Skip to main content

Manually Delete Namespace Resources

In the event that you need to manually delete a cloud-platform-environments namespace, for example production namespaces which our namespace-deleter pipeline is configured to skip, you can do so by following the steps below.

Prerequisites

Ensure you have the following installed on your machine:

  • cloud-platform CLI
  • kubectl
  • terraform CLI

Environment Variables

In addition to having your AWS profile configured, the following environment variables must be set before executing a namespace deletion:

TF_VAR_cluster_name           # e.g. "cp-1902-02" to get the vpc details for some modules like rds, es
TF_VAR_vpc_name               # e.g. "live-1"
TF_VAR_eks_cluster_name       # e.g. "live"
TF_VAR_cluster_state_bucket   # State where the cluster state is stored
TF_VAR_github_owner           # Github owner: ministryofjustice
TF_VAR_github_token           # Personal access token with repo scope to push github action secrets
TF_VAR_kubernetes_cluster     # Full name of the Cluster e.g. XXXXXX.gr7.eu-west2.eks.amazonaws.com
PINGDOM_API_TOKEN             # API Token to access pingdom
PIPELINE_TERRAFORM_STATE_LOCK_TABLE # DynamoDB table where the state lock is stored
PIPELINE_STATE_BUCKET         # State bucket where the environments state is stored e.g cloud-platform-terraform-state
PIPELINE_STATE_KEY_PREFIX     # State key/ folder where the environments terraform state is stored e.g cloud-platform-environments
PIPELINE_STATE_REGION         # State region of the bucket e.g. eu-west-1
PIPELINE_CLUSTER              # Cluster name/folder inside namespaces/ in cloud-platform-environments
PIPELINE_CLUSTER_STATE        # Cluster name/folder inside the state bucket where the environments terraform state is stored
PIPELINE_CLUSTER_DIR          # e.g. "live.cloud-platform.service.justice.gov.uk"

For specific values, you can refer to the Concourse environments-live pipeline and its associated secrets.

Deleting a namespace

The cloud-platform CLI namespace delete command must be executed from the root of the cloud-platform-environments repository. If the namespace folder still exists in the environments repository (ie no namespace removal PR has been merged), then the command will abort. Therefore ensure that your environments repository is up to date with the latest changes.

Locate the PR number for the namespace deletion PR, and execute the following command:

cloud-platform environment destroy \
    --pr-number [namespace-deletion-PR] \
    --cluster arn:aws:eks:eu-west-2:754256621582:cluster/live \
    --kubecfg ~/.kube/config \
    --clusterdir live.cloud-platform.service.justice.gov.uk \
    --skip-prod-destroy=true  # Set this flag to false to destroy namespace marked :is-production

The command will then destroy all terraform and kubernetes resources associated with the namespace, and finally will delete the namespace itself.

Locating PR number

If you are unable to locate the PR number for the namespace deletion, you can run this handy git command from the root of the cloud-platform-environments repo to get the commit hash for the namespace deletion, and then search for the PR in the environments repository via the GitHub UI search.

git rev-list -n 1 HEAD -- namespaces/live.cloud-platform.service.justice.gov.uk/[namespace-name]
This page was last reviewed on 1 May 2025. It needs to be reviewed again on 1 November 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 1 November 2025 by the page owner #cloud-platform. This might mean the content is out of date.