Manually Delete Namespace Resources
In the event that you need to manually delete a cloud-platform-environments namespace, for example production namespaces which our namespace-deleter pipeline is configured to skip, you can do so by following the steps below.
Prerequisites
Ensure you have the following installed on your machine:
- cloud-platform CLI
- kubectl
- terraform CLI
Environment Variables
In addition to having your AWS profile configured, the following environment variables must be set before executing a namespace deletion:
TF_VAR_cluster_name # e.g. "cp-1902-02" to get the vpc details for some modules like rds, es
TF_VAR_vpc_name # e.g. "live-1"
TF_VAR_eks_cluster_name # e.g. "live"
TF_VAR_cluster_state_bucket # State where the cluster state is stored
TF_VAR_github_owner # Github owner: ministryofjustice
TF_VAR_github_token # Personal access token with repo scope to push github action secrets
TF_VAR_kubernetes_cluster # Full name of the Cluster e.g. XXXXXX.gr7.eu-west2.eks.amazonaws.com
PINGDOM_API_TOKEN # API Token to access pingdom
PIPELINE_TERRAFORM_STATE_LOCK_TABLE # DynamoDB table where the state lock is stored
PIPELINE_STATE_BUCKET # State bucket where the environments state is stored e.g cloud-platform-terraform-state
PIPELINE_STATE_KEY_PREFIX # State key/ folder where the environments terraform state is stored e.g cloud-platform-environments
PIPELINE_STATE_REGION # State region of the bucket e.g. eu-west-1
PIPELINE_CLUSTER # Cluster name/folder inside namespaces/ in cloud-platform-environments
PIPELINE_CLUSTER_STATE # Cluster name/folder inside the state bucket where the environments terraform state is stored
PIPELINE_CLUSTER_DIR # e.g. "live.cloud-platform.service.justice.gov.uk"
For specific values, you can refer to the Concourse environments-live pipeline and its associated secrets.
Deleting a namespace
The cloud-platform
CLI namespace delete command must be executed from the root of the cloud-platform-environments
repository. If the
namespace folder still exists in the environments repository (ie no namespace removal PR has been merged), then the command will abort. Therefore
ensure that your environments repository is up to date with the latest changes.
Locate the PR number for the namespace deletion PR, and execute the following command:
cloud-platform environment destroy \
--pr-number [namespace-deletion-PR] \
--cluster arn:aws:eks:eu-west-2:754256621582:cluster/live \
--kubecfg ~/.kube/config \
--clusterdir live.cloud-platform.service.justice.gov.uk \
--skip-prod-destroy=true # Set this flag to false to destroy namespace marked :is-production
The command will then destroy all terraform and kubernetes resources associated with the namespace, and finally will delete the namespace itself.
Locating PR number
If you are unable to locate the PR number for the namespace deletion, you can run this handy git
command from the root of the cloud-platform-environments
repo
to get the commit hash for the namespace deletion, and then search for the PR in the environments repository via the GitHub UI search.
git rev-list -n 1 HEAD -- namespaces/live.cloud-platform.service.justice.gov.uk/[namespace-name]