Merge branch 'main' of https://github.com/KarimZakzouk/Graduation-Project-Devops

karimzakzouk · karimzakzouk · commit 0361166358f8 · 2025-08-31T07:45:15.000+03:00
diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -424,117 +424,85 @@ jobs:
         run: |
           #!/bin/bash
           
-          echo "🗑️ Starting enhanced namespace deletion process..."
+          echo "Starting namespace deletion process..."
           
-          # Function to completely force delete a namespace
-          force_delete_namespace() {
+          # Function to delete a namespace with proper error handling
+          delete_namespace() {
             local ns=$1
-            echo "========== Processing namespace: $ns =========="
+            echo "Processing namespace: $ns"
             
+            # Check if namespace exists
             if ! kubectl get namespace "$ns" &>/dev/null; then
-              echo "✅ Namespace $ns does not exist, skipping..."
+              echo "Namespace $ns does not exist, skipping..."
               return 0
             fi
             
-            echo "📋 Current namespace status:"
-            kubectl get namespace $ns -o wide || true
+            echo "Namespace $ns exists, proceeding with deletion..."
             
-            # Step 1: Final resource cleanup in the namespace
-            echo "🧹 Final cleanup of all resources in namespace $ns..."
+            # Step 1: Remove finalizers from all resources
+            echo "Removing finalizers from resources in $ns..."
+            kubectl api-resources --verbs=list --namespaced -o name 2>/dev/null | \
+              grep -v events | \
+              xargs -I {} bash -c "kubectl get {} -n $ns -o name 2>/dev/null | xargs -I {} kubectl patch {} -n $ns -p '{\"metadata\":{\"finalizers\":[]}}' --type=merge 2>/dev/null || true"
             
-            # Remove finalizers from all resources in the namespace
-            for resource_type in $(kubectl api-resources --verbs=list --namespaced -o name 2>/dev/null | grep -v events); do
-              kubectl get $resource_type -n $ns -o json 2>/dev/null | \
-                jq -r '.items[]? | select(.metadata.finalizers) | .metadata.name' 2>/dev/null | \
-                while read resource_name; do
-                  if [[ -n "$resource_name" ]]; then
-                    echo "    Removing finalizers from $resource_type/$resource_name"
-                    kubectl patch $resource_type $resource_name -n $ns -p '{"metadata":{"finalizers":[]}}' --type=merge 2>/dev/null || true
-                  fi
-                done
-            done
+            # Step 2: Delete the namespace with extended timeout
+            echo "Deleting namespace $ns..."
+            if kubectl delete namespace "$ns" --timeout=180s --ignore-not-found; then
+              echo "Successfully deleted namespace $ns"
+              return 0
+            fi
             
-            # Step 2: Try graceful deletion first
-            echo "🔄 Attempting graceful namespace deletion..."
-            kubectl delete namespace $ns --timeout=60s --ignore-not-found &
-            DELETE_PID=$!
+            # Step 3: Force deletion if graceful deletion failed
+            echo "Graceful deletion failed, attempting force deletion..."
             
-            # Wait for graceful deletion
-            sleep 30
+            # Remove namespace finalizers
+            kubectl patch namespace "$ns" -p '{"metadata":{"finalizers":[]}}' --type=merge 2>/dev/null || true
             
-            # Step 3: If still exists, force delete
-            if kubectl get namespace $ns --ignore-not-found 2>/dev/null; then
-              echo "⚡ Graceful deletion failed, forcing deletion..."
-              
-              # Kill the background delete process
-              kill $DELETE_PID 2>/dev/null || true
-              
-              # Get current namespace JSON and remove finalizers
-              kubectl get namespace $ns -o json | \
-                jq 'del(.spec.finalizers[])' | \
-                kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f - 2>/dev/null || true
-              
-              # Alternative approach - patch the namespace directly
-              kubectl patch namespace $ns -p '{"metadata":{"finalizers":[]}}' --type=merge 2>/dev/null || true
-              
-              # Wait a bit more
-              sleep 15
-              
-              # Final check and force if needed
-              if kubectl get namespace $ns --ignore-not-found 2>/dev/null; then
-                echo "🚨 Trying nuclear option - direct deletion..."
-                
-                # Delete the namespace object directly
-                kubectl delete namespace $ns --force --grace-period=0 2>/dev/null || true
-                
-                # Patch with empty spec
-                kubectl patch namespace $ns -p '{"spec":{"finalizers":[]}}' --type=merge 2>/dev/null || true
-                kubectl patch namespace $ns -p '{"metadata":{"finalizers":[]}}' --type=merge 2>/dev/null || true
-                
-                sleep 10
-              fi
-            fi
+            # Force delete with zero grace period
+            kubectl delete namespace "$ns" --force --grace-period=0 2>/dev/null || true
             
-            # Final verification
-            if kubectl get namespace $ns --ignore-not-found 2>/dev/null; then
-              echo "❌ WARNING: Namespace $ns still exists after all attempts"
-              echo "📋 Final namespace details:"
-              kubectl get namespace $ns -o yaml || true
+            # Wait a moment and check
+            sleep 10
+            
+            if kubectl get namespace "$ns" &>/dev/null; then
+              echo "WARNING: Namespace $ns still exists after force deletion attempts"
               return 1
             else
-              echo "✅ Successfully deleted namespace $ns"
+              echo "Successfully force-deleted namespace $ns"
               return 0
             fi
           }
           
           # Array of namespaces to delete
-          NAMESPACES=("${{ vars.APP_NAMESPACE }}" "${{ vars.MONITORING_NAMESPACE }}" "${{ vars.ARGOCD_NAMESPACE }}" "ingress-nginx" "${{ vars.KARPENTER_NAMESPACE }}")
+          NAMESPACES=("my-solar-system-app-namespace" "my-solar-system-app-monitoring" "my-solar-system-app-argocd" "ingress-nginx" "karpenter")
           
-          # Delete each namespace
+          # Track failed deletions
           FAILED_NAMESPACES=()
+          
+          # Delete each namespace
           for ns in "${NAMESPACES[@]}"; do
             if [[ -n "$ns" ]]; then
-              if ! force_delete_namespace "$ns"; then
+              if ! delete_namespace "$ns"; then
                 FAILED_NAMESPACES+=("$ns")
               fi
-              echo ""
+              echo "----------------------------------------"
             fi
           done
           
           # Summary
-          echo "========== NAMESPACE CLEANUP SUMMARY =========="
-          echo "📊 Remaining namespaces:"
-          kubectl get namespaces || true
+          echo "CLEANUP SUMMARY"
+          echo "Remaining namespaces:"
+          kubectl get namespaces 2>/dev/null || echo "Could not list namespaces"
           
           if [[ ${#FAILED_NAMESPACES[@]} -eq 0 ]]; then
-            echo "✅ All target namespaces successfully deleted!"
+            echo "All target namespaces successfully deleted"
+            exit 0
           else
-            echo "❌ Failed to delete namespaces: ${FAILED_NAMESPACES[*]}"
-            echo "⚠️  You may need to check these manually after terraform destroy completes"
-            # Don't fail the workflow for namespace cleanup issues
+            echo "Failed to delete namespaces: ${FAILED_NAMESPACES[*]}"
+            echo "These may need manual cleanup"
+            # Don't fail the workflow - this is cleanup, not critical infrastructure
+            exit 0
           fi
-          
-          echo "✅ Namespace deletion process completed"
         continue-on-error: true
 
       # ==================================================
diff --git a/.github/workflows/endpoints.yml b/.github/workflows/endpoints.yml
@@ -55,7 +55,9 @@ jobs:
           APP_HOST=$(kubectl get svc ${{ inputs.app_name }}-svc -n ${{ inputs.app_namespace }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
 
           # Monitoring ingress information
-          NGINX_HOSTNAME=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+          MONITORING_DOMAIN=$(kubectl get ingress -n ${{ inputs.monitoring_namespace }} -o jsonpath='{.items[0].spec.rules[0].host}' 2>/dev/null || echo 'Not found')
+          INGRESS_IP=$(kubectl get ingress -n ${{ inputs.monitoring_namespace }} -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo '')
+          INGRESS_HOSTNAME=$(kubectl get ingress -n ${{ inputs.monitoring_namespace }} -o jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo '')
 
           # NGINX ingress controller LoadBalancer
           NGINX_LB=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
@@ -65,23 +67,48 @@ jobs:
           echo "🌟 App: http://$APP_HOST"
           echo ""
           echo "📊 Monitoring Services (via Ingress):"
-          if [ "$NGINX_HOSTNAME" != "Not found" ]; then
-            echo "   Domain: $NGINX_HOSTNAME"
-            echo "   📊 Prometheus: http://$NGINX_HOSTNAME/prometheus"
-            echo "   📈 Grafana: http://$NGINX_HOSTNAME/grafana"
-            echo "   🚨 Alertmanager: http://$NGINX_HOSTNAME/alertmanager"
+          if [ "$MONITORING_DOMAIN" != "Not found" ]; then
+            echo "   Domain: $MONITORING_DOMAIN"
+            echo "   📊 Prometheus: http://$MONITORING_DOMAIN/prometheus"
+            echo "   📈 Grafana: http://$MONITORING_DOMAIN/grafana"
+            echo "   🚨 Alertmanager: http://$MONITORING_DOMAIN/alertmanager"
+            echo ""
+            echo "   Ingress Status:"
+            [ ! -z "$INGRESS_IP" ] && echo "   IP: $INGRESS_IP"
+            [ ! -z "$INGRESS_HOSTNAME" ] && echo "   LoadBalancer: $INGRESS_HOSTNAME"
+          else
+            echo "   ⚠️  Ingress not found or not ready"
           fi
+
           echo ""
           echo "🌐 NGINX Ingress Controller: $NGINX_LB"
 
+          echo ""
+          echo "================= DETAILED INGRESS STATUS ================="
+          echo "All Ingress Resources:"
+          kubectl get ingress -A -o wide 2>/dev/null || echo "No ingress resources found"
+          echo ""
+          echo "Monitoring Namespace Ingress Details:"
+          kubectl describe ingress -n ${{ inputs.monitoring_namespace }} 2>/dev/null || echo "No ingress in monitoring namespace"
+
+          echo ""
+          echo "================= SERVICE STATUS ================="
+          echo "Monitoring Services (should be ClusterIP):"
+          kubectl get svc -n ${{ inputs.monitoring_namespace }} -l app.kubernetes.io/instance=kube-prometheus-stack 2>/dev/null || echo "No monitoring services found"
+
+          echo ""
+          echo "All LoadBalancer Services:"
+          kubectl get svc -A --field-selector spec.type=LoadBalancer -o wide 2>/dev/null || echo "No LoadBalancer services found"
+
+          echo ""
+          echo "NGINX Ingress Controller Status:"
+          kubectl get svc -n ingress-nginx -o wide 2>/dev/null || echo "NGINX Ingress Controller not found"
+
           echo ""
           echo "================= DEFAULT CREDENTIALS ================="
           ARGOCD_PASS=$(kubectl -n ${{ inputs.argocd_namespace }} get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' 2>/dev/null | base64 -d || echo 'Not found')
           echo "ArgoCD -> Username: admin"
           echo "ArgoCD -> Password: $ARGOCD_PASS"
           echo "Grafana -> Username: admin"
-          echo "Grafana -> Password: (stored in GitHub Secrets, not printed)"
+          echo "Grafana -> Password: ${{ secrets.GRAFANA_PASSWORD }}"
           echo "Prometheus -> No login needed (anonymous access by default)"
-          echo "Alertmanager -> No login needed (anonymous access by default)"
-          echo ""
-          echo "⚠️  Note: It may take a few minutes for LoadBalancer endpoints to become fully available after deployment."
diff --git a/Terraform/terraform.tfvars b/Terraform/terraform.tfvars
@@ -28,7 +28,7 @@ node_groups = {
     ssh_key_name = "MyPairKey"
   }
 }
-
+ 
 # Kubernetes Namespace
 app_namespace        = "my-solar-system-app-namespace"
 monitoring_namespace = "my-solar-system-app-monitoring"
@@ -46,4 +46,4 @@ karpenter_namespace        = "karpenter"
 karpenter_controller_cpu_request    = "200m"  # Reduced from 500m
 karpenter_controller_memory_request = "256Mi" # Reduced from 512Mi
 karpenter_controller_cpu_limit      = "500m"  # Reduced from 1
-karpenter_controller_memory_limit   = "512Mi" # Reduced from 1Gi
+karpenter_controller_memory_limit   = "512Mi" # Reduced from 1Gi

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ node_groups = {`
`28`	`28`	`ssh_key_name = "MyPairKey"`
`29`	`29`	`}`
`30`	`30`	`}`
`31`		`-`
	`31`	`+`
`32`	`32`	`# Kubernetes Namespace`
`33`	`33`	`app_namespace = "my-solar-system-app-namespace"`
`34`	`34`	`monitoring_namespace = "my-solar-system-app-monitoring"`
`@@ -46,4 +46,4 @@ karpenter_namespace = "karpenter"`
`46`	`46`	`karpenter_controller_cpu_request = "200m" # Reduced from 500m`
`47`	`47`	`karpenter_controller_memory_request = "256Mi" # Reduced from 512Mi`
`48`	`48`	`karpenter_controller_cpu_limit = "500m" # Reduced from 1`
`49`		`-karpenter_controller_memory_limit = "512Mi" # Reduced from 1Gi`
	`49`	`+karpenter_controller_memory_limit = "512Mi" # Reduced from 1Gi`