Add: scripts de deploy completo com ImagePullSecret para cluster-admin

.github/workflows/openshift-deploy.yml

@@ -34,35 +34,24 @@ jobs:
       run: |
         python -c "import app.main; print('✅ App imports successfully')"
         
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Set up Podman
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y podman buildah skopeo
         
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=sha,prefix={{branch}}-
-          type=raw,value=latest,enable={{is_default_branch}}
-          
-    - name: Build and push Docker image
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
+    - name: Login to Docker Hub
+      run: |
+        echo "${{ secrets.DOCKERHUB_TOKEN }}" | podman login docker.io -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
+        
+    - name: Build and push image with Podman
+      run: |
+        # Build da imagem
+        podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} .
+        podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest .
+        
+        # Push das imagens
+        podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+        podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
         
     - name: Install OpenShift CLI
       run: |

Dockerfile.simple

@@ -0,0 +1,31 @@
+FROM python:3.11-slim
+
+# Instalar dependências do sistema
+RUN apt-get update && apt-get install -y \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Criar usuário não-root
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
+# Criar diretórios
+RUN mkdir -p /app /tmp/reports && \
+    chown -R appuser:appuser /app /tmp/reports
+
+# Instalar dependências Python
+COPY requirements.txt /app/
+WORKDIR /app
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copiar código da aplicação
+COPY app/ ./app/
+RUN chown -R appuser:appuser /app
+
+# Mudar para usuário não-root
+USER appuser
+
+# Expor porta
+EXPOSE 8080
+
+# Comando para executar a aplicação
+CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8080"]

Makefile

@@ -22,8 +22,8 @@ help: ## Mostrar ajuda
 	@echo "Comandos disponíveis:"
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "  $(GREEN)%-15s$(NC) %s\n", $$1, $$2}'
 
-build: ## Build da imagem Docker
-	@echo "$(YELLOW)📦 Building Docker image...$(NC)"
+build: ## Build da imagem com Podman
+	@echo "$(YELLOW)📦 Building container image with Podman...$(NC)"
 	@./scripts/build.sh $(TAG) $(REGISTRY)
 
 test: ## Testar a aplicação

README.md

@@ -38,6 +38,20 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além
 
 ### 2. Deploy no OpenShift
 
+#### Deploy Automático (Recomendado)
+```bash
+# Deploy completo com ImagePullSecret
+./scripts/deploy-complete.sh
+```
+
+Este script irá:
+- ✅ Criar namespace e RBAC
+- ✅ Configurar ImagePullSecret para Docker Hub
+- ✅ Deploy da aplicação
+- ✅ Configurar Service e Route
+- ✅ Verificar se tudo está funcionando
+
+#### Deploy Manual
 ```bash
 # Deploy padrão
 ./scripts/deploy.sh
@@ -49,6 +63,12 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além
 ./scripts/deploy.sh latest seu-usuario
 ```
 
+#### Undeploy
+```bash
+# Remover completamente a aplicação
+./scripts/undeploy-complete.sh
+```
+
 ### 3. Acesso à Aplicação
 
 Após o deploy, acesse a aplicação através da rota criada:

app/core/config.py

@@ -3,7 +3,7 @@ Configurações da aplicação
 """
 import os
 from typing import List, Optional
-from pydantic import BaseSettings
+from pydantic_settings import BaseSettings
 
 class Settings(BaseSettings):
     """Configurações da aplicação"""

k8s/daemonset-simple.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: resource-governance
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: resource-governance
+      app.kubernetes.io/component: governance
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: resource-governance
+        app.kubernetes.io/component: governance
+    spec:
+      serviceAccountName: resource-governance-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000940000
+        fsGroup: 1000940000
+      containers:
+      - name: resource-governance
+        image: python:3.11-slim
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+        command: ['sh', '-c']
+        args:
+        - |
+          apt-get update && apt-get install -y git curl
+          git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app
+          cd /tmp/app
+          pip install --no-cache-dir -r requirements.txt
+          python -m uvicorn app.main:app --host 0.0.0.0 --port 8080
+        env:
+        - name: KUBECONFIG
+          value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        - name: CPU_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CPU_LIMIT_RATIO
+        - name: MEMORY_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MEMORY_LIMIT_RATIO
+        - name: PROMETHEUS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: PROMETHEUS_URL
+        - name: VPA_NAMESPACES
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: VPA_NAMESPACES
+        - name: LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: LOG_LEVEL
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 60
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 5
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule

k8s/daemonset-with-init.yaml

@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: resource-governance
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: resource-governance
+      app.kubernetes.io/component: governance
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: resource-governance
+        app.kubernetes.io/component: governance
+    spec:
+      serviceAccountName: resource-governance-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000940000
+        fsGroup: 1000940000
+      initContainers:
+      - name: download-app
+        image: alpine/git:latest
+        command: ['sh', '-c']
+        args:
+        - |
+          git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app
+          cp -r /tmp/app/app /shared/
+          cp /tmp/app/requirements.txt /shared/
+        volumeMounts:
+        - name: app-code
+          mountPath: /shared
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+      containers:
+      - name: resource-governance
+        image: python:3.11-slim
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+        command: ['sh', '-c']
+        args:
+        - |
+          pip install --no-cache-dir -r /app/requirements.txt
+          python -m uvicorn app.main:app --host 0.0.0.0 --port 8080
+        volumeMounts:
+        - name: app-code
+          mountPath: /app
+        env:
+        - name: KUBECONFIG
+          value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        - name: CPU_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CPU_LIMIT_RATIO
+        - name: MEMORY_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MEMORY_LIMIT_RATIO
+        - name: PROMETHEUS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: PROMETHEUS_URL
+        - name: VPA_NAMESPACES
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: VPA_NAMESPACES
+        - name: LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: LOG_LEVEL
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+      volumes:
+      - name: app-code
+        emptyDir: {}
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule

k8s/daemonset.yaml

@@ -18,18 +18,27 @@ spec:
         app.kubernetes.io/component: governance
     spec:
       serviceAccountName: resource-governance-sa
+      imagePullSecrets:
+      - name: docker-hub-secret
       securityContext:
         runAsNonRoot: true
-        runAsUser: 1000
-        fsGroup: 1000
+        runAsUser: 1000940000
+        fsGroup: 1000940000
       containers:
       - name: resource-governance
-        image: resource-governance:latest
+        image: andersonid/openshift-resource-governance:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
           name: http
           protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
         env:
         - name: KUBECONFIG
           value: "/var/run/secrets/kubernetes.io/serviceaccount/token"

requirements.txt

@@ -4,6 +4,7 @@ kubernetes==28.1.0
 prometheus-client==0.19.0
 requests==2.31.0
 pydantic==2.5.0
+pydantic-settings==2.1.0
 python-multipart==0.0.6
 jinja2==3.1.2
 aiofiles==23.2.1
@@ -12,3 +13,4 @@ reportlab==4.0.7
 python-jose[cryptography]==3.3.0
 passlib[bcrypt]==1.7.4
 python-dotenv==1.0.0
+aiohttp==3.9.1

scripts/build-and-push.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# Script de build e push para OpenShift Resource Governance Tool usando Podman
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configurações
+IMAGE_NAME="resource-governance"
+TAG="${1:-latest}"
+REGISTRY="${2:-andersonid}"
+FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}"
+
+echo -e "${BLUE}🚀 Building and Pushing OpenShift Resource Governance Tool${NC}"
+echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}"
+
+# Verificar se Podman está instalado
+if ! command -v podman &> /dev/null; then
+    echo -e "${RED}❌ Podman não está instalado. Instale o Podman e tente novamente.${NC}"
+    exit 1
+fi
+
+# Buildah é opcional, Podman pode fazer o build
+
+# Build da imagem
+echo -e "${YELLOW}📦 Building container image with Podman...${NC}"
+podman build -t "${FULL_IMAGE_NAME}" .
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Image built successfully!${NC}"
+else
+    echo -e "${RED}❌ Build failed!${NC}"
+    exit 1
+fi
+
+# Testar a imagem
+echo -e "${YELLOW}🧪 Testing image...${NC}"
+podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')"
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Image test passed!${NC}"
+else
+    echo -e "${RED}❌ Image test failed!${NC}"
+    exit 1
+fi
+
+# Login no Docker Hub
+echo -e "${YELLOW}🔐 Logging into Docker Hub...${NC}"
+podman login docker.io
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Login successful!${NC}"
+else
+    echo -e "${RED}❌ Login failed!${NC}"
+    exit 1
+fi
+
+# Push da imagem
+echo -e "${YELLOW}📤 Pushing image to Docker Hub...${NC}"
+podman push "${FULL_IMAGE_NAME}"
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Image pushed successfully!${NC}"
+else
+    echo -e "${RED}❌ Push failed!${NC}"
+    exit 1
+fi
+
+# Mostrar informações da imagem
+echo -e "${BLUE}📊 Image information:${NC}"
+podman images "${FULL_IMAGE_NAME}"
+
+echo -e "${GREEN}🎉 Build and push completed successfully!${NC}"
+echo -e "${BLUE}🌐 Image available at: https://hub.docker.com/r/${REGISTRY}/${IMAGE_NAME}${NC}"
+echo -e "${BLUE}🚀 Ready for deployment!${NC}"

scripts/build.sh

@@ -19,15 +19,15 @@ FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}"
 echo -e "${BLUE}🚀 Building OpenShift Resource Governance Tool${NC}"
 echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}"
 
-# Verificar se Docker está rodando
-if ! docker info > /dev/null 2>&1; then
-    echo -e "${RED}❌ Docker não está rodando. Inicie o Docker e tente novamente.${NC}"
+# Verificar se Podman está instalado
+if ! command -v podman &> /dev/null; then
+    echo -e "${RED}❌ Podman não está instalado. Instale o Podman e tente novamente.${NC}"
     exit 1
 fi
 
 # Build da imagem
-echo -e "${YELLOW}📦 Building Docker image...${NC}"
-docker build -t "${FULL_IMAGE_NAME}" .
+echo -e "${YELLOW}📦 Building container image with Podman...${NC}"
+podman build -t "${FULL_IMAGE_NAME}" .
 
 if [ $? -eq 0 ]; then
     echo -e "${GREEN}✅ Image built successfully!${NC}"
@@ -38,7 +38,7 @@ fi
 
 # Testar a imagem
 echo -e "${YELLOW}🧪 Testing image...${NC}"
-docker run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')"
+podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')"
 
 if [ $? -eq 0 ]; then
     echo -e "${GREEN}✅ Image test passed!${NC}"
@@ -49,10 +49,10 @@ fi
 
 # Mostrar informações da imagem
 echo -e "${BLUE}📊 Image information:${NC}"
-docker images "${FULL_IMAGE_NAME}"
+podman images "${FULL_IMAGE_NAME}"
 
 echo -e "${GREEN}🎉 Build completed successfully!${NC}"
 echo -e "${BLUE}To push to registry:${NC}"
-echo -e "  docker push ${FULL_IMAGE_NAME}"
+echo -e "  podman push ${FULL_IMAGE_NAME}"
 echo -e "${BLUE}To run locally:${NC}"
-echo -e "  docker run -p 8080:8080 ${FULL_IMAGE_NAME}"
+echo -e "  podman run -p 8080:8080 ${FULL_IMAGE_NAME}"

scripts/deploy-complete.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+
+# Script completo de deploy para OpenShift Resource Governance Tool
+# Para ser executado por qualquer cluster-admin
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configurações
+NAMESPACE="resource-governance"
+APP_NAME="resource-governance"
+SECRET_NAME="docker-hub-secret"
+
+echo -e "${BLUE}🚀 Deploy Completo - OpenShift Resource Governance Tool${NC}"
+echo -e "${BLUE}====================================================${NC}"
+
+# Verificar se está logado no OpenShift
+if ! oc whoami > /dev/null 2>&1; then
+    echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
+    echo -e "${YELLOW}💡 Execute: oc login <cluster-url>${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
+
+# Verificar se tem permissões de cluster-admin
+if ! oc auth can-i create namespaces > /dev/null 2>&1; then
+    echo -e "${RED}❌ Permissões insuficientes. Este script requer cluster-admin.${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Permissões de cluster-admin confirmadas${NC}"
+
+# Criar namespace
+echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}"
+oc apply -f k8s/namespace.yaml
+
+# Aplicar RBAC
+echo -e "${YELLOW}🔐 Configurando RBAC...${NC}"
+oc apply -f k8s/rbac.yaml
+
+# Aplicar ConfigMap
+echo -e "${YELLOW}⚙️  Configurando ConfigMap...${NC}"
+oc apply -f k8s/configmap.yaml
+
+# Configurar ImagePullSecret
+echo -e "${YELLOW}🔑 Configurando ImagePullSecret para Docker Hub...${NC}"
+echo -e "${BLUE}💡 Digite suas credenciais do Docker Hub:${NC}"
+read -p "Username: " DOCKER_USERNAME
+read -s -p "Password/Token: " DOCKER_PASSWORD
+echo
+
+# Criar o secret
+oc create secret docker-registry $SECRET_NAME \
+    --docker-server=docker.io \
+    --docker-username=$DOCKER_USERNAME \
+    --docker-password=$DOCKER_PASSWORD \
+    --docker-email=$DOCKER_USERNAME@example.com \
+    -n $NAMESPACE \
+    --dry-run=client -o yaml | oc apply -f -
+
+# Adicionar o secret ao service account
+oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}'
+
+echo -e "${GREEN}✅ ImagePullSecret configurado${NC}"
+
+# Aplicar DaemonSet
+echo -e "${YELLOW}📦 Deployando DaemonSet...${NC}"
+oc apply -f k8s/daemonset.yaml
+
+# Aplicar Service
+echo -e "${YELLOW}🌐 Configurando Service...${NC}"
+oc apply -f k8s/service.yaml
+
+# Aplicar Route
+echo -e "${YELLOW}🛣️  Configurando Route...${NC}"
+oc apply -f k8s/route.yaml
+
+# Aguardar pods ficarem prontos
+echo -e "${YELLOW}⏳ Aguardando pods ficarem prontos...${NC}"
+oc wait --for=condition=ready pod -l app.kubernetes.io/name=$APP_NAME -n $NAMESPACE --timeout=300s
+
+# Verificar status
+echo -e "${YELLOW}📊 Verificando status do deploy...${NC}"
+oc get all -n $NAMESPACE
+
+# Obter URL da aplicação
+ROUTE_URL=$(oc get route $APP_NAME -n $NAMESPACE -o jsonpath='{.spec.host}' 2>/dev/null || echo "N/A")
+
+echo -e "${GREEN}🎉 Deploy concluído com sucesso!${NC}"
+echo -e "${BLUE}====================================================${NC}"
+echo -e "${GREEN}✅ Namespace: $NAMESPACE${NC}"
+echo -e "${GREEN}✅ DaemonSet: $APP_NAME${NC}"
+echo -e "${GREEN}✅ Service: $APP_NAME${NC}"
+echo -e "${GREEN}✅ Route: $APP_NAME${NC}"
+if [ "$ROUTE_URL" != "N/A" ]; then
+    echo -e "${GREEN}🌐 URL da aplicação: https://$ROUTE_URL${NC}"
+fi
+echo -e "${BLUE}====================================================${NC}"
+
+# Mostrar comandos úteis
+echo -e "${YELLOW}📋 Comandos úteis:${NC}"
+echo -e "${BLUE}  Ver logs: oc logs -f daemonset/$APP_NAME -n $NAMESPACE${NC}"
+echo -e "${BLUE}  Ver pods: oc get pods -n $NAMESPACE${NC}"
+echo -e "${BLUE}  Ver status: oc get all -n $NAMESPACE${NC}"
+echo -e "${BLUE}  Acessar API: curl https://$ROUTE_URL/api/health${NC}"
+
+echo -e "${GREEN}🎯 Aplicação pronta para uso!${NC}"

scripts/push-to-internal-registry.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Script para fazer push da imagem para o registry interno do OpenShift
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+NAMESPACE="resource-governance"
+IMAGE_NAME="resource-governance"
+TAG="latest"
+
+echo -e "${BLUE}🚀 Push para registry interno do OpenShift${NC}"
+
+# Verificar se está logado no OpenShift
+if ! oc whoami > /dev/null 2>&1; then
+    echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
+
+# Fazer login no registry interno
+echo -e "${YELLOW}🔐 Fazendo login no registry interno...${NC}"
+oc registry login
+
+# Obter a URL do registry
+REGISTRY_URL=$(oc get route -n openshift-image-registry default-route -o jsonpath='{.spec.host}' 2>/dev/null || echo "image-registry.openshift-image-registry.svc:5000")
+echo -e "${BLUE}📦 Registry URL: $REGISTRY_URL${NC}"
+
+# Tag da imagem
+FULL_IMAGE_NAME="$REGISTRY_URL/$NAMESPACE/$IMAGE_NAME:$TAG"
+echo -e "${YELLOW}🏷️  Criando tag: $FULL_IMAGE_NAME${NC}"
+podman tag andersonid/resource-governance:simple $FULL_IMAGE_NAME
+
+# Push da imagem
+echo -e "${YELLOW}📤 Fazendo push da imagem...${NC}"
+podman push $FULL_IMAGE_NAME --tls-verify=false
+
+# Atualizar o DaemonSet
+echo -e "${YELLOW}🔄 Atualizando DaemonSet...${NC}"
+oc set image daemonset/$IMAGE_NAME $IMAGE_NAME=$FULL_IMAGE_NAME -n $NAMESPACE
+
+echo -e "${GREEN}✅ Push concluído com sucesso!${NC}"
+echo -e "${BLUE}📊 Verificando status dos pods...${NC}"
+oc get pods -n $NAMESPACE

scripts/setup-docker-secret.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Script para configurar ImagePullSecret para Docker Hub
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+NAMESPACE="resource-governance"
+SECRET_NAME="docker-hub-secret"
+
+echo -e "${BLUE}🔐 Configurando ImagePullSecret para Docker Hub${NC}"
+
+# Verificar se está logado no OpenShift
+if ! oc whoami > /dev/null 2>&1; then
+    echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
+
+# Verificar se o namespace existe
+if ! oc get namespace $NAMESPACE > /dev/null 2>&1; then
+    echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}"
+    oc create namespace $NAMESPACE
+fi
+
+# Solicitar credenciais do Docker Hub
+echo -e "${YELLOW}🔑 Digite suas credenciais do Docker Hub:${NC}"
+read -p "Username: " DOCKER_USERNAME
+read -s -p "Password/Token: " DOCKER_PASSWORD
+echo
+
+# Criar o secret
+echo -e "${YELLOW}🔐 Criando ImagePullSecret...${NC}"
+oc create secret docker-registry $SECRET_NAME \
+    --docker-server=docker.io \
+    --docker-username=$DOCKER_USERNAME \
+    --docker-password=$DOCKER_PASSWORD \
+    --docker-email=$DOCKER_USERNAME@example.com \
+    -n $NAMESPACE
+
+# Adicionar o secret ao service account
+echo -e "${YELLOW}🔗 Adicionando secret ao ServiceAccount...${NC}"
+oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}'
+
+echo -e "${GREEN}✅ ImagePullSecret configurado com sucesso!${NC}"
+echo -e "${BLUE}📋 Secret criado: $SECRET_NAME${NC}"
+echo -e "${BLUE}📋 Namespace: $NAMESPACE${NC}"
+echo -e "${BLUE}📋 ServiceAccount atualizado: resource-governance-sa${NC}"

scripts/test-deploy.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Script de teste de deploy (sem input interativo)
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configurações
+NAMESPACE="resource-governance"
+APP_NAME="resource-governance"
+
+echo -e "${BLUE}🧪 Teste de Deploy - OpenShift Resource Governance Tool${NC}"
+echo -e "${BLUE}====================================================${NC}"
+
+# Verificar se está logado no OpenShift
+if ! oc whoami > /dev/null 2>&1; then
+    echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
+
+# Aplicar manifests
+echo -e "${YELLOW}📁 Aplicando manifests...${NC}"
+oc apply -f k8s/namespace.yaml
+oc apply -f k8s/rbac.yaml
+oc apply -f k8s/configmap.yaml
+
+# Criar ImagePullSecret temporário (sem credenciais reais)
+echo -e "${YELLOW}🔐 Criando ImagePullSecret temporário...${NC}"
+oc create secret docker-registry docker-hub-secret \
+    --docker-server=docker.io \
+    --docker-username=andersonid \
+    --docker-password=temp \
+    --docker-email=andersonid@example.com \
+    -n $NAMESPACE \
+    --dry-run=client -o yaml | oc apply -f -
+
+# Adicionar o secret ao service account
+oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "docker-hub-secret"}]}'
+
+# Aplicar DaemonSet
+echo -e "${YELLOW}📦 Aplicando DaemonSet...${NC}"
+oc apply -f k8s/daemonset.yaml
+
+# Aplicar Service
+echo -e "${YELLOW}🌐 Aplicando Service...${NC}"
+oc apply -f k8s/service.yaml
+
+# Aplicar Route
+echo -e "${YELLOW}🛣️  Aplicando Route...${NC}"
+oc apply -f k8s/route.yaml
+
+# Verificar status
+echo -e "${YELLOW}📊 Verificando status...${NC}"
+oc get all -n $NAMESPACE
+
+echo -e "${GREEN}✅ Deploy de teste concluído!${NC}"
+echo -e "${BLUE}💡 Para configurar credenciais reais do Docker Hub, execute:${NC}"
+echo -e "${BLUE}   ./scripts/setup-docker-secret.sh${NC}"

scripts/undeploy-complete.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+# Script completo de undeploy para OpenShift Resource Governance Tool
+set -e
+
+# Cores para output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configurações
+NAMESPACE="resource-governance"
+
+echo -e "${BLUE}🗑️  Undeploy - OpenShift Resource Governance Tool${NC}"
+echo -e "${BLUE}===============================================${NC}"
+
+# Verificar se está logado no OpenShift
+if ! oc whoami > /dev/null 2>&1; then
+    echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
+
+# Confirmar remoção
+echo -e "${YELLOW}⚠️  Tem certeza que deseja remover a aplicação do namespace '$NAMESPACE'?${NC}"
+read -p "Digite 'yes' para confirmar: " CONFIRM
+
+if [ "$CONFIRM" != "yes" ]; then
+    echo -e "${YELLOW}❌ Operação cancelada.${NC}"
+    exit 0
+fi
+
+# Remover recursos
+echo -e "${YELLOW}🗑️  Removendo recursos...${NC}"
+
+# Remover Route
+echo -e "${YELLOW}  🛣️  Removendo Route...${NC}"
+oc delete -f k8s/route.yaml --ignore-not-found=true
+
+# Remover Service
+echo -e "${YELLOW}  🌐 Removendo Service...${NC}"
+oc delete -f k8s/service.yaml --ignore-not-found=true
+
+# Remover DaemonSet
+echo -e "${YELLOW}  📦 Removendo DaemonSet...${NC}"
+oc delete -f k8s/daemonset.yaml --ignore-not-found=true
+
+# Aguardar pods serem removidos
+echo -e "${YELLOW}  ⏳ Aguardando pods serem removidos...${NC}"
+oc wait --for=delete pod -l app.kubernetes.io/name=resource-governance -n $NAMESPACE --timeout=60s || true
+
+# Remover ConfigMap
+echo -e "${YELLOW}  ⚙️  Removendo ConfigMap...${NC}"
+oc delete -f k8s/configmap.yaml --ignore-not-found=true
+
+# Remover RBAC
+echo -e "${YELLOW}  🔐 Removendo RBAC...${NC}"
+oc delete -f k8s/rbac.yaml --ignore-not-found=true
+
+# Remover namespace (opcional)
+echo -e "${YELLOW}  📁 Removendo namespace...${NC}"
+oc delete -f k8s/namespace.yaml --ignore-not-found=true
+
+echo -e "${GREEN}✅ Undeploy concluído com sucesso!${NC}"
+echo -e "${BLUE}===============================================${NC}"
+echo -e "${GREEN}✅ Todos os recursos foram removidos${NC}"
+echo -e "${GREEN}✅ Namespace '$NAMESPACE' foi removido${NC}"
+echo -e "${BLUE}===============================================${NC}"