From 25596e2b3ef80fae24b7687bee0dc41ec1e859a3 Mon Sep 17 00:00:00 2001 From: andersonid Date: Thu, 25 Sep 2025 15:24:31 -0300 Subject: [PATCH] Add: scripts de deploy completo com ImagePullSecret para cluster-admin --- .github/workflows/openshift-deploy.yml | 45 ++++----- Dockerfile.simple | 31 +++++++ Makefile | 4 +- README.md | 20 ++++ app/core/config.py | 2 +- k8s/daemonset-simple.yaml | 99 ++++++++++++++++++++ k8s/daemonset-with-init.yaml | 121 +++++++++++++++++++++++++ k8s/daemonset.yaml | 15 ++- requirements.txt | 2 + scripts/build-and-push.sh | 80 ++++++++++++++++ scripts/build.sh | 18 ++-- scripts/deploy-complete.sh | 113 +++++++++++++++++++++++ scripts/push-to-internal-registry.sh | 50 ++++++++++ scripts/setup-docker-secret.sh | 54 +++++++++++ scripts/test-deploy.sh | 65 +++++++++++++ scripts/undeploy-complete.sh | 71 +++++++++++++++ 16 files changed, 747 insertions(+), 43 deletions(-) create mode 100644 Dockerfile.simple create mode 100644 k8s/daemonset-simple.yaml create mode 100644 k8s/daemonset-with-init.yaml create mode 100755 scripts/build-and-push.sh create mode 100755 scripts/deploy-complete.sh create mode 100755 scripts/push-to-internal-registry.sh create mode 100755 scripts/setup-docker-secret.sh create mode 100755 scripts/test-deploy.sh create mode 100755 scripts/undeploy-complete.sh diff --git a/.github/workflows/openshift-deploy.yml b/.github/workflows/openshift-deploy.yml index d693d99..6aeee7a 100644 --- a/.github/workflows/openshift-deploy.yml +++ b/.github/workflows/openshift-deploy.yml @@ -34,35 +34,24 @@ jobs: run: | python -c "import app.main; print('✅ App imports successfully')" - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up Podman + run: | + sudo apt-get update + sudo apt-get install -y podman buildah skopeo - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=sha,prefix={{branch}}- - type=raw,value=latest,enable={{is_default_branch}} - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Login to Docker Hub + run: | + echo "${{ secrets.DOCKERHUB_TOKEN }}" | podman login docker.io -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin + + - name: Build and push image with Podman + run: | + # Build da imagem + podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} . + podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest . + + # Push das imagens + podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - name: Install OpenShift CLI run: | diff --git a/Dockerfile.simple b/Dockerfile.simple new file mode 100644 index 0000000..6941394 --- /dev/null +++ b/Dockerfile.simple @@ -0,0 +1,31 @@ +FROM python:3.11-slim + +# Instalar dependências do sistema +RUN apt-get update && apt-get install -y \ + curl \ + && rm -rf /var/lib/apt/lists/* + +# Criar usuário não-root +RUN groupadd -r appuser && useradd -r -g appuser appuser + +# Criar diretórios +RUN mkdir -p /app /tmp/reports && \ + chown -R appuser:appuser /app /tmp/reports + +# Instalar dependências Python +COPY requirements.txt /app/ +WORKDIR /app +RUN pip install --no-cache-dir -r requirements.txt + +# Copiar código da aplicação +COPY app/ ./app/ +RUN chown -R appuser:appuser /app + +# Mudar para usuário não-root +USER appuser + +# Expor porta +EXPOSE 8080 + +# Comando para executar a aplicação +CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8080"] diff --git a/Makefile b/Makefile index 6dad096..eb5e5c3 100644 --- a/Makefile +++ b/Makefile @@ -22,8 +22,8 @@ help: ## Mostrar ajuda @echo "Comandos disponíveis:" @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf " $(GREEN)%-15s$(NC) %s\n", $$1, $$2}' -build: ## Build da imagem Docker - @echo "$(YELLOW)📦 Building Docker image...$(NC)" +build: ## Build da imagem com Podman + @echo "$(YELLOW)📦 Building container image with Podman...$(NC)" @./scripts/build.sh $(TAG) $(REGISTRY) test: ## Testar a aplicação diff --git a/README.md b/README.md index b4005bd..2a18f8a 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,20 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além ### 2. Deploy no OpenShift +#### Deploy Automático (Recomendado) +```bash +# Deploy completo com ImagePullSecret +./scripts/deploy-complete.sh +``` + +Este script irá: +- ✅ Criar namespace e RBAC +- ✅ Configurar ImagePullSecret para Docker Hub +- ✅ Deploy da aplicação +- ✅ Configurar Service e Route +- ✅ Verificar se tudo está funcionando + +#### Deploy Manual ```bash # Deploy padrão ./scripts/deploy.sh @@ -49,6 +63,12 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além ./scripts/deploy.sh latest seu-usuario ``` +#### Undeploy +```bash +# Remover completamente a aplicação +./scripts/undeploy-complete.sh +``` + ### 3. Acesso à Aplicação Após o deploy, acesse a aplicação através da rota criada: diff --git a/app/core/config.py b/app/core/config.py index 2516e43..88e5c5b 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -3,7 +3,7 @@ Configurações da aplicação """ import os from typing import List, Optional -from pydantic import BaseSettings +from pydantic_settings import BaseSettings class Settings(BaseSettings): """Configurações da aplicação""" diff --git a/k8s/daemonset-simple.yaml b/k8s/daemonset-simple.yaml new file mode 100644 index 0000000..e515924 --- /dev/null +++ b/k8s/daemonset-simple.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: resource-governance + namespace: resource-governance + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance +spec: + selector: + matchLabels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + template: + metadata: + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + spec: + serviceAccountName: resource-governance-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000940000 + fsGroup: 1000940000 + containers: + - name: resource-governance + image: python:3.11-slim + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + name: http + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + command: ['sh', '-c'] + args: + - | + apt-get update && apt-get install -y git curl + git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app + cd /tmp/app + pip install --no-cache-dir -r requirements.txt + python -m uvicorn app.main:app --host 0.0.0.0 --port 8080 + env: + - name: KUBECONFIG + value: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - name: CPU_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: CPU_LIMIT_RATIO + - name: MEMORY_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: MEMORY_LIMIT_RATIO + - name: PROMETHEUS_URL + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: PROMETHEUS_URL + - name: VPA_NAMESPACES + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: VPA_NAMESPACES + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: LOG_LEVEL + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 5 + nodeSelector: + kubernetes.io/os: linux + tolerations: + - operator: Exists + effect: NoSchedule diff --git a/k8s/daemonset-with-init.yaml b/k8s/daemonset-with-init.yaml new file mode 100644 index 0000000..aa09191 --- /dev/null +++ b/k8s/daemonset-with-init.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: resource-governance + namespace: resource-governance + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance +spec: + selector: + matchLabels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + template: + metadata: + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + spec: + serviceAccountName: resource-governance-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000940000 + fsGroup: 1000940000 + initContainers: + - name: download-app + image: alpine/git:latest + command: ['sh', '-c'] + args: + - | + git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app + cp -r /tmp/app/app /shared/ + cp /tmp/app/requirements.txt /shared/ + volumeMounts: + - name: app-code + mountPath: /shared + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + containers: + - name: resource-governance + image: python:3.11-slim + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + command: ['sh', '-c'] + args: + - | + pip install --no-cache-dir -r /app/requirements.txt + python -m uvicorn app.main:app --host 0.0.0.0 --port 8080 + volumeMounts: + - name: app-code + mountPath: /app + env: + - name: KUBECONFIG + value: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - name: CPU_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: CPU_LIMIT_RATIO + - name: MEMORY_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: MEMORY_LIMIT_RATIO + - name: PROMETHEUS_URL + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: PROMETHEUS_URL + - name: VPA_NAMESPACES + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: VPA_NAMESPACES + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: LOG_LEVEL + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + volumes: + - name: app-code + emptyDir: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: + - operator: Exists + effect: NoSchedule diff --git a/k8s/daemonset.yaml b/k8s/daemonset.yaml index 73c2dab..25a44bf 100644 --- a/k8s/daemonset.yaml +++ b/k8s/daemonset.yaml @@ -18,18 +18,27 @@ spec: app.kubernetes.io/component: governance spec: serviceAccountName: resource-governance-sa + imagePullSecrets: + - name: docker-hub-secret securityContext: runAsNonRoot: true - runAsUser: 1000 - fsGroup: 1000 + runAsUser: 1000940000 + fsGroup: 1000940000 containers: - name: resource-governance - image: resource-governance:latest + image: andersonid/openshift-resource-governance:latest imagePullPolicy: Always ports: - containerPort: 8080 name: http protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault env: - name: KUBECONFIG value: "/var/run/secrets/kubernetes.io/serviceaccount/token" diff --git a/requirements.txt b/requirements.txt index bd7c9cc..86842bb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,6 +4,7 @@ kubernetes==28.1.0 prometheus-client==0.19.0 requests==2.31.0 pydantic==2.5.0 +pydantic-settings==2.1.0 python-multipart==0.0.6 jinja2==3.1.2 aiofiles==23.2.1 @@ -12,3 +13,4 @@ reportlab==4.0.7 python-jose[cryptography]==3.3.0 passlib[bcrypt]==1.7.4 python-dotenv==1.0.0 +aiohttp==3.9.1 diff --git a/scripts/build-and-push.sh b/scripts/build-and-push.sh new file mode 100755 index 0000000..c1d8da9 --- /dev/null +++ b/scripts/build-and-push.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# Script de build e push para OpenShift Resource Governance Tool usando Podman +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Configurações +IMAGE_NAME="resource-governance" +TAG="${1:-latest}" +REGISTRY="${2:-andersonid}" +FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}" + +echo -e "${BLUE}🚀 Building and Pushing OpenShift Resource Governance Tool${NC}" +echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}" + +# Verificar se Podman está instalado +if ! command -v podman &> /dev/null; then + echo -e "${RED}❌ Podman não está instalado. Instale o Podman e tente novamente.${NC}" + exit 1 +fi + +# Buildah é opcional, Podman pode fazer o build + +# Build da imagem +echo -e "${YELLOW}📦 Building container image with Podman...${NC}" +podman build -t "${FULL_IMAGE_NAME}" . + +if [ $? -eq 0 ]; then + echo -e "${GREEN}✅ Image built successfully!${NC}" +else + echo -e "${RED}❌ Build failed!${NC}" + exit 1 +fi + +# Testar a imagem +echo -e "${YELLOW}🧪 Testing image...${NC}" +podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')" + +if [ $? -eq 0 ]; then + echo -e "${GREEN}✅ Image test passed!${NC}" +else + echo -e "${RED}❌ Image test failed!${NC}" + exit 1 +fi + +# Login no Docker Hub +echo -e "${YELLOW}🔐 Logging into Docker Hub...${NC}" +podman login docker.io + +if [ $? -eq 0 ]; then + echo -e "${GREEN}✅ Login successful!${NC}" +else + echo -e "${RED}❌ Login failed!${NC}" + exit 1 +fi + +# Push da imagem +echo -e "${YELLOW}📤 Pushing image to Docker Hub...${NC}" +podman push "${FULL_IMAGE_NAME}" + +if [ $? -eq 0 ]; then + echo -e "${GREEN}✅ Image pushed successfully!${NC}" +else + echo -e "${RED}❌ Push failed!${NC}" + exit 1 +fi + +# Mostrar informações da imagem +echo -e "${BLUE}📊 Image information:${NC}" +podman images "${FULL_IMAGE_NAME}" + +echo -e "${GREEN}🎉 Build and push completed successfully!${NC}" +echo -e "${BLUE}🌐 Image available at: https://hub.docker.com/r/${REGISTRY}/${IMAGE_NAME}${NC}" +echo -e "${BLUE}🚀 Ready for deployment!${NC}" diff --git a/scripts/build.sh b/scripts/build.sh index 872d5fd..6b182a7 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -19,15 +19,15 @@ FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}" echo -e "${BLUE}🚀 Building OpenShift Resource Governance Tool${NC}" echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}" -# Verificar se Docker está rodando -if ! docker info > /dev/null 2>&1; then - echo -e "${RED}❌ Docker não está rodando. Inicie o Docker e tente novamente.${NC}" +# Verificar se Podman está instalado +if ! command -v podman &> /dev/null; then + echo -e "${RED}❌ Podman não está instalado. Instale o Podman e tente novamente.${NC}" exit 1 fi # Build da imagem -echo -e "${YELLOW}📦 Building Docker image...${NC}" -docker build -t "${FULL_IMAGE_NAME}" . +echo -e "${YELLOW}📦 Building container image with Podman...${NC}" +podman build -t "${FULL_IMAGE_NAME}" . if [ $? -eq 0 ]; then echo -e "${GREEN}✅ Image built successfully!${NC}" @@ -38,7 +38,7 @@ fi # Testar a imagem echo -e "${YELLOW}🧪 Testing image...${NC}" -docker run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')" +podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')" if [ $? -eq 0 ]; then echo -e "${GREEN}✅ Image test passed!${NC}" @@ -49,10 +49,10 @@ fi # Mostrar informações da imagem echo -e "${BLUE}📊 Image information:${NC}" -docker images "${FULL_IMAGE_NAME}" +podman images "${FULL_IMAGE_NAME}" echo -e "${GREEN}🎉 Build completed successfully!${NC}" echo -e "${BLUE}To push to registry:${NC}" -echo -e " docker push ${FULL_IMAGE_NAME}" +echo -e " podman push ${FULL_IMAGE_NAME}" echo -e "${BLUE}To run locally:${NC}" -echo -e " docker run -p 8080:8080 ${FULL_IMAGE_NAME}" +echo -e " podman run -p 8080:8080 ${FULL_IMAGE_NAME}" diff --git a/scripts/deploy-complete.sh b/scripts/deploy-complete.sh new file mode 100755 index 0000000..1ae0736 --- /dev/null +++ b/scripts/deploy-complete.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +# Script completo de deploy para OpenShift Resource Governance Tool +# Para ser executado por qualquer cluster-admin +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Configurações +NAMESPACE="resource-governance" +APP_NAME="resource-governance" +SECRET_NAME="docker-hub-secret" + +echo -e "${BLUE}🚀 Deploy Completo - OpenShift Resource Governance Tool${NC}" +echo -e "${BLUE}====================================================${NC}" + +# Verificar se está logado no OpenShift +if ! oc whoami > /dev/null 2>&1; then + echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}" + echo -e "${YELLOW}💡 Execute: oc login ${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Verificar se tem permissões de cluster-admin +if ! oc auth can-i create namespaces > /dev/null 2>&1; then + echo -e "${RED}❌ Permissões insuficientes. Este script requer cluster-admin.${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Permissões de cluster-admin confirmadas${NC}" + +# Criar namespace +echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}" +oc apply -f k8s/namespace.yaml + +# Aplicar RBAC +echo -e "${YELLOW}🔐 Configurando RBAC...${NC}" +oc apply -f k8s/rbac.yaml + +# Aplicar ConfigMap +echo -e "${YELLOW}⚙️ Configurando ConfigMap...${NC}" +oc apply -f k8s/configmap.yaml + +# Configurar ImagePullSecret +echo -e "${YELLOW}🔑 Configurando ImagePullSecret para Docker Hub...${NC}" +echo -e "${BLUE}💡 Digite suas credenciais do Docker Hub:${NC}" +read -p "Username: " DOCKER_USERNAME +read -s -p "Password/Token: " DOCKER_PASSWORD +echo + +# Criar o secret +oc create secret docker-registry $SECRET_NAME \ + --docker-server=docker.io \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --docker-email=$DOCKER_USERNAME@example.com \ + -n $NAMESPACE \ + --dry-run=client -o yaml | oc apply -f - + +# Adicionar o secret ao service account +oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}' + +echo -e "${GREEN}✅ ImagePullSecret configurado${NC}" + +# Aplicar DaemonSet +echo -e "${YELLOW}📦 Deployando DaemonSet...${NC}" +oc apply -f k8s/daemonset.yaml + +# Aplicar Service +echo -e "${YELLOW}🌐 Configurando Service...${NC}" +oc apply -f k8s/service.yaml + +# Aplicar Route +echo -e "${YELLOW}🛣️ Configurando Route...${NC}" +oc apply -f k8s/route.yaml + +# Aguardar pods ficarem prontos +echo -e "${YELLOW}⏳ Aguardando pods ficarem prontos...${NC}" +oc wait --for=condition=ready pod -l app.kubernetes.io/name=$APP_NAME -n $NAMESPACE --timeout=300s + +# Verificar status +echo -e "${YELLOW}📊 Verificando status do deploy...${NC}" +oc get all -n $NAMESPACE + +# Obter URL da aplicação +ROUTE_URL=$(oc get route $APP_NAME -n $NAMESPACE -o jsonpath='{.spec.host}' 2>/dev/null || echo "N/A") + +echo -e "${GREEN}🎉 Deploy concluído com sucesso!${NC}" +echo -e "${BLUE}====================================================${NC}" +echo -e "${GREEN}✅ Namespace: $NAMESPACE${NC}" +echo -e "${GREEN}✅ DaemonSet: $APP_NAME${NC}" +echo -e "${GREEN}✅ Service: $APP_NAME${NC}" +echo -e "${GREEN}✅ Route: $APP_NAME${NC}" +if [ "$ROUTE_URL" != "N/A" ]; then + echo -e "${GREEN}🌐 URL da aplicação: https://$ROUTE_URL${NC}" +fi +echo -e "${BLUE}====================================================${NC}" + +# Mostrar comandos úteis +echo -e "${YELLOW}📋 Comandos úteis:${NC}" +echo -e "${BLUE} Ver logs: oc logs -f daemonset/$APP_NAME -n $NAMESPACE${NC}" +echo -e "${BLUE} Ver pods: oc get pods -n $NAMESPACE${NC}" +echo -e "${BLUE} Ver status: oc get all -n $NAMESPACE${NC}" +echo -e "${BLUE} Acessar API: curl https://$ROUTE_URL/api/health${NC}" + +echo -e "${GREEN}🎯 Aplicação pronta para uso!${NC}" diff --git a/scripts/push-to-internal-registry.sh b/scripts/push-to-internal-registry.sh new file mode 100755 index 0000000..52b0632 --- /dev/null +++ b/scripts/push-to-internal-registry.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Script para fazer push da imagem para o registry interno do OpenShift +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +NAMESPACE="resource-governance" +IMAGE_NAME="resource-governance" +TAG="latest" + +echo -e "${BLUE}🚀 Push para registry interno do OpenShift${NC}" + +# Verificar se está logado no OpenShift +if ! oc whoami > /dev/null 2>&1; then + echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Fazer login no registry interno +echo -e "${YELLOW}🔐 Fazendo login no registry interno...${NC}" +oc registry login + +# Obter a URL do registry +REGISTRY_URL=$(oc get route -n openshift-image-registry default-route -o jsonpath='{.spec.host}' 2>/dev/null || echo "image-registry.openshift-image-registry.svc:5000") +echo -e "${BLUE}📦 Registry URL: $REGISTRY_URL${NC}" + +# Tag da imagem +FULL_IMAGE_NAME="$REGISTRY_URL/$NAMESPACE/$IMAGE_NAME:$TAG" +echo -e "${YELLOW}🏷️ Criando tag: $FULL_IMAGE_NAME${NC}" +podman tag andersonid/resource-governance:simple $FULL_IMAGE_NAME + +# Push da imagem +echo -e "${YELLOW}📤 Fazendo push da imagem...${NC}" +podman push $FULL_IMAGE_NAME --tls-verify=false + +# Atualizar o DaemonSet +echo -e "${YELLOW}🔄 Atualizando DaemonSet...${NC}" +oc set image daemonset/$IMAGE_NAME $IMAGE_NAME=$FULL_IMAGE_NAME -n $NAMESPACE + +echo -e "${GREEN}✅ Push concluído com sucesso!${NC}" +echo -e "${BLUE}📊 Verificando status dos pods...${NC}" +oc get pods -n $NAMESPACE diff --git a/scripts/setup-docker-secret.sh b/scripts/setup-docker-secret.sh new file mode 100755 index 0000000..f360ca7 --- /dev/null +++ b/scripts/setup-docker-secret.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Script para configurar ImagePullSecret para Docker Hub +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +NAMESPACE="resource-governance" +SECRET_NAME="docker-hub-secret" + +echo -e "${BLUE}🔐 Configurando ImagePullSecret para Docker Hub${NC}" + +# Verificar se está logado no OpenShift +if ! oc whoami > /dev/null 2>&1; then + echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Verificar se o namespace existe +if ! oc get namespace $NAMESPACE > /dev/null 2>&1; then + echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}" + oc create namespace $NAMESPACE +fi + +# Solicitar credenciais do Docker Hub +echo -e "${YELLOW}🔑 Digite suas credenciais do Docker Hub:${NC}" +read -p "Username: " DOCKER_USERNAME +read -s -p "Password/Token: " DOCKER_PASSWORD +echo + +# Criar o secret +echo -e "${YELLOW}🔐 Criando ImagePullSecret...${NC}" +oc create secret docker-registry $SECRET_NAME \ + --docker-server=docker.io \ + --docker-username=$DOCKER_USERNAME \ + --docker-password=$DOCKER_PASSWORD \ + --docker-email=$DOCKER_USERNAME@example.com \ + -n $NAMESPACE + +# Adicionar o secret ao service account +echo -e "${YELLOW}🔗 Adicionando secret ao ServiceAccount...${NC}" +oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}' + +echo -e "${GREEN}✅ ImagePullSecret configurado com sucesso!${NC}" +echo -e "${BLUE}📋 Secret criado: $SECRET_NAME${NC}" +echo -e "${BLUE}📋 Namespace: $NAMESPACE${NC}" +echo -e "${BLUE}📋 ServiceAccount atualizado: resource-governance-sa${NC}" \ No newline at end of file diff --git a/scripts/test-deploy.sh b/scripts/test-deploy.sh new file mode 100755 index 0000000..785adf8 --- /dev/null +++ b/scripts/test-deploy.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# Script de teste de deploy (sem input interativo) +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Configurações +NAMESPACE="resource-governance" +APP_NAME="resource-governance" + +echo -e "${BLUE}🧪 Teste de Deploy - OpenShift Resource Governance Tool${NC}" +echo -e "${BLUE}====================================================${NC}" + +# Verificar se está logado no OpenShift +if ! oc whoami > /dev/null 2>&1; then + echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Aplicar manifests +echo -e "${YELLOW}📁 Aplicando manifests...${NC}" +oc apply -f k8s/namespace.yaml +oc apply -f k8s/rbac.yaml +oc apply -f k8s/configmap.yaml + +# Criar ImagePullSecret temporário (sem credenciais reais) +echo -e "${YELLOW}🔐 Criando ImagePullSecret temporário...${NC}" +oc create secret docker-registry docker-hub-secret \ + --docker-server=docker.io \ + --docker-username=andersonid \ + --docker-password=temp \ + --docker-email=andersonid@example.com \ + -n $NAMESPACE \ + --dry-run=client -o yaml | oc apply -f - + +# Adicionar o secret ao service account +oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "docker-hub-secret"}]}' + +# Aplicar DaemonSet +echo -e "${YELLOW}📦 Aplicando DaemonSet...${NC}" +oc apply -f k8s/daemonset.yaml + +# Aplicar Service +echo -e "${YELLOW}🌐 Aplicando Service...${NC}" +oc apply -f k8s/service.yaml + +# Aplicar Route +echo -e "${YELLOW}🛣️ Aplicando Route...${NC}" +oc apply -f k8s/route.yaml + +# Verificar status +echo -e "${YELLOW}📊 Verificando status...${NC}" +oc get all -n $NAMESPACE + +echo -e "${GREEN}✅ Deploy de teste concluído!${NC}" +echo -e "${BLUE}💡 Para configurar credenciais reais do Docker Hub, execute:${NC}" +echo -e "${BLUE} ./scripts/setup-docker-secret.sh${NC}" diff --git a/scripts/undeploy-complete.sh b/scripts/undeploy-complete.sh new file mode 100755 index 0000000..1fdc6a8 --- /dev/null +++ b/scripts/undeploy-complete.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Script completo de undeploy para OpenShift Resource Governance Tool +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Configurações +NAMESPACE="resource-governance" + +echo -e "${BLUE}🗑️ Undeploy - OpenShift Resource Governance Tool${NC}" +echo -e "${BLUE}===============================================${NC}" + +# Verificar se está logado no OpenShift +if ! oc whoami > /dev/null 2>&1; then + echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Confirmar remoção +echo -e "${YELLOW}⚠️ Tem certeza que deseja remover a aplicação do namespace '$NAMESPACE'?${NC}" +read -p "Digite 'yes' para confirmar: " CONFIRM + +if [ "$CONFIRM" != "yes" ]; then + echo -e "${YELLOW}❌ Operação cancelada.${NC}" + exit 0 +fi + +# Remover recursos +echo -e "${YELLOW}🗑️ Removendo recursos...${NC}" + +# Remover Route +echo -e "${YELLOW} 🛣️ Removendo Route...${NC}" +oc delete -f k8s/route.yaml --ignore-not-found=true + +# Remover Service +echo -e "${YELLOW} 🌐 Removendo Service...${NC}" +oc delete -f k8s/service.yaml --ignore-not-found=true + +# Remover DaemonSet +echo -e "${YELLOW} 📦 Removendo DaemonSet...${NC}" +oc delete -f k8s/daemonset.yaml --ignore-not-found=true + +# Aguardar pods serem removidos +echo -e "${YELLOW} ⏳ Aguardando pods serem removidos...${NC}" +oc wait --for=delete pod -l app.kubernetes.io/name=resource-governance -n $NAMESPACE --timeout=60s || true + +# Remover ConfigMap +echo -e "${YELLOW} ⚙️ Removendo ConfigMap...${NC}" +oc delete -f k8s/configmap.yaml --ignore-not-found=true + +# Remover RBAC +echo -e "${YELLOW} 🔐 Removendo RBAC...${NC}" +oc delete -f k8s/rbac.yaml --ignore-not-found=true + +# Remover namespace (opcional) +echo -e "${YELLOW} 📁 Removendo namespace...${NC}" +oc delete -f k8s/namespace.yaml --ignore-not-found=true + +echo -e "${GREEN}✅ Undeploy concluído com sucesso!${NC}" +echo -e "${BLUE}===============================================${NC}" +echo -e "${GREEN}✅ Todos os recursos foram removidos${NC}" +echo -e "${GREEN}✅ Namespace '$NAMESPACE' foi removido${NC}" +echo -e "${BLUE}===============================================${NC}"