From c79ceac31df75526cfe52b6454bdc32d5fa466f1 Mon Sep 17 00:00:00 2001 From: andersonid Date: Thu, 25 Sep 2025 14:28:34 -0300 Subject: [PATCH] Add GitHub integration and OpenShift deployment automation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Adiciona GitHub Actions workflow para CI/CD - Cria script openshift-deploy.sh para deploy simplificado - Adiciona template OpenShift com parâmetros configuráveis - Inclui documentação completa de deploy (DEPLOY.md) - Configura integração com Quay.io registry - Facilita deploy direto do repositório GitHub --- .github/workflows/openshift-deploy.yml | 101 +++++++++ DEPLOY.md | 289 ++++++++++++++++++++++++ openshift-deploy.sh | 95 ++++++++ openshift-git-deploy.yaml | 294 +++++++++++++++++++++++++ 4 files changed, 779 insertions(+) create mode 100644 .github/workflows/openshift-deploy.yml create mode 100644 DEPLOY.md create mode 100755 openshift-deploy.sh create mode 100644 openshift-git-deploy.yaml diff --git a/.github/workflows/openshift-deploy.yml b/.github/workflows/openshift-deploy.yml new file mode 100644 index 0000000..a9d7ec3 --- /dev/null +++ b/.github/workflows/openshift-deploy.yml @@ -0,0 +1,101 @@ +name: Deploy to OpenShift + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + +env: + IMAGE_NAME: resource-governance + REGISTRY: quay.io/andersonid + NAMESPACE: resource-governance + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Run tests + run: | + python -c "import app.main; print('✅ App imports successfully')" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,prefix={{branch}}- + type=raw,value=latest,enable={{is_default_branch}} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Install OpenShift CLI + run: | + curl -L https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar -xz -C /usr/local/bin/ + chmod +x /usr/local/bin/oc + + - name: Deploy to OpenShift + if: github.ref == 'refs/heads/main' + run: | + # Login to OpenShift + echo "${{ secrets.OPENSHIFT_TOKEN }}" | oc login ${{ secrets.OPENSHIFT_SERVER }} --token-stdin + + # Update image in DaemonSet + oc set image daemonset/${{ env.IMAGE_NAME }} ${{ env.IMAGE_NAME }}=${{ steps.meta.outputs.tags }} -n ${{ env.NAMESPACE }} || true + + # Apply manifests + oc apply -f k8s/namespace.yaml + oc apply -f k8s/rbac.yaml + oc apply -f k8s/configmap.yaml + oc apply -f k8s/daemonset.yaml + oc apply -f k8s/service.yaml + oc apply -f k8s/route.yaml + + # Wait for rollout + oc rollout status daemonset/${{ env.IMAGE_NAME }} -n ${{ env.NAMESPACE }} --timeout=300s + + # Get route URL + ROUTE_URL=$(oc get route ${{ env.IMAGE_NAME }}-route -n ${{ env.NAMESPACE }} -o jsonpath='{.spec.host}' 2>/dev/null || echo "") + if [ -n "$ROUTE_URL" ]; then + echo "🚀 Application deployed successfully!" + echo "🌐 URL: https://$ROUTE_URL" + fi + env: + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/DEPLOY.md b/DEPLOY.md new file mode 100644 index 0000000..d2b3072 --- /dev/null +++ b/DEPLOY.md @@ -0,0 +1,289 @@ +# 🚀 Deploy no OpenShift + +Este documento explica como fazer deploy da OpenShift Resource Governance Tool no seu cluster OpenShift. + +## 📋 Pré-requisitos + +- Cluster OpenShift 4.x +- OpenShift CLI (oc) instalado e configurado +- Acesso ao cluster com permissões para criar recursos +- Container Registry (Quay.io, Docker Hub, etc.) + +## 🎯 Opções de Deploy + +### 1. Deploy Rápido (Recomendado) + +```bash +# Clone o repositório +git clone https://github.com/andersonid/openshift-resource-governance.git +cd openshift-resource-governance + +# Execute o script de deploy +./openshift-deploy.sh +``` + +### 2. Deploy via Template OpenShift + +```bash +# Processar template com parâmetros +oc process -f openshift-git-deploy.yaml \ + -p GITHUB_REPO="https://github.com/andersonid/openshift-resource-governance.git" \ + -p IMAGE_TAG="latest" \ + -p REGISTRY="quay.io/seu-usuario" \ + -p NAMESPACE="resource-governance" | oc apply -f - +``` + +### 3. Deploy Manual + +```bash +# 1. Criar namespace +oc apply -f k8s/namespace.yaml + +# 2. Aplicar RBAC +oc apply -f k8s/rbac.yaml + +# 3. Aplicar ConfigMap +oc apply -f k8s/configmap.yaml + +# 4. Atualizar imagem no DaemonSet +oc set image daemonset/resource-governance resource-governance=quay.io/seu-usuario/resource-governance:latest -n resource-governance + +# 5. Aplicar recursos +oc apply -f k8s/daemonset.yaml +oc apply -f k8s/service.yaml +oc apply -f k8s/route.yaml +``` + +## 🔧 Configuração + +### Variáveis de Ambiente + +A aplicação pode ser configurada através do ConfigMap: + +```yaml +data: + CPU_LIMIT_RATIO: "3.0" # Ratio padrão limit:request para CPU + MEMORY_LIMIT_RATIO: "3.0" # Ratio padrão limit:request para memória + MIN_CPU_REQUEST: "10m" # Mínimo de CPU request + MIN_MEMORY_REQUEST: "32Mi" # Mínimo de memória request + CRITICAL_NAMESPACES: | # Namespaces críticos para VPA + openshift-monitoring + openshift-ingress + openshift-apiserver + PROMETHEUS_URL: "http://prometheus.openshift-monitoring.svc.cluster.local:9090" +``` + +### Personalizar Configurações + +```bash +# Editar ConfigMap +oc edit configmap resource-governance-config -n resource-governance + +# Reiniciar pods para aplicar mudanças +oc rollout restart daemonset/resource-governance -n resource-governance +``` + +## 🌐 Acesso à Aplicação + +### Obter URL da Rota + +```bash +# Obter URL da rota +oc get route resource-governance-route -n resource-governance -o jsonpath='{.spec.host}' + +# Acessar via browser +# https://resource-governance-route-resource-governance.apps.openshift.local +``` + +### Testar Aplicação + +```bash +# Health check +curl https://resource-governance-route-resource-governance.apps.openshift.local/health + +# API status +curl https://resource-governance-route-resource-governance.apps.openshift.local/api/v1/cluster/status +``` + +## 📊 Monitoramento + +### Ver Logs + +```bash +# Logs do DaemonSet +oc logs -f daemonset/resource-governance -n resource-governance + +# Logs de um pod específico +oc logs -f -n resource-governance +``` + +### Ver Status + +```bash +# Status dos recursos +oc get all -n resource-governance + +# Status detalhado do DaemonSet +oc describe daemonset/resource-governance -n resource-governance + +# Status dos pods +oc get pods -n resource-governance -o wide +``` + +### Verificar RBAC + +```bash +# Verificar permissões do ServiceAccount +oc auth can-i get pods --as=system:serviceaccount:resource-governance:resource-governance-sa + +# Verificar ClusterRole +oc describe clusterrole resource-governance-role +``` + +## 🔄 Atualizações + +### Atualizar Imagem + +```bash +# Atualizar para nova tag +oc set image daemonset/resource-governance resource-governance=quay.io/seu-usuario/resource-governance:v1.1.0 -n resource-governance + +# Aguardar rollout +oc rollout status daemonset/resource-governance -n resource-governance +``` + +### Atualizar do GitHub + +```bash +# Pull das mudanças +git pull origin main + +# Deploy com nova tag +./openshift-deploy.sh v1.1.0 +``` + +## 🗑️ Remoção + +### Remover Aplicação + +```bash +# Usar script de undeploy +./scripts/undeploy.sh + +# Ou remover manualmente +oc delete -f k8s/route.yaml +oc delete -f k8s/service.yaml +oc delete -f k8s/daemonset.yaml +oc delete -f k8s/configmap.yaml +oc delete -f k8s/rbac.yaml +oc delete -f k8s/namespace.yaml +``` + +## 🐛 Troubleshooting + +### Problemas Comuns + +#### 1. Pod não inicia +```bash +# Verificar eventos +oc get events -n resource-governance --sort-by='.lastTimestamp' + +# Verificar logs +oc logs -n resource-governance +``` + +#### 2. Erro de permissão +```bash +# Verificar RBAC +oc auth can-i get pods --as=system:serviceaccount:resource-governance:resource-governance-sa + +# Verificar ServiceAccount +oc get serviceaccount resource-governance-sa -n resource-governance -o yaml +``` + +#### 3. Erro de conectividade com Prometheus +```bash +# Verificar se Prometheus está acessível +oc exec -it -n resource-governance -- curl http://prometheus.openshift-monitoring.svc.cluster.local:9090/api/v1/query?query=up +``` + +#### 4. Rota não acessível +```bash +# Verificar rota +oc get route resource-governance-route -n resource-governance -o yaml + +# Verificar ingress controller +oc get pods -n openshift-ingress +``` + +### Logs de Debug + +```bash +# Ativar logs debug (se necessário) +oc set env daemonset/resource-governance LOG_LEVEL=DEBUG -n resource-governance + +# Ver logs em tempo real +oc logs -f daemonset/resource-governance -n resource-governance --tail=100 +``` + +## 📈 Escalabilidade + +### Ajustar Recursos + +```bash +# Aumentar recursos do DaemonSet +oc patch daemonset resource-governance -n resource-governance -p '{ + "spec": { + "template": { + "spec": { + "containers": [{ + "name": "resource-governance", + "resources": { + "requests": {"cpu": "200m", "memory": "256Mi"}, + "limits": {"cpu": "1000m", "memory": "1Gi"} + } + }] + } + } + } +}' +``` + +### Ajustar ResourceQuota + +```bash +# Aumentar quota do namespace +oc patch resourcequota resource-governance-quota -n resource-governance -p '{ + "spec": { + "hard": { + "requests.cpu": "4", + "requests.memory": "8Gi", + "limits.cpu": "8", + "limits.memory": "16Gi" + } + } +}' +``` + +## 🔐 Segurança + +### Verificar SecurityContext + +```bash +# Verificar se está rodando como usuário não-root +oc get pod -n resource-governance -o jsonpath='{.spec.securityContext}' +``` + +### Verificar NetworkPolicies + +```bash +# Se usando NetworkPolicies, verificar se permite tráfego +oc get networkpolicy -n resource-governance +``` + +## 📞 Suporte + +Para suporte e dúvidas: +- Abra uma issue no [GitHub](https://github.com/andersonid/openshift-resource-governance/issues) +- Consulte a documentação do [OpenShift](https://docs.openshift.com/) +- Verifique os logs da aplicação diff --git a/openshift-deploy.sh b/openshift-deploy.sh new file mode 100755 index 0000000..d8a62c7 --- /dev/null +++ b/openshift-deploy.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +# Script de deploy para OpenShift usando GitHub +set -e + +# Cores para output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Configurações +REPO_URL="https://github.com/andersonid/openshift-resource-governance.git" +IMAGE_NAME="resource-governance" +REGISTRY="quay.io/andersonid" +TAG="${1:-latest}" +NAMESPACE="resource-governance" + +echo -e "${BLUE}🚀 Deploying OpenShift Resource Governance Tool from GitHub${NC}" +echo -e "${BLUE}Repository: ${REPO_URL}${NC}" +echo -e "${BLUE}Image: ${REGISTRY}/${IMAGE_NAME}:${TAG}${NC}" + +# Verificar se oc está instalado +if ! command -v oc &> /dev/null; then + echo -e "${RED}❌ OpenShift CLI (oc) não está instalado.${NC}" + echo -e "${YELLOW}Instale o oc CLI: https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html${NC}" + exit 1 +fi + +# Verificar se está logado no OpenShift +if ! oc whoami &> /dev/null; then + echo -e "${RED}❌ Não está logado no OpenShift.${NC}" + echo -e "${YELLOW}Faça login com: oc login ${NC}" + exit 1 +fi + +echo -e "${GREEN}✅ Logado como: $(oc whoami)${NC}" + +# Criar namespace se não existir +echo -e "${YELLOW}📁 Creating namespace...${NC}" +oc apply -f k8s/namespace.yaml + +# Aplicar RBAC +echo -e "${YELLOW}🔐 Applying RBAC...${NC}" +oc apply -f k8s/rbac.yaml + +# Aplicar ConfigMap +echo -e "${YELLOW}⚙️ Applying ConfigMap...${NC}" +oc apply -f k8s/configmap.yaml + +# Atualizar imagem no DaemonSet +echo -e "${YELLOW}🔄 Updating image in DaemonSet...${NC}" +oc set image daemonset/${IMAGE_NAME} ${IMAGE_NAME}="${REGISTRY}/${IMAGE_NAME}:${TAG}" -n "${NAMESPACE}" || true + +# Aplicar DaemonSet +echo -e "${YELLOW}📦 Applying DaemonSet...${NC}" +oc apply -f k8s/daemonset.yaml + +# Aplicar Service +echo -e "${YELLOW}🌐 Applying Service...${NC}" +oc apply -f k8s/service.yaml + +# Aplicar Route +echo -e "${YELLOW}🛣️ Applying Route...${NC}" +oc apply -f k8s/route.yaml + +# Aguardar pods ficarem prontos +echo -e "${YELLOW}⏳ Waiting for pods to be ready...${NC}" +oc wait --for=condition=ready pod -l app.kubernetes.io/name=${IMAGE_NAME} -n "${NAMESPACE}" --timeout=300s + +# Obter URL da rota +ROUTE_URL=$(oc get route ${IMAGE_NAME}-route -n "${NAMESPACE}" -o jsonpath='{.spec.host}') +if [ -n "${ROUTE_URL}" ]; then + echo -e "${GREEN}🎉 Deploy completed successfully!${NC}" + echo -e "${BLUE}🌐 Application URL: https://${ROUTE_URL}${NC}" + echo -e "${BLUE}📊 GitHub Repository: ${REPO_URL}${NC}" +else + echo -e "${YELLOW}⚠️ Deploy completed, but route URL not found.${NC}" + echo -e "${BLUE}Check with: oc get routes -n ${NAMESPACE}${NC}" +fi + +# Mostrar status +echo -e "${BLUE}📊 Deployment status:${NC}" +oc get all -n "${NAMESPACE}" + +echo -e "${BLUE}🔍 To check logs:${NC}" +echo -e " oc logs -f daemonset/${IMAGE_NAME} -n ${NAMESPACE}" + +echo -e "${BLUE}🧪 To test health:${NC}" +echo -e " curl https://${ROUTE_URL}/health" + +echo -e "${BLUE}📝 To update from GitHub:${NC}" +echo -e " git pull origin main" +echo -e " ./openshift-deploy.sh " diff --git a/openshift-git-deploy.yaml b/openshift-git-deploy.yaml new file mode 100644 index 0000000..ecb59b1 --- /dev/null +++ b/openshift-git-deploy.yaml @@ -0,0 +1,294 @@ +apiVersion: v1 +kind: Template +metadata: + name: resource-governance-git-deploy + annotations: + description: "Deploy OpenShift Resource Governance Tool from GitHub repository" + tags: "governance,resources,openshift,github" +parameters: +- name: GITHUB_REPO + displayName: "GitHub Repository URL" + description: "URL do repositório GitHub" + value: "https://github.com/andersonid/openshift-resource-governance.git" +- name: IMAGE_TAG + displayName: "Image Tag" + description: "Tag da imagem Docker" + value: "latest" +- name: REGISTRY + displayName: "Container Registry" + description: "Registry da imagem Docker" + value: "quay.io/andersonid" +- name: NAMESPACE + displayName: "Namespace" + description: "Namespace para deploy" + value: "resource-governance" +objects: +- apiVersion: v1 + kind: Namespace + metadata: + name: ${NAMESPACE} + labels: + name: ${NAMESPACE} + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + app.kubernetes.io/part-of: openshift-governance +- apiVersion: v1 + kind: ResourceQuota + metadata: + name: resource-governance-quota + namespace: ${NAMESPACE} + spec: + hard: + requests.cpu: "2" + requests.memory: 4Gi + limits.cpu: "4" + limits.memory: 8Gi + pods: "10" +- apiVersion: v1 + kind: LimitRange + metadata: + name: resource-governance-limits + namespace: ${NAMESPACE} + spec: + limits: + - default: + cpu: "500m" + memory: "512Mi" + defaultRequest: + cpu: "100m" + memory: "128Mi" + type: Container +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: resource-governance-sa + namespace: ${NAMESPACE} + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: resource-governance-role + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "nodes", "events"] + verbs: ["get", "list", "watch", "patch", "update", "create"] + - apiGroups: ["autoscaling.k8s.io"] + resources: ["verticalpodautoscalers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: resource-governance-binding + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: resource-governance-role + subjects: + - kind: ServiceAccount + name: resource-governance-sa + namespace: ${NAMESPACE} +- apiVersion: v1 + kind: ConfigMap + metadata: + name: resource-governance-config + namespace: ${NAMESPACE} + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + data: + CPU_LIMIT_RATIO: "3.0" + MEMORY_LIMIT_RATIO: "3.0" + MIN_CPU_REQUEST: "10m" + MIN_MEMORY_REQUEST: "32Mi" + CRITICAL_NAMESPACES: | + openshift-monitoring + openshift-ingress + openshift-apiserver + openshift-controller-manager + openshift-sdn + PROMETHEUS_URL: "http://prometheus.openshift-monitoring.svc.cluster.local:9090" + REPORT_EXPORT_PATH: "/tmp/reports" + ENABLE_RBAC: "true" + SERVICE_ACCOUNT_NAME: "resource-governance-sa" + GITHUB_REPO: "${GITHUB_REPO}" +- apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: resource-governance + namespace: ${NAMESPACE} + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + spec: + selector: + matchLabels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + template: + metadata: + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + annotations: + github.com/repo: "${GITHUB_REPO}" + spec: + serviceAccountName: resource-governance-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: resource-governance + image: ${REGISTRY}/resource-governance:${IMAGE_TAG} + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: KUBECONFIG + value: "/var/run/secrets/kubernetes.io/serviceaccount/token" + - name: CPU_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: CPU_LIMIT_RATIO + - name: MEMORY_LIMIT_RATIO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: MEMORY_LIMIT_RATIO + - name: MIN_CPU_REQUEST + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: MIN_CPU_REQUEST + - name: MIN_MEMORY_REQUEST + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: MIN_MEMORY_REQUEST + - name: CRITICAL_NAMESPACES + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: CRITICAL_NAMESPACES + - name: PROMETHEUS_URL + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: PROMETHEUS_URL + - name: REPORT_EXPORT_PATH + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: REPORT_EXPORT_PATH + - name: ENABLE_RBAC + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: ENABLE_RBAC + - name: SERVICE_ACCOUNT_NAME + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: SERVICE_ACCOUNT_NAME + - name: GITHUB_REPO + valueFrom: + configMapKeyRef: + name: resource-governance-config + key: GITHUB_REPO + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + volumeMounts: + - name: reports-volume + mountPath: /tmp/reports + - name: tmp-volume + mountPath: /tmp + volumes: + - name: reports-volume + emptyDir: {} + - name: tmp-volume + emptyDir: {} + nodeSelector: + kubernetes.io/os: linux + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule +- apiVersion: v1 + kind: Service + metadata: + name: resource-governance-service + namespace: ${NAMESPACE} + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance +- apiVersion: route.openshift.io/v1 + kind: Route + metadata: + name: resource-governance-route + namespace: ${NAMESPACE} + labels: + app.kubernetes.io/name: resource-governance + app.kubernetes.io/component: governance + annotations: + haproxy.router.openshift.io/timeout: "300s" + haproxy.router.openshift.io/rate-limit: "100" + spec: + host: resource-governance.apps.openshift.local + to: + kind: Service + name: resource-governance-service + weight: 100 + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None