fix: use a new k8s_namespace column and use label based lookups

apps/api/src/pkg/testutil/harness.ts

@@ -269,6 +269,7 @@ export abstract class Harness {
       updatedAtM: null,
       deletedAtM: null,
       partitionId: null,
+      k8sNamespace: null,
     };
     const userWorkspace: Workspace = {
       id: newId("test"),
@@ -288,6 +289,7 @@ export abstract class Harness {
       updatedAtM: null,
       deletedAtM: null,
       partitionId: null,
+      k8sNamespace: null,
     };
 
     const unkeyKeyAuth: KeyAuth = {

apps/dashboard/lib/trpc/routers/workspace/create.ts

@@ -81,6 +81,7 @@ export const createWorkspace = t.procedure
           updatedAtM: null,
           deletedAtM: null,
           partitionId: null,
+          k8sNamespace: null,
         };
 
         await tx.insert(schema.workspaces).values(workspace);

go/apps/ctrl/workflows/project/create.go

@@ -39,15 +39,42 @@ func (s *Service) CreateProject(ctx restate.ObjectContext, req *hydrav1.CreatePr
 		return nil, err
 	}
 
+	k8sNamespace := workspace.K8sNamespace.String
+	// This should really be in a dedicated createWorkspace call I think,
+	// but this works for now
+	if k8sNamespace == "" {
+		k8sNamespace, err = restate.Run(ctx, func(runCtx restate.RunContext) (string, error) {
+			name := uid.Nano(12)
+			res, err := db.Query.UpdateWorkspaceK8sNamespace(runCtx, s.db.RW(), db.UpdateWorkspaceK8sNamespaceParams{
+				ID:           workspace.ID,
+				K8sNamespace: sql.NullString{Valid: true, String: name},
+			})
+			if err != nil {
+				return "", err
+			}
+			affected, err := res.RowsAffected()
+			if err != nil {
+				return "", err
+			}
+			if affected != 1 {
+				return "", errors.New("failed to update workspace k8s namespace")
+			}
+			return name, nil
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	projectID, err := restate.Run(ctx, func(runCtx restate.RunContext) (string, error) {
 		return uid.New(uid.ProjectPrefix), nil
 	}, restate.WithName("generate project ID"))
 	if err != nil {
 		return nil, err
 	}
 
-	_, err = restate.Run(ctx, func(runCtx restate.RunContext) (restate.Void, error) {
-		return restate.Void{}, db.Query.InsertProject(runCtx, s.db.RW(), db.InsertProjectParams{
+	err = restate.RunVoid(ctx, func(runCtx restate.RunContext) error {
+		return db.Query.InsertProject(runCtx, s.db.RW(), db.InsertProjectParams{
 			ID:               projectID,
 			WorkspaceID:      workspace.ID,
 			Name:             req.Name,
@@ -81,8 +108,8 @@ func (s *Service) CreateProject(ctx restate.ObjectContext, req *hydrav1.CreatePr
 			return nil, err
 		}
 
-		_, err = restate.Run(ctx, func(runCtx restate.RunContext) (restate.Void, error) {
-			return restate.Void{}, db.Query.InsertEnvironment(runCtx, s.db.RW(), db.InsertEnvironmentParams{
+		err = restate.RunVoid(ctx, func(runCtx restate.RunContext) error {
+			return db.Query.InsertEnvironment(runCtx, s.db.RW(), db.InsertEnvironmentParams{
 				ID:            environmentID,
 				WorkspaceID:   workspace.ID,
 				ProjectID:     projectID,
@@ -109,10 +136,10 @@ func (s *Service) CreateProject(ctx restate.ObjectContext, req *hydrav1.CreatePr
 			replicas = uint32(3)
 		}
 
-		_, err = restate.Run(ctx, func(runCtx restate.RunContext) (restate.Void, error) {
+		err = restate.RunVoid(ctx, func(runCtx restate.RunContext) error {
 			_, err := s.krane.CreateGateway(runCtx, connect.NewRequest(&kranev1.CreateGatewayRequest{
 				Gateway: &kranev1.GatewayRequest{
-					Namespace:     workspace.ID,
+					Namespace:     k8sNamespace,
 					WorkspaceId:   workspace.ID,
 					GatewayId:     gatewayID,
 					Image:         "nginx:latest", // TODO
@@ -121,7 +148,7 @@ func (s *Service) CreateProject(ctx restate.ObjectContext, req *hydrav1.CreatePr
 					MemorySizeMib: uint64(256),
 				},
 			}))
-			return restate.Void{}, err
+			return err
 		}, restate.WithName("provision gateway"))
 
 		if err != nil {

go/apps/krane/backend/kubernetes/deployment_create.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"connectrpc.com/connect"
+	"github.com/unkeyed/unkey/go/apps/krane/backend/kubernetes/labels"
 	kranev1 "github.com/unkeyed/unkey/go/gen/proto/krane/v1"
 	"github.com/unkeyed/unkey/go/pkg/ptr"
 	appsv1 "k8s.io/api/apps/v1"
@@ -67,12 +68,14 @@ import (
 // Returns DEPLOYMENT_STATUS_PENDING as pods may not be immediately scheduled
 // and ready for traffic after creation.
 func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1.CreateDeploymentRequest]) (*connect.Response[kranev1.CreateDeploymentResponse], error) {
-	k8sDeploymentID := safeIDForK8s(req.Msg.GetDeployment().GetDeploymentId())
-	namespace := safeIDForK8s(req.Msg.GetDeployment().GetNamespace())
+
+	namespace := req.Msg.GetDeployment().GetNamespace()
+	deploymentID := req.Msg.GetDeployment().GetDeploymentId()
+	const krane = "krane"
 
 	k.logger.Info("creating deployment",
 		"namespace", namespace,
-		"deployment_id", k8sDeploymentID,
+		"deployment_id", deploymentID,
 	)
 
 	service, err := k.clientset.CoreV1().
@@ -88,23 +91,20 @@ func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1
 			//nolint:exhaustruct
 			&corev1.Service{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      k8sDeploymentID,
-					Namespace: namespace,
+					GenerateName: "svc-",
+					Namespace:    namespace,
 					Labels: map[string]string{
-						"unkey.deployment.id": k8sDeploymentID,
-						"unkey.managed.by":    "krane",
-					},
-
-					Annotations: map[string]string{
-						"unkey.deployment.id": k8sDeploymentID,
+						labels.DeploymentID: deploymentID,
+						labels.ManagedBy:    krane,
 					},
 				},
 
 				//nolint:exhaustruct
 				Spec: corev1.ServiceSpec{
 					Type: corev1.ServiceTypeClusterIP, // Use ClusterIP for internal communication
 					Selector: map[string]string{
-						"unkey.deployment.id": k8sDeploymentID,
+						labels.DeploymentID: deploymentID,
+						labels.ManagedBy:    krane,
 					},
 					ClusterIP:                "None",
 					PublishNotReadyAddresses: true,
@@ -130,11 +130,11 @@ func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1
 		//nolint: exhaustruct
 		&appsv1.StatefulSet{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      k8sDeploymentID,
-				Namespace: namespace,
+				GenerateName: "dpl-",
+				Namespace:    namespace,
 				Labels: map[string]string{
-					"unkey.deployment.id": k8sDeploymentID,
-					"unkey.managed.by":    "krane",
+					labels.DeploymentID: deploymentID,
+					labels.ManagedBy:    krane,
 				},
 			},
 
@@ -144,14 +144,14 @@ func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1
 				Replicas:    ptr.P(int32(req.Msg.GetDeployment().GetReplicas())), //nolint: gosec
 				Selector: &metav1.LabelSelector{
 					MatchLabels: map[string]string{
-						"unkey.deployment.id": k8sDeploymentID,
+						labels.DeploymentID: deploymentID,
 					},
 				},
 				Template: corev1.PodTemplateSpec{
 					ObjectMeta: metav1.ObjectMeta{
 						Labels: map[string]string{
-							"unkey.deployment.id": k8sDeploymentID,
-							"unkey.managed.by":    "krane",
+							labels.DeploymentID: deploymentID,
+							labels.ManagedBy:    krane,
 						},
 						Annotations: map[string]string{},
 					},
@@ -171,7 +171,7 @@ func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1
 						RestartPolicy: corev1.RestartPolicyAlways,
 						Containers: []corev1.Container{
 							{
-								Name:  "todo",
+
 								Image: req.Msg.GetDeployment().GetImage(),
 								Ports: []corev1.ContainerPort{
 									{
@@ -219,7 +219,7 @@ func (k *k8s) CreateDeployment(ctx context.Context, req *connect.Request[kranev1
 		{
 			APIVersion: "apps/v1",
 			Kind:       "StatefulSet",
-			Name:       k8sDeploymentID,
+			Name:       sfs.Name,
 			UID:        sfs.UID,
 		},
 	}

go/apps/krane/backend/kubernetes/deployment_delete.go

@@ -3,7 +3,6 @@ package kubernetes
 import (
 	"context"
 	"fmt"
-	"strings"
 
 	"connectrpc.com/connect"
 	kranev1 "github.com/unkeyed/unkey/go/gen/proto/krane/v1"
@@ -15,32 +14,72 @@ import (
 // DeleteDeployment removes a deployment and all associated Kubernetes resources.
 //
 // This method performs a complete cleanup of a deployment by removing both
-// the Service and StatefulSet resources. The cleanup follows Kubernetes
-// best practices for resource deletion with background propagation to
-// ensure associated pods and other resources are properly terminated.
+// the Service and StatefulSet resources. Resources are selected by their
+// deployment-id label rather than by name, following Kubernetes best practices
+// for resource management.
 func (k *k8s) DeleteDeployment(ctx context.Context, req *connect.Request[kranev1.DeleteDeploymentRequest]) (*connect.Response[kranev1.DeleteDeploymentResponse], error) {
-	k8sDeploymentID := strings.ReplaceAll(req.Msg.GetDeploymentId(), "_", "-")
-	namespace := safeIDForK8s(req.Msg.GetNamespace())
+	deploymentID := req.Msg.GetDeploymentId()
+	namespace := req.Msg.GetNamespace()
 
 	k.logger.Info("deleting deployment",
 		"namespace", namespace,
-		"deployment_id", k8sDeploymentID,
+		"deployment_id", deploymentID,
 	)
 
+	// Create label selector for this deployment
+	labelSelector := fmt.Sprintf("deployment-id=%s", deploymentID)
+
 	//nolint: exhaustruct
-	err := k.clientset.CoreV1().Services(namespace).Delete(ctx, k8sDeploymentID, metav1.DeleteOptions{
+	deleteOptions := metav1.DeleteOptions{
 		PropagationPolicy: ptr.P(metav1.DeletePropagationBackground),
+	}
+
+	// List and delete Services with this deployment-id label
+	//nolint: exhaustruct
+	serviceList, err := k.clientset.CoreV1().Services(namespace).List(ctx, metav1.ListOptions{
+		LabelSelector: labelSelector,
 	})
-	if err != nil && !apierrors.IsNotFound(err) {
-		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to delete service: %w", err))
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to list services: %w", err))
 	}
 
+	for _, service := range serviceList.Items {
+		k.logger.Debug("deleting service",
+			"name", service.Name,
+			"deployment_id", deploymentID,
+		)
+		err = k.clientset.CoreV1().Services(namespace).Delete(ctx, service.Name, deleteOptions)
+		if err != nil && !apierrors.IsNotFound(err) {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to delete service %s: %w", service.Name, err))
+		}
+	}
+
+	// List and delete StatefulSets with this deployment-id label
 	//nolint: exhaustruct
-	err = k.clientset.AppsV1().StatefulSets(namespace).Delete(ctx, k8sDeploymentID, metav1.DeleteOptions{
-		PropagationPolicy: ptr.P(metav1.DeletePropagationBackground),
+	statefulSetList, err := k.clientset.AppsV1().StatefulSets(namespace).List(ctx, metav1.ListOptions{
+		LabelSelector: labelSelector,
 	})
-	if err != nil && !apierrors.IsNotFound(err) {
-		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to delete deployment: %w", err))
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to list statefulsets: %w", err))
 	}
+
+	for _, statefulSet := range statefulSetList.Items {
+		k.logger.Debug("deleting statefulset",
+			"name", statefulSet.Name,
+			"deployment_id", deploymentID,
+		)
+		err = k.clientset.AppsV1().StatefulSets(namespace).Delete(ctx, statefulSet.Name, deleteOptions)
+		if err != nil && !apierrors.IsNotFound(err) {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to delete statefulset %s: %w", statefulSet.Name, err))
+		}
+	}
+
+	k.logger.Info("deployment deleted successfully",
+		"namespace", namespace,
+		"deployment_id", deploymentID,
+		"services_deleted", len(serviceList.Items),
+		"statefulsets_deleted", len(statefulSetList.Items),
+	)
+
 	return connect.NewResponse(&kranev1.DeleteDeploymentResponse{}), nil
 }