IDATG2900-Quicksand · majame · May 11, 2025 · May 7, 2025 · May 11, 2025 · May 11, 2025
diff --git a/.github/workflows/deploy_kubernetes.yml b/.github/workflows/deploy_kubernetes.yml
@@ -66,14 +66,29 @@ jobs:
         env:
           KUBECONFIG: ./talos-config/kubeconfig
 
-        # Sometimes there might be DNS problems. This step will stop
-        # and restart the DNS services to ensure it works as expected
+        # Sometimes there might be DNS problems. This step
+        # will try to fix the problems if there are any
       - name: Fix potential DNS problems
         run: |
-          sleep 10
-          kubectl delete pod -n kube-system -l k8s-app=kube-dns
-          sleep 20
-          kubectl get pods -n strelka
+          echo "Waiting initial 90 seconds before first DNS test..."
+          sleep 90
+          
+          for i in {1..15}; do
+          
+            POD_NAME=$(kubectl get pods -n strelka -l app=strelka-frontend -o jsonpath='{.items[0].metadata.name}')
+          
+            if kubectl exec -n strelka "$POD_NAME" -- nslookup strelka-postgresdb.strelka.svc.cluster.local; then
+              echo "DNS test $i succeeded. Exiting loop."
+              exit 0
+            fi
+
+            echo "DNS test $i failed. Restarting kube-dns pods and retrying in 90 seconds..."
+            kubectl delete pod -n kube-system -l k8s-app=kube-dns
+            sleep 90
+          done
+
+          echo "All DNS tests failed."
+          exit 1
         working-directory: ${{ env.WORKING_DIR }}
         env:
           KUBECONFIG: ./talos-config/kubeconfig

diff --git a/.github/workflows/deploy_misp.yml b/.github/workflows/deploy_misp.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - 'main'
-      - 'maja'
     paths:
       - 'misp/**'
       - 'modules/misp/**'

diff --git a/management_bootstrap/modules/github_runner/runner-config.yaml b/management_bootstrap/modules/github_runner/runner-config.yaml
@@ -13,6 +13,9 @@ runcmd:
   - chmod 600 /home/runner_user/ansible/id_rsa
   - chmod 600 /home/runner_user/ansible/clouds.yaml
 
+  # Create the kubeconfig file
+  - touch /home/runner_user/kubeconfig
+
   # Install Docker
   - sudo dnf -y install dnf-plugins-core
   - sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
@@ -35,9 +38,10 @@ runcmd:
     -e FILE_NAME="${FILE_NAME}" \
     -e ENVIRONMENT="${ENVIRONMENT}" \
     -p 8080:22 \
-    -v /home/runner_user/ansible/id_rsa:/home/runner_user/.ssh/id_rsa \
-    -v /home/runner_user/ansible/clouds.yaml:/etc/ansible/clouds.yaml \
-    -v /home/runner_user/ansible/openstack.yaml:/etc/ansible/openstack.yaml \
+    -v /home/runner_user/ansible/id_rsa:/home/runner_user/.ssh/id_rsa:ro \
+    -v /home/runner_user/ansible/clouds.yaml:/etc/ansible/clouds.yaml:ro \
+    -v /home/runner_user/ansible/openstack.yaml:/etc/ansible/openstack.yaml:ro \
+    -v /home/runner_user/test1:/home/runner_user/kubeconfig \
     runner_image'
 
 users:
@@ -64,6 +68,23 @@ write_files:
       RUN dnf install -y python3-pip && \
           python3 -m pip install --upgrade pip
       RUN pip3 install ansible openstacksdk
+      
+      # Install kubectl
+      RUN cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+      [kubernetes]
+      name=Kubernetes
+      baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
+      enabled=1
+      gpgcheck=1
+      gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
+      EOF
+      RUN yum install -y kubectl
+      
+      # Install Helm
+      RUN curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+      RUN chmod 700 get_helm.sh && \
+          ./get_helm.sh
+      
 
       # Install other dependencies that requires sudo privileges
       RUN yum install -y lttng-ust openssl-libs krb5-libs zlib libicu perl-Digest-SHA

diff --git a/modules/security/main.tf b/modules/security/main.tf
@@ -5,30 +5,13 @@ resource "openstack_networking_secgroup_v2" "allow_all_egress" {
   count                = var.create_security_groups ? 1 : 0
   name                 = "${var.kubernetes_cluster_name}-allow-all-ipv4-ipv6-egress"
   description          = "Allows all IPv4 and IPv6 egress traffic"
-  delete_default_rules = true
 }
 
 data "openstack_networking_secgroup_v2" "allow_all_egress" {
   count = var.create_security_groups ? 0 : 1
   name  = "${var.kubernetes_cluster_name}-allow-all-ipv4-ipv6-egress"
 }
 
-resource "openstack_networking_secgroup_rule_v2" "allow_all_ipv4_egress" {
-  count             = var.create_security_groups ? 1 : 0
-  direction         = "egress"
-  ethertype         = "IPv4"
-  remote_ip_prefix  = "0.0.0.0/0"
-  security_group_id = openstack_networking_secgroup_v2.allow_all_egress[0].id
-}
-
-resource "openstack_networking_secgroup_rule_v2" "allow_all_ipv6_egress" {
-  count             = var.create_security_groups ? 1 : 0
-  direction         = "egress"
-  ethertype         = "IPv6"
-  remote_ip_prefix  = "::/0"
-  security_group_id = openstack_networking_secgroup_v2.allow_all_egress[0].id
-}
-
 ##############################
 # Control Plane Security Group
 ##############################

diff --git a/modules/storage/main.tf b/modules/storage/main.tf
@@ -33,7 +33,7 @@ resource "null_resource" "kubernetes_readiness" {
       done
 
       # Store the KUBECONFIG file
-      cat $KUBECONFIG &>/home/runner_user/test1
+      cat $KUBECONFIG &>/home/runner_user/kubeconfig
 
       # Wait for API server to be responsive
       echo "Waiting for Kubernetes API to be available..."
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,7 +4,6 @@ on: @@
       push:
         branches:
           - 'main'
-          - 'maja'
         paths:
           - 'misp/**'
           - 'modules/misp/**'
@@ Expand Down @@