Add: scripts de deploy completo com ImagePullSecret para cluster-admin

2025-09-25 15:24:31 -03:00
parent 2ca4b468cb
commit 25596e2b3e
16 changed files with 747 additions and 43 deletions
--- a/k8s/daemonset-with-init.yaml
+++ b/k8s/daemonset-with-init.yaml
@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: resource-governance
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: resource-governance
+      app.kubernetes.io/component: governance
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: resource-governance
+        app.kubernetes.io/component: governance
+    spec:
+      serviceAccountName: resource-governance-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000940000
+        fsGroup: 1000940000
+      initContainers:
+      - name: download-app
+        image: alpine/git:latest
+        command: ['sh', '-c']
+        args:
+        - |
+          git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app
+          cp -r /tmp/app/app /shared/
+          cp /tmp/app/requirements.txt /shared/
+        volumeMounts:
+        - name: app-code
+          mountPath: /shared
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+      containers:
+      - name: resource-governance
+        image: python:3.11-slim
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+        command: ['sh', '-c']
+        args:
+        - |
+          pip install --no-cache-dir -r /app/requirements.txt
+          python -m uvicorn app.main:app --host 0.0.0.0 --port 8080
+        volumeMounts:
+        - name: app-code
+          mountPath: /app
+        env:
+        - name: KUBECONFIG
+          value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        - name: CPU_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CPU_LIMIT_RATIO
+        - name: MEMORY_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MEMORY_LIMIT_RATIO
+        - name: PROMETHEUS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: PROMETHEUS_URL
+        - name: VPA_NAMESPACES
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: VPA_NAMESPACES
+        - name: LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: LOG_LEVEL
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+      volumes:
+      - name: app-code
+        emptyDir: {}
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule