Add CI/CD with GitHub Actions and migrate to Deployment

- Migrate from DaemonSet to Deployment for better efficiency - Add GitHub Actions for automatic build and deploy - Add Blue-Green deployment strategy with health checks - Add scripts for development and production workflows - Update documentation with CI/CD flow
2025-09-25 17:20:38 -03:00
parent 4e57a896fe
commit 3a6875a80e
12 changed files with 1344 additions and 13 deletions
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -0,0 +1,120 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: resource-governance
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: resource-governance
+      app.kubernetes.io/component: governance
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: resource-governance
+        app.kubernetes.io/component: governance
+    spec:
+      serviceAccountName: resource-governance-sa
+      imagePullSecrets:
+      - name: docker-hub-secret
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000940000
+        fsGroup: 1000940000
+      containers:
+      - name: resource-governance
+        image: andersonid/openshift-resource-governance:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /api/v1/health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /api/v1/health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          seccompProfile:
+            type: RuntimeDefault
+        env:
+        - name: KUBECONFIG
+          value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        - name: CPU_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CPU_LIMIT_RATIO
+        - name: MEMORY_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MEMORY_LIMIT_RATIO
+        - name: MIN_CPU_REQUEST
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MIN_CPU_REQUEST
+        - name: MIN_MEMORY_REQUEST
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MIN_MEMORY_REQUEST
+        - name: CRITICAL_NAMESPACES
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CRITICAL_NAMESPACES
+        - name: PROMETHEUS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: PROMETHEUS_URL
+        - name: REPORT_EXPORT_PATH
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: REPORT_EXPORT_PATH
+        - name: SERVICE_ACCOUNT_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: SERVICE_ACCOUNT_NAME
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+        volumeMounts:
+        - name: reports
+          mountPath: /tmp/reports
+      volumes:
+      - name: reports
+        emptyDir: {}
+      restartPolicy: Always