Remove legacy Kubernetes #actual_namespace61935-remove-code-left-over-from-when-clusters-were-always-project-specific

When Kubernetes clusters were originally built they could only
exist at the project level, and so there was logic included
that assumed there would only ever be a single Kubernetes
namespace per cluster. We now support clusters at the group
and instance level, which allows multiple namespaces.

This change consolidates various project-specific fallbacks to
generate namespaces, and hands all responsibility to the
Clusters::KubernetesNamespace model. There is now no concept of
a single namespace for a Clusters::Platforms::Kubernetes; to
retrieve a namespace a project must now be supplied in all cases.

This simplifies upcoming work to use a separate Kubernetes
namespace per project environment (instead of a namespace
per project).

4 files changed, 39 insertions, 61 deletions

diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb
index 9299e61dad3..f7ea7accab2 100644
--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -45,7 +45,6 @@ module Clusters
     has_one :application_knative, class_name: 'Clusters::Applications::Knative'
 
     has_many :kubernetes_namespaces
-    has_one :kubernetes_namespace, -> { order(id: :desc) }, class_name: 'Clusters::KubernetesNamespace'
 
     accepts_nested_attributes_for :provider_gcp, update_only: true
     accepts_nested_attributes_for :platform_kubernetes, update_only: true
@@ -108,7 +107,7 @@ module Clusters
 
     scope :preload_knative, -> {
       preload(
-        :kubernetes_namespace,
+        :kubernetes_namespaces,
         :platform_kubernetes,
         :application_knative
       )
@@ -187,16 +186,16 @@ module Clusters
       platform_kubernetes.kubeclient if kubernetes?
     end
 
+    def kubernetes_namespace_for(project)
+      find_or_initialize_kubernetes_namespace_for_project(project).namespace
+    end
+
     def find_or_initialize_kubernetes_namespace_for_project(project)
-      if project_type?
-        kubernetes_namespaces.find_or_initialize_by(
-          project: project,
-          cluster_project: cluster_project
-        )
-      else
-        kubernetes_namespaces.find_or_initialize_by(
-          project: project
-        )
+      attributes = { project: project }
+      attributes[:cluster_project] = cluster_project if project_type?
+
+      kubernetes_namespaces.find_or_initialize_by(attributes).tap do |namespace|
+        namespace.set_defaults
       end
     end
 
diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index 3b7b93e7631..9b951578aee 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -52,11 +52,14 @@ module Clusters
 
       alias_attribute :ca_pem, :ca_cert
 
-      delegate :project, to: :cluster, allow_nil: true
       delegate :enabled?, to: :cluster, allow_nil: true
       delegate :provided_by_user?, to: :cluster, allow_nil: true
       delegate :allow_user_defined_namespace?, to: :cluster, allow_nil: true
-      delegate :kubernetes_namespace, to: :cluster
+
+      # This is just to maintain compatibility with KubernetesService, which
+      # will be removed in https://gitlab.com/gitlab-org/gitlab-ce/issues/39217.
+      # It can be removed once KubernetesService is gone.
+      delegate :kubernetes_namespace_for, to: :cluster, allow_nil: true
 
       alias_method :active?, :enabled?
 
@@ -68,18 +71,6 @@ module Clusters
 
       default_value_for :authorization_type, :rbac
 
-      def actual_namespace
-        if namespace.present?
-          namespace
-        else
-          default_namespace
-        end
-      end
-
-      def namespace_for(project)
-        cluster.find_or_initialize_kubernetes_namespace_for_project(project).namespace
-      end
-
       def predefined_variables(project:)
         Gitlab::Ci::Variables::Collection.new.tap do |variables|
           variables.append(key: 'KUBE_URL', value: api_url)
@@ -98,11 +89,13 @@ module Clusters
             # Once we have marked all project-level clusters that make use of this
             # behaviour as "unmanaged", we can remove the `cluster.project_type?`
             # check here.
+            project_namespace = cluster.kubernetes_namespace_for(project)
+
             variables
               .append(key: 'KUBE_URL', value: api_url)
               .append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
-              .append(key: 'KUBE_NAMESPACE', value: actual_namespace)
-              .append(key: 'KUBECONFIG', value: kubeconfig, public: false, file: true)
+              .append(key: 'KUBE_NAMESPACE', value: project_namespace)
+              .append(key: 'KUBECONFIG', value: kubeconfig(project_namespace), public: false, file: true)
           end
 
           variables.concat(cluster.predefined_variables)
@@ -115,8 +108,10 @@ module Clusters
       # short time later
       def terminals(environment)
         with_reactive_cache do |data|
+          project = environment.project
+
           pods = filter_by_project_environment(data[:pods], project.full_path_slug, environment.slug)
-          terminals = pods.flat_map { |pod| terminals_for_pod(api_url, actual_namespace, pod) }.compact
+          terminals = pods.flat_map { |pod| terminals_for_pod(api_url, cluster.kubernetes_namespace_for(project), pod) }.compact
           terminals.each { |terminal| add_terminal_auth(terminal, terminal_auth) }
         end
       end
@@ -124,7 +119,7 @@ module Clusters
       # Caches resources in the namespace so other calls don't need to block on
       # network access
       def calculate_reactive_cache
-        return unless enabled? && project && !project.pending_delete?
+        return unless enabled?
 
         # We may want to cache extra things in the future
         { pods: read_pods }
@@ -136,33 +131,16 @@ module Clusters
 
       private
 
-      def kubeconfig
+      def kubeconfig(namespace)
         to_kubeconfig(
           url: api_url,
-          namespace: actual_namespace,
+          namespace: namespace,
           token: token,
           ca_pem: ca_pem)
       end
 
-      def default_namespace
-        kubernetes_namespace&.namespace.presence || fallback_default_namespace
-      end
-
-      # DEPRECATED
-      #
-      # On 11.4 Clusters::KubernetesNamespace was introduced, this model will allow to
-      # have multiple namespaces per project. This method will be removed after migration
-      # has been completed.
-      def fallback_default_namespace
-        return unless project
-
-        slug = "#{project.path}-#{project.id}".downcase
-        Gitlab::NamespaceSanitizer.sanitize(slug)
-      end
-
       def build_kube_client!
         raise "Incomplete settings" unless api_url
-        raise "No namespace" if cluster.project_type? && actual_namespace.empty? # can probably remove this line once we remove #actual_namespace
 
         unless (username && password) || token
           raise "Either username/password or token is required to access API"
@@ -178,9 +156,13 @@ module Clusters
 
       # Returns a hash of all pods in the namespace
       def read_pods
-        kubeclient = build_kube_client!
+        # TODO: The project lookup here should be moved (to environment?),
+        # which will enable reading pods from the correct namespace for group
+        # and instance clusters.
+        # This will be done in https://gitlab.com/gitlab-org/gitlab-ce/issues/61156
+        return [] unless cluster.project_type?
 
-        kubeclient.get_pods(namespace: actual_namespace).as_json
+        kubeclient.get_pods(namespace: cluster.kubernetes_namespace_for(cluster.first_project)).as_json
       rescue Kubeclient::ResourceNotFoundError
         []
       end
diff --git a/app/models/clusters/project.rb b/app/models/clusters/project.rb
index d2b68b3f117..e0bf60164ba 100644
--- a/app/models/clusters/project.rb
+++ b/app/models/clusters/project.rb
@@ -8,6 +8,5 @@ module Clusters
     belongs_to :project, class_name: '::Project'
 
     has_many :kubernetes_namespaces, class_name: 'Clusters::KubernetesNamespace', foreign_key: :cluster_project_id
-    has_one :kubernetes_namespace, -> { order(id: :desc) }, class_name: 'Clusters::KubernetesNamespace', foreign_key: :cluster_project_id
   end
 end
diff --git a/app/models/project_services/kubernetes_service.rb b/app/models/project_services/kubernetes_service.rb
index fc8afa9bead..aa6b4aa1d5e 100644
--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -86,7 +86,7 @@ class KubernetesService < DeploymentService
     ]
   end
 
-  def actual_namespace
+  def kubernetes_namespace_for(project)
     if namespace.present?
       namespace
     else
@@ -94,10 +94,6 @@ class KubernetesService < DeploymentService
     end
   end
 
-  def namespace_for(project)
-    actual_namespace
-  end
-
   # Check we can connect to the Kubernetes API
   def test(*args)
     kubeclient = build_kube_client!
@@ -118,7 +114,7 @@ class KubernetesService < DeploymentService
       variables
         .append(key: 'KUBE_URL', value: api_url)
         .append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
-        .append(key: 'KUBE_NAMESPACE', value: actual_namespace)
+        .append(key: 'KUBE_NAMESPACE', value: kubernetes_namespace_for(project))
         .append(key: 'KUBECONFIG', value: kubeconfig, public: false, file: true)
 
       if ca_pem.present?
@@ -135,8 +131,10 @@ class KubernetesService < DeploymentService
   # short time later
   def terminals(environment)
     with_reactive_cache do |data|
+      project = environment.project
+
       pods = filter_by_project_environment(data[:pods], project.full_path_slug, environment.slug)
-      terminals = pods.flat_map { |pod| terminals_for_pod(api_url, actual_namespace, pod) }.compact
+      terminals = pods.flat_map { |pod| terminals_for_pod(api_url, kubernetes_namespace_for(project), pod) }.compact
       terminals.each { |terminal| add_terminal_auth(terminal, terminal_auth) }
     end
   end
@@ -173,7 +171,7 @@ class KubernetesService < DeploymentService
   def kubeconfig
     to_kubeconfig(
       url: api_url,
-      namespace: actual_namespace,
+      namespace: kubernetes_namespace_for(project),
       token: token,
       ca_pem: ca_pem)
   end
@@ -190,7 +188,7 @@ class KubernetesService < DeploymentService
   end
 
   def build_kube_client!
-    raise "Incomplete settings" unless api_url && actual_namespace && token
+    raise "Incomplete settings" unless api_url && kubernetes_namespace_for(project) && token
 
     Gitlab::Kubernetes::KubeClient.new(
       api_url,
@@ -204,7 +202,7 @@ class KubernetesService < DeploymentService
   def read_pods
     kubeclient = build_kube_client!
 
-    kubeclient.get_pods(namespace: actual_namespace).as_json
+    kubeclient.get_pods(namespace: kubernetes_namespace_for(project)).as_json
   rescue Kubeclient::ResourceNotFoundError
     []
   end