooling/lib/tooling/kubernetes_client_spec.rb
+++ b/spec/tooling/lib/tooling/kubernetes_client_spec.rb
@@ -250,7 +250,7 @@
   describe '#review_app_namespaces_created_before' do
     let(:three_days_ago) { Time.now - 3600 * 24 * 3 }
     let(:two_days_ago) { Time.now - 3600 * 24 * 2 }
-    let(:namespace_created_three_days_ago) { 'namespace-created-three-days-ago' }
+    let(:namespace_created_three_days_ago) { 'review-ns-created-three-days-ago' }
     let(:resource_type) { 'namespace' }
     let(:raw_resources) do
       {
@@ -260,10 +260,7 @@
             kind: "Namespace",
             metadata: {
               creationTimestamp: three_days_ago,
-              name: namespace_created_three_days_ago,
-              labels: {
-                tls: 'review-apps-tls'
-              }
+              name: namespace_created_three_days_ago
             }
           },
           {
@@ -271,10 +268,7 @@
             kind: "Namespace",
             metadata: {
               creationTimestamp: Time.now,
-              name: 'another-pvc',
-              labels: {
-                tls: 'review-apps-tls'
-              }
+              name: 'another-namespace'
             }
           }
         ]
@@ -283,12 +277,10 @@
 
     specify do
       expect(Gitlab::Popen).to receive(:popen_with_detail)
-                                 .with(["kubectl get namespace " \
-                                          "-l tls=review-apps-tls " \
-                                          "--sort-by='{.metadata.creationTimestamp}' -o json"])
-                                 .and_return(Gitlab::Popen::Result.new([], raw_resources, '', double(success?: true)))
+                          .with(["kubectl get namespace --sort-by='{.metadata.creationTimestamp}' -o json"])
+                          .and_return(Gitlab::Popen::Result.new([], raw_resources, '', double(success?: true)))
 
-      expect(subject.__send__(:review_app_namespaces_created_before, created_before: two_days_ago)).to contain_exactly(namespace_created_three_days_ago)
+      expect(subject.__send__(:review_app_namespaces_created_before, created_before: two_days_ago)).to eq([namespace_created_three_days_ago])
     end
   end
 end
diff --git a/tooling/lib/tooling/kubernetes_client.rb b/tooling/lib/tooling/kubernetes_client.rb
index 1d7b924e2c3551e4cb15167e5686104e14fa3763..ab914db577776131332f291723dc9dbbace1f161 100644
--- a/tooling/lib/tooling/kubernetes_client.rb
+++ b/tooling/lib/tooling/kubernetes_client.rb
@@ -6,8 +6,9 @@
 
 module Tooling
   class KubernetesClient
-    RESOURCE_LIST = 'ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,crd'
-    CommandFailedError = Class.new(StandardError)
+    RESOURCE_LIST                = 'ingress,svc,pdb,hpa,deploy,statefulset,job,pod,secret,configmap,pvc,secret,clusterrole,clusterrolebinding,role,rolebinding,sa,crd'
+    K8S_ALLOWED_NAMESPACES_REGEX = /^review-(?!apps).+/.freeze
+    CommandFailedError           = Class.new(StandardError)
 
     attr_reader :namespace
 
@@ -129,14 +130,16 @@ def review_app_namespaces_created_before(created_before:)
       command = [
         'get',
         'namespace',
-        "-l tls=review-apps-tls", # Get only namespaces used for review-apps
         "--sort-by='{.metadata.creationTimestamp}'",
         '-o json'
       ]
 
       response = run_command(command)
 
-      resources_created_before_date(response, created_before)
+      stale_namespaces = resources_created_before_date(response, created_before)
+
+      # `kubectl` doesn't allow us to filter namespaces with a regexp. We therefore do the filtering in Ruby.
+      stale_namespaces.select { |ns| K8S_ALLOWED_NAMESPACES_REGEX.match?(ns) }
     end
 
     def resources_created_before_date(response, date)