Initial commit: OpenShift Resource Governance Tool

- Implementa ferramenta completa de governança de recursos
- Backend Python com FastAPI para coleta de dados
- Validações seguindo best practices Red Hat
- Integração com Prometheus e VPA
- UI web interativa para visualização
- Relatórios em JSON, CSV e PDF
- Deploy como DaemonSet com RBAC
- Scripts de automação para build e deploy

k8s/configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: resource-governance-config
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+data:
+  # Configurações da aplicação
+  CPU_LIMIT_RATIO: "3.0"
+  MEMORY_LIMIT_RATIO: "3.0"
+  MIN_CPU_REQUEST: "10m"
+  MIN_MEMORY_REQUEST: "32Mi"
+  
+  # Namespaces críticos para VPA
+  CRITICAL_NAMESPACES: |
+    openshift-monitoring
+    openshift-ingress
+    openshift-apiserver
+    openshift-controller-manager
+    openshift-sdn
+  
+  # URL do Prometheus
+  PROMETHEUS_URL: "http://prometheus.openshift-monitoring.svc.cluster.local:9090"
+  
+  # Configurações de relatório
+  REPORT_EXPORT_PATH: "/tmp/reports"
+  
+  # Configurações de segurança
+  ENABLE_RBAC: "true"
+  SERVICE_ACCOUNT_NAME: "resource-governance-sa"

k8s/daemonset.yaml

@@ -0,0 +1,122 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: resource-governance
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: resource-governance
+      app.kubernetes.io/component: governance
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: resource-governance
+        app.kubernetes.io/component: governance
+    spec:
+      serviceAccountName: resource-governance-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 1000
+      containers:
+      - name: resource-governance
+        image: resource-governance:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        env:
+        - name: KUBECONFIG
+          value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+        - name: CPU_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CPU_LIMIT_RATIO
+        - name: MEMORY_LIMIT_RATIO
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MEMORY_LIMIT_RATIO
+        - name: MIN_CPU_REQUEST
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MIN_CPU_REQUEST
+        - name: MIN_MEMORY_REQUEST
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: MIN_MEMORY_REQUEST
+        - name: CRITICAL_NAMESPACES
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: CRITICAL_NAMESPACES
+        - name: PROMETHEUS_URL
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: PROMETHEUS_URL
+        - name: REPORT_EXPORT_PATH
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: REPORT_EXPORT_PATH
+        - name: ENABLE_RBAC
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: ENABLE_RBAC
+        - name: SERVICE_ACCOUNT_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: resource-governance-config
+              key: SERVICE_ACCOUNT_NAME
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        volumeMounts:
+        - name: reports-volume
+          mountPath: /tmp/reports
+        - name: tmp-volume
+          mountPath: /tmp
+      volumes:
+      - name: reports-volume
+        emptyDir: {}
+      - name: tmp-volume
+        emptyDir: {}
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule

k8s/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- namespace.yaml
+- rbac.yaml
+- configmap.yaml
+- daemonset.yaml
+- service.yaml
+- route.yaml
+
+commonLabels:
+  app.kubernetes.io/name: resource-governance
+  app.kubernetes.io/component: governance
+  app.kubernetes.io/part-of: openshift-governance
+
+images:
+- name: resource-governance
+  newTag: latest

k8s/namespace.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: resource-governance
+  labels:
+    name: resource-governance
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: resource-governance-quota
+  namespace: resource-governance
+spec:
+  hard:
+    requests.cpu: "2"
+    requests.memory: 4Gi
+    limits.cpu: "4"
+    limits.memory: 8Gi
+    pods: "10"
+---
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: resource-governance-limits
+  namespace: resource-governance
+spec:
+  limits:
+  - default:
+      cpu: "500m"
+      memory: "512Mi"
+    defaultRequest:
+      cpu: "100m"
+      memory: "128Mi"
+    type: Container

k8s/rbac.yaml

@@ -0,0 +1,93 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: resource-governance-sa
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resource-governance-role
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+rules:
+# Permissões para listar e ler pods
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+# Permissões para listar e ler namespaces
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list", "watch"]
+# Permissões para listar e ler nós
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list", "watch"]
+# Permissões para VPA (Vertical Pod Autoscaler)
+- apiGroups: ["autoscaling.k8s.io"]
+  resources: ["verticalpodautoscalers"]
+  verbs: ["get", "list", "watch"]
+# Permissões para deployments e replicasets (para aplicar recomendações)
+- apiGroups: ["apps"]
+  resources: ["deployments", "replicasets"]
+  verbs: ["get", "list", "watch", "patch", "update"]
+# Permissões para pods (para aplicar recomendações)
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch", "patch", "update"]
+# Permissões para eventos (para logging)
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["get", "list", "watch", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: resource-governance-binding
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: resource-governance-role
+subjects:
+- kind: ServiceAccount
+  name: resource-governance-sa
+  namespace: resource-governance
+---
+# Role para acessar recursos do Prometheus (se necessário)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: resource-governance-prometheus-role
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+rules:
+# Permissões para acessar serviços do Prometheus
+- apiGroups: [""]
+  resources: ["services", "endpoints"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: resource-governance-prometheus-binding
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: resource-governance-prometheus-role
+subjects:
+- kind: ServiceAccount
+  name: resource-governance-sa
+  namespace: resource-governance

k8s/route.yaml

@@ -0,0 +1,23 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: resource-governance-route
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+  annotations:
+    haproxy.router.openshift.io/timeout: "300s"
+    haproxy.router.openshift.io/rate-limit: "100"
+spec:
+  host: resource-governance.apps.openshift.local
+  to:
+    kind: Service
+    name: resource-governance-service
+    weight: 100
+  port:
+    targetPort: http
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Redirect
+  wildcardPolicy: None

k8s/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: resource-governance-service
+  namespace: resource-governance
+  labels:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app.kubernetes.io/name: resource-governance
+    app.kubernetes.io/component: governance