add dns and cert cleanup

gitpod-io · Apr 26, 2022 · 8034c40 · 8034c40
1 parent 4a99050
commit 8034c40
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/.werft/platform-delete-preview-environments-cron.ts b/.werft/platform-delete-preview-environments-cron.ts
@@ -5,6 +5,7 @@ import { wipePreviewEnvironmentAndNamespace, helmInstallName, listAllPreviewName
 import { exec } from './util/shell';
 import { previewNameFromBranchName } from './util/preview';
 import { CORE_DEV_KUBECONFIG_PATH, HARVESTER_KUBECONFIG_PATH } from './jobs/build/const';
+import {deleteDNSRecord} from "./util/gcloud";
 
 // for testing purposes
 // if set to 'true' it shows only previews that would be deleted
@@ -81,7 +82,10 @@ async function deletePreviewEnvironments() {
             const promises: Promise<any>[] = [];
             previewsToDelete.forEach(preview => {
                 werft.log("deleting preview", preview)
-                promises.push(wipePreviewEnvironmentAndNamespace(helmInstallName, preview, CORE_DEV_KUBECONFIG_PATH, { slice: `Deleting preview ${preview}` }))
+                promises.push(
+                    removeCertificate(preview, CORE_DEV_KUBECONFIG_PATH),
+                    removeStagingDNSRecord(preview),
+                    wipePreviewEnvironmentAndNamespace(helmInstallName, preview, CORE_DEV_KUBECONFIG_PATH, { slice: `Deleting preview ${preview}` }))
             })
             await Promise.all(promises)
         }
@@ -136,6 +140,39 @@ function isInactive(previewNS: string): boolean {
 
 }
 
+async function removeCertificate(preview: string, kubectlConfig: string) {
+    exec(`kubectl --kubeconfig ${kubectlConfig} -n certs delete cert ${preview}`)
+    return
+}
+
+// remove DNS records on the old generation of preview environments
+async function removeStagingDNSRecord(preview: string) {
+    return Promise.all([
+        deleteDNSRecord('A', `*.ws-dev.${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('A', `*.${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('A', `${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('A', `prometheus-${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('TXT', `prometheus-${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('A', `grafana-${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('TXT', `grafana-${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('TXT', `_acme-challenge.${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com'),
+        deleteDNSRecord('TXT', `_acme-challenge.ws-dev.${preview}.staging.gitpod-dev.com`, 'gitpod-dev', 'gitpod-dev-com')
+    ])
+}
+
+// remove DNS records on the new (Harvester based) generation of preview environments
+async function removePreviewDNSRecord(preview: string) {
+    return Promise.all([
+        deleteDNSRecord('A', `*.ws-dev.${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('A', `*.${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('A', `${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('A', `prometheus-${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('TXT', `prometheus-${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('A', `grafana-${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com'),
+        deleteDNSRecord('TXT', `grafana-${preview}.preview.gitpod-dev.com`, 'gitpod-core-dev', 'preview-gitpod-dev-com')
+    ])
+}
+
 async function cleanLoadbalancer() {
     const prepPhase = "prep clean loadbalancers"
     const fetchPhase = "fetching unuse loadbalancer"

diff --git a/.werft/util/gcloud.ts b/.werft/util/gcloud.ts
@@ -52,6 +52,19 @@ export async function createDNSRecord(options: {domain: string, projectId: strin
     }
 }
 
+export async function deleteDNSRecord(recordType: string, domain: string, projectId: string, dnsZone: string): Promise<void> {
+    const dnsClient = new DNS({
+        projectId: projectId,
+        keyFilename: GCLOUD_SERVICE_ACCOUNT_PATH,
+    })
+    const zone = dnsClient.zone(dnsZone)
+    const [records] = await zone.getRecords({ name: `${domain}.`, type: recordType })
+
+    await Promise.all(records.map(record => {
+        return record.delete()
+    }))
+}
+
 // matchesExistingRecord will return true only if the existing record matches the same name and IP.
 // If IP doesn't match, then the record needs to be replaced in a following step.
 async function matchesExistingRecord(zone: Zone, domain: string, IP: string): Promise<boolean> {