Use separate Kubernetes namespaces per environment

Kubernetes deployments on new clusters will now have
a separate namespace per project environment, instead
of sharing a single namespace for the project.

Behaviour of existing clusters is unchanged.

All new functionality is controlled by the
:kubernetes_namespace_per_environment feature flag,
which is safe to enable/disable at any time.

3 files changed, 41 insertions, 6 deletions

diff --git a/app/services/clusters/build_kubernetes_namespace_service.rb b/app/services/clusters/build_kubernetes_namespace_service.rb
new file mode 100644
index 00000000000..2574f77bbf9
--- /dev/null
+++ b/app/services/clusters/build_kubernetes_namespace_service.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Clusters
+  class BuildKubernetesNamespaceService
+    attr_reader :cluster, :environment
+
+    def initialize(cluster, environment:)
+      @cluster = cluster
+      @environment = environment
+    end
+
+    def execute
+      cluster.kubernetes_namespaces.build(attributes)
+    end
+
+    private
+
+    def attributes
+      attributes = {
+        project: environment.project,
+        namespace: namespace,
+        service_account_name: "#{namespace}-service-account"
+      }
+
+      attributes[:cluster_project] = cluster.cluster_project if cluster.project_type?
+      attributes[:environment] = environment if cluster.namespace_per_environment?
+
+      attributes
+    end
+
+    def namespace
+      Gitlab::Kubernetes::DefaultNamespace.new(cluster, project: environment.project).from_environment_slug(environment.slug)
+    end
+  end
+end
diff --git a/app/services/clusters/create_service.rb b/app/services/clusters/create_service.rb
index 5fb5e15c32d..e5a5b73321a 100644
--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -11,7 +11,8 @@ module Clusters
     def execute(access_token: nil)
       raise ArgumentError, 'Unknown clusterable provided' unless clusterable
 
-      cluster_params = params.merge(user: current_user).merge(clusterable_params)
+      cluster_params = params.merge(global_params).merge(clusterable_params)
+
       cluster_params[:provider_gcp_attributes].try do |provider|
         provider[:access_token] = access_token
       end
@@ -35,6 +36,10 @@ module Clusters
       @clusterable ||= params.delete(:clusterable)
     end
 
+    def global_params
+      { user: current_user, namespace_per_environment: Feature.enabled?(:kubernetes_namespace_per_environment, default_enabled: true) }
+    end
+
     def clusterable_params
       case clusterable
       when ::Project
diff --git a/app/services/clusters/gcp/kubernetes/create_or_update_namespace_service.rb b/app/services/clusters/gcp/kubernetes/create_or_update_namespace_service.rb
index 806f320381d..c45dac7b273 100644
--- a/app/services/clusters/gcp/kubernetes/create_or_update_namespace_service.rb
+++ b/app/services/clusters/gcp/kubernetes/create_or_update_namespace_service.rb
@@ -11,7 +11,6 @@ module Clusters
         end
 
         def execute
-          configure_kubernetes_namespace
           create_project_service_account
           configure_kubernetes_token
 
@@ -22,10 +21,6 @@ module Clusters
 
         attr_reader :cluster, :kubernetes_namespace, :platform
 
-        def configure_kubernetes_namespace
-          kubernetes_namespace.set_defaults
-        end
-
         def create_project_service_account
           Clusters::Gcp::Kubernetes::CreateOrUpdateServiceAccountService.namespace_creator(
             platform.kubeclient,