anobre/openshift-resource-governance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add: scripts de deploy completo com ImagePullSecret para cluster-admin

Browse Source
This commit is contained in:
Anderson
2025-09-25 15:24:31 -03:00
parent 2ca4b468cb
commit 25596e2b3e
16 changed files with 747 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/workflows/openshift-deploy.yml vendored
View File

@@ -34,35 +34,24 @@ jobs:
run: | run: |
python -c "import app.main; print('✅ App imports successfully')" python -c "import app.main; print('✅ App imports successfully')"
- name: Set up Docker Buildx - name: Set up Podman
uses: docker/setup-buildx-action@v3 run: |
sudo apt-get update
sudo apt-get install -y podman buildah skopeo
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 run: |
with: echo "${{ secrets.DOCKERHUB_TOKEN }}" | podman login docker.io -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract metadata - name: Build and push image with Podman
id: meta run: |
uses: docker/metadata-action@v5 # Build da imagem
with: podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} .
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} podman build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest .
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image # Push das imagens
uses: docker/build-push-action@v5 podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
with: podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Install OpenShift CLI - name: Install OpenShift CLI
run: | run: |

31
Dockerfile.simple Normal file
View File

@@ -0,0 +1,31 @@
FROM python:3.11-slim
# Instalar dependências do sistema
RUN apt-get update && apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*
# Criar usuário não-root
RUN groupadd -r appuser && useradd -r -g appuser appuser
# Criar diretórios
RUN mkdir -p /app /tmp/reports && \
chown -R appuser:appuser /app /tmp/reports
# Instalar dependências Python
COPY requirements.txt /app/
WORKDIR /app
RUN pip install --no-cache-dir -r requirements.txt
# Copiar código da aplicação
COPY app/ ./app/
RUN chown -R appuser:appuser /app
# Mudar para usuário não-root
USER appuser
# Expor porta
EXPOSE 8080
# Comando para executar a aplicação
CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8080"]

4
Makefile
View File

@@ -22,8 +22,8 @@ help: ## Mostrar ajuda
@echo "Comandos disponíveis:" @echo "Comandos disponíveis:"
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf " $(GREEN)%-15s$(NC) %s\n", $$1, $$2}' @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf " $(GREEN)%-15s$(NC) %s\n", $$1, $$2}'
build: ## Build da imagem Docker build: ## Build da imagem com Podman
@echo "$(YELLOW)📦 Building Docker image...$(NC)" @echo "$(YELLOW)📦 Building container image with Podman...$(NC)"
@./scripts/build.sh $(TAG) $(REGISTRY) @./scripts/build.sh $(TAG) $(REGISTRY)
test: ## Testar a aplicação test: ## Testar a aplicação

20
README.md
View File

@@ -38,6 +38,20 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além
### 2. Deploy no OpenShift ### 2. Deploy no OpenShift
#### Deploy Automático (Recomendado)
```bash
# Deploy completo com ImagePullSecret
./scripts/deploy-complete.sh
```
Este script irá:
- ✅ Criar namespace e RBAC
- ✅ Configurar ImagePullSecret para Docker Hub
- ✅ Deploy da aplicação
- ✅ Configurar Service e Route
- ✅ Verificar se tudo está funcionando
#### Deploy Manual
```bash ```bash
# Deploy padrão # Deploy padrão
./scripts/deploy.sh ./scripts/deploy.sh
@@ -49,6 +63,12 @@ Uma ferramenta de governança de recursos para clusters OpenShift que vai além
./scripts/deploy.sh latest seu-usuario ./scripts/deploy.sh latest seu-usuario
``` ```
#### Undeploy
```bash
# Remover completamente a aplicação
./scripts/undeploy-complete.sh
```
### 3. Acesso à Aplicação ### 3. Acesso à Aplicação
Após o deploy, acesse a aplicação através da rota criada: Após o deploy, acesse a aplicação através da rota criada:

2
app/core/config.py
View File

@@ -3,7 +3,7 @@ Configurações da aplicação
""" """
import os import os
from typing import List, Optional from typing import List, Optional
from pydantic import BaseSettings from pydantic_settings import BaseSettings
class Settings(BaseSettings): class Settings(BaseSettings):
"""Configurações da aplicação""" """Configurações da aplicação"""

99
k8s/daemonset-simple.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: resource-governance
namespace: resource-governance
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
selector:
matchLabels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
template:
metadata:
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
serviceAccountName: resource-governance-sa
securityContext:
runAsNonRoot: true
runAsUser: 1000940000
fsGroup: 1000940000
containers:
- name: resource-governance
image: python:3.11-slim
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: http
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
command: ['sh', '-c']
args:
- |
apt-get update && apt-get install -y git curl
git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app
cd /tmp/app
pip install --no-cache-dir -r requirements.txt
python -m uvicorn app.main:app --host 0.0.0.0 --port 8080
env:
- name: KUBECONFIG
value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
- name: CPU_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: CPU_LIMIT_RATIO
- name: MEMORY_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: MEMORY_LIMIT_RATIO
- name: PROMETHEUS_URL
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: PROMETHEUS_URL
- name: VPA_NAMESPACES
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: VPA_NAMESPACES
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: LOG_LEVEL
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 5
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
effect: NoSchedule

121
k8s/daemonset-with-init.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: resource-governance
namespace: resource-governance
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
selector:
matchLabels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
template:
metadata:
labels:
app.kubernetes.io/name: resource-governance
app.kubernetes.io/component: governance
spec:
serviceAccountName: resource-governance-sa
securityContext:
runAsNonRoot: true
runAsUser: 1000940000
fsGroup: 1000940000
initContainers:
- name: download-app
image: alpine/git:latest
command: ['sh', '-c']
args:
- |
git clone https://github.com/andersonid/openshift-resource-governance.git /tmp/app
cp -r /tmp/app/app /shared/
cp /tmp/app/requirements.txt /shared/
volumeMounts:
- name: app-code
mountPath: /shared
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
containers:
- name: resource-governance
image: python:3.11-slim
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
command: ['sh', '-c']
args:
- |
pip install --no-cache-dir -r /app/requirements.txt
python -m uvicorn app.main:app --host 0.0.0.0 --port 8080
volumeMounts:
- name: app-code
mountPath: /app
env:
- name: KUBECONFIG
value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
- name: CPU_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: CPU_LIMIT_RATIO
- name: MEMORY_LIMIT_RATIO
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: MEMORY_LIMIT_RATIO
- name: PROMETHEUS_URL
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: PROMETHEUS_URL
- name: VPA_NAMESPACES
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: VPA_NAMESPACES
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: resource-governance-config
key: LOG_LEVEL
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: app-code
emptyDir: {}
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
effect: NoSchedule

15
k8s/daemonset.yaml
View File

@@ -18,18 +18,27 @@ spec:
app.kubernetes.io/component: governance app.kubernetes.io/component: governance
spec: spec:
serviceAccountName: resource-governance-sa serviceAccountName: resource-governance-sa
imagePullSecrets:
- name: docker-hub-secret
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000940000
fsGroup: 1000 fsGroup: 1000940000
containers: containers:
- name: resource-governance - name: resource-governance
image: resource-governance:latest image: andersonid/openshift-resource-governance:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
protocol: TCP protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env: env:
- name: KUBECONFIG - name: KUBECONFIG
value: "/var/run/secrets/kubernetes.io/serviceaccount/token" value: "/var/run/secrets/kubernetes.io/serviceaccount/token"

2
requirements.txt
View File

@@ -4,6 +4,7 @@ kubernetes==28.1.0
prometheus-client==0.19.0 prometheus-client==0.19.0
requests==2.31.0 requests==2.31.0
pydantic==2.5.0 pydantic==2.5.0
pydantic-settings==2.1.0
python-multipart==0.0.6 python-multipart==0.0.6
jinja2==3.1.2 jinja2==3.1.2
aiofiles==23.2.1 aiofiles==23.2.1
@@ -12,3 +13,4 @@ reportlab==4.0.7
python-jose[cryptography]==3.3.0 python-jose[cryptography]==3.3.0
passlib[bcrypt]==1.7.4 passlib[bcrypt]==1.7.4
python-dotenv==1.0.0 python-dotenv==1.0.0
aiohttp==3.9.1

80
scripts/build-and-push.sh Executable file
View File

@@ -0,0 +1,80 @@
#!/bin/bash
# Script de build e push para OpenShift Resource Governance Tool usando Podman
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configurações
IMAGE_NAME="resource-governance"
TAG="${1:-latest}"
REGISTRY="${2:-andersonid}"
FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}"
echo -e "${BLUE}🚀 Building and Pushing OpenShift Resource Governance Tool${NC}"
echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}"
# Verificar se Podman está instalado
if ! command -v podman &> /dev/null; then
echo -e "${RED}❌ Podman não está instalado. Instale o Podman e tente novamente.${NC}"
exit 1
fi
# Buildah é opcional, Podman pode fazer o build
# Build da imagem
echo -e "${YELLOW}📦 Building container image with Podman...${NC}"
podman build -t "${FULL_IMAGE_NAME}" .
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Image built successfully!${NC}"
else
echo -e "${RED}❌ Build failed!${NC}"
exit 1
fi
# Testar a imagem
echo -e "${YELLOW}🧪 Testing image...${NC}"
podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')"
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Image test passed!${NC}"
else
echo -e "${RED}❌ Image test failed!${NC}"
exit 1
fi
# Login no Docker Hub
echo -e "${YELLOW}🔐 Logging into Docker Hub...${NC}"
podman login docker.io
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Login successful!${NC}"
else
echo -e "${RED}❌ Login failed!${NC}"
exit 1
fi
# Push da imagem
echo -e "${YELLOW}📤 Pushing image to Docker Hub...${NC}"
podman push "${FULL_IMAGE_NAME}"
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Image pushed successfully!${NC}"
else
echo -e "${RED}❌ Push failed!${NC}"
exit 1
fi
# Mostrar informações da imagem
echo -e "${BLUE}📊 Image information:${NC}"
podman images "${FULL_IMAGE_NAME}"
echo -e "${GREEN}🎉 Build and push completed successfully!${NC}"
echo -e "${BLUE}🌐 Image available at: https://hub.docker.com/r/${REGISTRY}/${IMAGE_NAME}${NC}"
echo -e "${BLUE}🚀 Ready for deployment!${NC}"

18
scripts/build.sh
View File

@@ -19,15 +19,15 @@ FULL_IMAGE_NAME="${REGISTRY}/${IMAGE_NAME}:${TAG}"
echo -e "${BLUE}🚀 Building OpenShift Resource Governance Tool${NC}" echo -e "${BLUE}🚀 Building OpenShift Resource Governance Tool${NC}"
echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}" echo -e "${BLUE}Image: ${FULL_IMAGE_NAME}${NC}"
# Verificar se Docker está rodando # Verificar se Podman está instalado
if ! docker info > /dev/null 2>&1; then if ! command -v podman &> /dev/null; then
echo -e "${RED}Docker não está rodando. Inicie o Docker e tente novamente.${NC}" echo -e "${RED}Podman não está instalado. Instale o Podman e tente novamente.${NC}"
exit 1 exit 1
fi fi
# Build da imagem # Build da imagem
echo -e "${YELLOW}📦 Building Docker image...${NC}" echo -e "${YELLOW}📦 Building container image with Podman...${NC}"
docker build -t "${FULL_IMAGE_NAME}" . podman build -t "${FULL_IMAGE_NAME}" .
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Image built successfully!${NC}" echo -e "${GREEN}✅ Image built successfully!${NC}"
@@ -38,7 +38,7 @@ fi
# Testar a imagem # Testar a imagem
echo -e "${YELLOW}🧪 Testing image...${NC}" echo -e "${YELLOW}🧪 Testing image...${NC}"
docker run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')" podman run --rm "${FULL_IMAGE_NAME}" python -c "import app.main; print('✅ App imports successfully')"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ Image test passed!${NC}" echo -e "${GREEN}✅ Image test passed!${NC}"
@@ -49,10 +49,10 @@ fi
# Mostrar informações da imagem # Mostrar informações da imagem
echo -e "${BLUE}📊 Image information:${NC}" echo -e "${BLUE}📊 Image information:${NC}"
docker images "${FULL_IMAGE_NAME}" podman images "${FULL_IMAGE_NAME}"
echo -e "${GREEN}🎉 Build completed successfully!${NC}" echo -e "${GREEN}🎉 Build completed successfully!${NC}"
echo -e "${BLUE}To push to registry:${NC}" echo -e "${BLUE}To push to registry:${NC}"
echo -e " docker push ${FULL_IMAGE_NAME}" echo -e " podman push ${FULL_IMAGE_NAME}"
echo -e "${BLUE}To run locally:${NC}" echo -e "${BLUE}To run locally:${NC}"
echo -e " docker run -p 8080:8080 ${FULL_IMAGE_NAME}" echo -e " podman run -p 8080:8080 ${FULL_IMAGE_NAME}"

113
scripts/deploy-complete.sh Executable file
View File

@@ -0,0 +1,113 @@
#!/bin/bash
# Script completo de deploy para OpenShift Resource Governance Tool
# Para ser executado por qualquer cluster-admin
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configurações
NAMESPACE="resource-governance"
APP_NAME="resource-governance"
SECRET_NAME="docker-hub-secret"
echo -e "${BLUE}🚀 Deploy Completo - OpenShift Resource Governance Tool${NC}"
echo -e "${BLUE}====================================================${NC}"
# Verificar se está logado no OpenShift
if ! oc whoami > /dev/null 2>&1; then
echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
echo -e "${YELLOW}💡 Execute: oc login <cluster-url>${NC}"
exit 1
fi
echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
# Verificar se tem permissões de cluster-admin
if ! oc auth can-i create namespaces > /dev/null 2>&1; then
echo -e "${RED}❌ Permissões insuficientes. Este script requer cluster-admin.${NC}"
exit 1
fi
echo -e "${GREEN}✅ Permissões de cluster-admin confirmadas${NC}"
# Criar namespace
echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}"
oc apply -f k8s/namespace.yaml
# Aplicar RBAC
echo -e "${YELLOW}🔐 Configurando RBAC...${NC}"
oc apply -f k8s/rbac.yaml
# Aplicar ConfigMap
echo -e "${YELLOW}⚙️ Configurando ConfigMap...${NC}"
oc apply -f k8s/configmap.yaml
# Configurar ImagePullSecret
echo -e "${YELLOW}🔑 Configurando ImagePullSecret para Docker Hub...${NC}"
echo -e "${BLUE}💡 Digite suas credenciais do Docker Hub:${NC}"
read -p "Username: " DOCKER_USERNAME
read -s -p "Password/Token: " DOCKER_PASSWORD
echo
# Criar o secret
oc create secret docker-registry $SECRET_NAME \
--docker-server=docker.io \
--docker-username=$DOCKER_USERNAME \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_USERNAME@example.com \
-n $NAMESPACE \
--dry-run=client -o yaml | oc apply -f -
# Adicionar o secret ao service account
oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}'
echo -e "${GREEN}✅ ImagePullSecret configurado${NC}"
# Aplicar DaemonSet
echo -e "${YELLOW}📦 Deployando DaemonSet...${NC}"
oc apply -f k8s/daemonset.yaml
# Aplicar Service
echo -e "${YELLOW}🌐 Configurando Service...${NC}"
oc apply -f k8s/service.yaml
# Aplicar Route
echo -e "${YELLOW}🛣️ Configurando Route...${NC}"
oc apply -f k8s/route.yaml
# Aguardar pods ficarem prontos
echo -e "${YELLOW}⏳ Aguardando pods ficarem prontos...${NC}"
oc wait --for=condition=ready pod -l app.kubernetes.io/name=$APP_NAME -n $NAMESPACE --timeout=300s
# Verificar status
echo -e "${YELLOW}📊 Verificando status do deploy...${NC}"
oc get all -n $NAMESPACE
# Obter URL da aplicação
ROUTE_URL=$(oc get route $APP_NAME -n $NAMESPACE -o jsonpath='{.spec.host}' 2>/dev/null || echo "N/A")
echo -e "${GREEN}🎉 Deploy concluído com sucesso!${NC}"
echo -e "${BLUE}====================================================${NC}"
echo -e "${GREEN}✅ Namespace: $NAMESPACE${NC}"
echo -e "${GREEN}✅ DaemonSet: $APP_NAME${NC}"
echo -e "${GREEN}✅ Service: $APP_NAME${NC}"
echo -e "${GREEN}✅ Route: $APP_NAME${NC}"
if [ "$ROUTE_URL" != "N/A" ]; then
echo -e "${GREEN}🌐 URL da aplicação: https://$ROUTE_URL${NC}"
fi
echo -e "${BLUE}====================================================${NC}"
# Mostrar comandos úteis
echo -e "${YELLOW}📋 Comandos úteis:${NC}"
echo -e "${BLUE} Ver logs: oc logs -f daemonset/$APP_NAME -n $NAMESPACE${NC}"
echo -e "${BLUE} Ver pods: oc get pods -n $NAMESPACE${NC}"
echo -e "${BLUE} Ver status: oc get all -n $NAMESPACE${NC}"
echo -e "${BLUE} Acessar API: curl https://$ROUTE_URL/api/health${NC}"
echo -e "${GREEN}🎯 Aplicação pronta para uso!${NC}"

50
scripts/push-to-internal-registry.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
# Script para fazer push da imagem para o registry interno do OpenShift
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
NAMESPACE="resource-governance"
IMAGE_NAME="resource-governance"
TAG="latest"
echo -e "${BLUE}🚀 Push para registry interno do OpenShift${NC}"
# Verificar se está logado no OpenShift
if ! oc whoami > /dev/null 2>&1; then
echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
exit 1
fi
echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
# Fazer login no registry interno
echo -e "${YELLOW}🔐 Fazendo login no registry interno...${NC}"
oc registry login
# Obter a URL do registry
REGISTRY_URL=$(oc get route -n openshift-image-registry default-route -o jsonpath='{.spec.host}' 2>/dev/null || echo "image-registry.openshift-image-registry.svc:5000")
echo -e "${BLUE}📦 Registry URL: $REGISTRY_URL${NC}"
# Tag da imagem
FULL_IMAGE_NAME="$REGISTRY_URL/$NAMESPACE/$IMAGE_NAME:$TAG"
echo -e "${YELLOW}🏷️ Criando tag: $FULL_IMAGE_NAME${NC}"
podman tag andersonid/resource-governance:simple $FULL_IMAGE_NAME
# Push da imagem
echo -e "${YELLOW}📤 Fazendo push da imagem...${NC}"
podman push $FULL_IMAGE_NAME --tls-verify=false
# Atualizar o DaemonSet
echo -e "${YELLOW}🔄 Atualizando DaemonSet...${NC}"
oc set image daemonset/$IMAGE_NAME $IMAGE_NAME=$FULL_IMAGE_NAME -n $NAMESPACE
echo -e "${GREEN}✅ Push concluído com sucesso!${NC}"
echo -e "${BLUE}📊 Verificando status dos pods...${NC}"
oc get pods -n $NAMESPACE

54
scripts/setup-docker-secret.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# Script para configurar ImagePullSecret para Docker Hub
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
NAMESPACE="resource-governance"
SECRET_NAME="docker-hub-secret"
echo -e "${BLUE}🔐 Configurando ImagePullSecret para Docker Hub${NC}"
# Verificar se está logado no OpenShift
if ! oc whoami > /dev/null 2>&1; then
echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
exit 1
fi
echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
# Verificar se o namespace existe
if ! oc get namespace $NAMESPACE > /dev/null 2>&1; then
echo -e "${YELLOW}📁 Criando namespace $NAMESPACE...${NC}"
oc create namespace $NAMESPACE
fi
# Solicitar credenciais do Docker Hub
echo -e "${YELLOW}🔑 Digite suas credenciais do Docker Hub:${NC}"
read -p "Username: " DOCKER_USERNAME
read -s -p "Password/Token: " DOCKER_PASSWORD
echo
# Criar o secret
echo -e "${YELLOW}🔐 Criando ImagePullSecret...${NC}"
oc create secret docker-registry $SECRET_NAME \
--docker-server=docker.io \
--docker-username=$DOCKER_USERNAME \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_USERNAME@example.com \
-n $NAMESPACE
# Adicionar o secret ao service account
echo -e "${YELLOW}🔗 Adicionando secret ao ServiceAccount...${NC}"
oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "'$SECRET_NAME'"}]}'
echo -e "${GREEN}✅ ImagePullSecret configurado com sucesso!${NC}"
echo -e "${BLUE}📋 Secret criado: $SECRET_NAME${NC}"
echo -e "${BLUE}📋 Namespace: $NAMESPACE${NC}"
echo -e "${BLUE}📋 ServiceAccount atualizado: resource-governance-sa${NC}"

65
scripts/test-deploy.sh Executable file
View File

@@ -0,0 +1,65 @@
#!/bin/bash
# Script de teste de deploy (sem input interativo)
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configurações
NAMESPACE="resource-governance"
APP_NAME="resource-governance"
echo -e "${BLUE}🧪 Teste de Deploy - OpenShift Resource Governance Tool${NC}"
echo -e "${BLUE}====================================================${NC}"
# Verificar se está logado no OpenShift
if ! oc whoami > /dev/null 2>&1; then
echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
exit 1
fi
echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
# Aplicar manifests
echo -e "${YELLOW}📁 Aplicando manifests...${NC}"
oc apply -f k8s/namespace.yaml
oc apply -f k8s/rbac.yaml
oc apply -f k8s/configmap.yaml
# Criar ImagePullSecret temporário (sem credenciais reais)
echo -e "${YELLOW}🔐 Criando ImagePullSecret temporário...${NC}"
oc create secret docker-registry docker-hub-secret \
--docker-server=docker.io \
--docker-username=andersonid \
--docker-password=temp \
--docker-email=andersonid@example.com \
-n $NAMESPACE \
--dry-run=client -o yaml | oc apply -f -
# Adicionar o secret ao service account
oc patch serviceaccount resource-governance-sa -n $NAMESPACE -p '{"imagePullSecrets": [{"name": "docker-hub-secret"}]}'
# Aplicar DaemonSet
echo -e "${YELLOW}📦 Aplicando DaemonSet...${NC}"
oc apply -f k8s/daemonset.yaml
# Aplicar Service
echo -e "${YELLOW}🌐 Aplicando Service...${NC}"
oc apply -f k8s/service.yaml
# Aplicar Route
echo -e "${YELLOW}🛣️ Aplicando Route...${NC}"
oc apply -f k8s/route.yaml
# Verificar status
echo -e "${YELLOW}📊 Verificando status...${NC}"
oc get all -n $NAMESPACE
echo -e "${GREEN}✅ Deploy de teste concluído!${NC}"
echo -e "${BLUE}💡 Para configurar credenciais reais do Docker Hub, execute:${NC}"
echo -e "${BLUE} ./scripts/setup-docker-secret.sh${NC}"

71
scripts/undeploy-complete.sh Executable file
View File

@@ -0,0 +1,71 @@
#!/bin/bash
# Script completo de undeploy para OpenShift Resource Governance Tool
set -e
# Cores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configurações
NAMESPACE="resource-governance"
echo -e "${BLUE}🗑️ Undeploy - OpenShift Resource Governance Tool${NC}"
echo -e "${BLUE}===============================================${NC}"
# Verificar se está logado no OpenShift
if ! oc whoami > /dev/null 2>&1; then
echo -e "${RED}❌ Não está logado no OpenShift. Faça login primeiro.${NC}"
exit 1
fi
echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}"
# Confirmar remoção
echo -e "${YELLOW}⚠️ Tem certeza que deseja remover a aplicação do namespace '$NAMESPACE'?${NC}"
read -p "Digite 'yes' para confirmar: " CONFIRM
if [ "$CONFIRM" != "yes" ]; then
echo -e "${YELLOW}❌ Operação cancelada.${NC}"
exit 0
fi
# Remover recursos
echo -e "${YELLOW}🗑️ Removendo recursos...${NC}"
# Remover Route
echo -e "${YELLOW} 🛣️ Removendo Route...${NC}"
oc delete -f k8s/route.yaml --ignore-not-found=true
# Remover Service
echo -e "${YELLOW} 🌐 Removendo Service...${NC}"
oc delete -f k8s/service.yaml --ignore-not-found=true
# Remover DaemonSet
echo -e "${YELLOW} 📦 Removendo DaemonSet...${NC}"
oc delete -f k8s/daemonset.yaml --ignore-not-found=true
# Aguardar pods serem removidos
echo -e "${YELLOW} ⏳ Aguardando pods serem removidos...${NC}"
oc wait --for=delete pod -l app.kubernetes.io/name=resource-governance -n $NAMESPACE --timeout=60s || true
# Remover ConfigMap
echo -e "${YELLOW} ⚙️ Removendo ConfigMap...${NC}"
oc delete -f k8s/configmap.yaml --ignore-not-found=true
# Remover RBAC
echo -e "${YELLOW} 🔐 Removendo RBAC...${NC}"
oc delete -f k8s/rbac.yaml --ignore-not-found=true
# Remover namespace (opcional)
echo -e "${YELLOW} 📁 Removendo namespace...${NC}"
oc delete -f k8s/namespace.yaml --ignore-not-found=true
echo -e "${GREEN}✅ Undeploy concluído com sucesso!${NC}"
echo -e "${BLUE}===============================================${NC}"
echo -e "${GREEN}✅ Todos os recursos foram removidos${NC}"
echo -e "${GREEN}✅ Namespace '$NAMESPACE' foi removido${NC}"
echo -e "${BLUE}===============================================${NC}"