[ci skip] Fix dashy OOMKilled and healthcheck DNS false-failure

- Add explicit resource limits to dashy (2Gi memory) to prevent OOMKilled during webpack build on startup - Rewrite DNS healthcheck to test from inside the Technitium pod via kubectl exec, since MetalLB virtual IPs aren't reachable from outside the L2 network - Deleted orphaned kured/tls-secret (expired Oct 2025, module disabled, not mounted by kured DaemonSet)
2026-02-22 12:46:12 +00:00 · 2026-02-22 12:46:12 +00:00 · 53229fdbb9
commit 53229fdbb9
parent 9e58092460
2 changed files with 23 additions and 6 deletions
--- a/modules/kubernetes/dashy/main.tf
+++ b/modules/kubernetes/dashy/main.tf
@ -66,6 +66,16 @@ resource "kubernetes_deployment" "dashy" {
          image = "lissy93/dashy:latest"
          name  = "dashy"

+          resources {
+            requests = {
+              cpu    = "50m"
+              memory = "256Mi"
+            }
+            limits = {
+              cpu    = "1"
+              memory = "2Gi"
+            }
+          }
          port {
            container_port = 8080
          }
--- a/scripts/cluster_healthcheck.sh
+++ b/scripts/cluster_healthcheck.sh
@ -952,11 +952,18 @@ check_dns() {
    section 21 "DNS Resolution"
    local internal_ok=false external_ok=false detail=""

-    if dig @10.0.20.101 viktorbarzin.me +short +time=3 +tries=1 &>/dev/null; then
-        internal_ok=true
-    fi
-    if dig @10.0.20.101 google.com +short +time=3 +tries=1 &>/dev/null; then
-        external_ok=true
+    # Test DNS from inside the cluster via kubectl exec (MetalLB IPs may not be
+    # reachable from outside the L2 network)
+    local dns_pod
+    dns_pod=$($KUBECTL get pods -n technitium -l app=technitium -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)
+
+    if [[ -n "$dns_pod" ]]; then
+        if $KUBECTL exec -n technitium "$dns_pod" -- nslookup viktorbarzin.me 127.0.0.1 &>/dev/null; then
+            internal_ok=true
+        fi
+        if $KUBECTL exec -n technitium "$dns_pod" -- nslookup google.com 127.0.0.1 &>/dev/null; then
+            external_ok=true
+        fi
    fi

    if [[ "$internal_ok" == true && "$external_ok" == true ]]; then
@ -974,7 +981,7 @@ check_dns() {
        json_add "dns" "WARN" "$detail"
    else
        [[ "$QUIET" == true ]] && section_always 21 "DNS Resolution"
-        fail "DNS server 10.0.20.101 not resolving — both internal and external failed"
+        fail "DNS server (Technitium) not resolving — both internal and external failed"
        json_add "dns" "FAIL" "Both failed"
    fi
 }