anobre/openshift-resource-governance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53 Commits 2 Branches 0 Tags
514ea60274867507ff5b34450c94a5cbbff93001
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
andersonid 514ea60274 Fix namespace historical analysis - use Kubernetes API for accurate pod count and remove duplicate function
2025-09-29 14:07:49 -03:00
.github/workflows
Remove: Delete problematic workflow file completely
2025-09-25 20:09:44 -03:00
app
Fix namespace historical analysis - use Kubernetes API for accurate pod count and remove duplicate function
2025-09-29 14:07:49 -03:00
k8s
Fix: Remove hardcoded hostname from route to make it cluster-agnostic
2025-09-29 11:55:02 -03:00
scripts
Fix: Updated deployment files with correct Prometheus URL and RBAC permissions
2025-09-25 22:15:54 -03:00
.env.example
Initial commit: OpenShift Resource Governance Tool
2025-09-25 14:26:24 -03:00
.gitignore
Add AIAgents-Support.md to gitignore and create comprehensive project documentation
2025-09-29 12:14:51 -03:00
deploy-local.sh
Translate all Portuguese text to English
2025-09-25 21:05:41 -03:00
deploy-to-cluster.sh
Translate all Portuguese text to English
2025-09-25 21:05:41 -03:00
deploy-zero-downtime.sh
Translate all Portuguese text to English
2025-09-25 21:05:41 -03:00
Dockerfile
Add system namespace filtering
2025-09-25 17:39:33 -03:00
Dockerfile.simple
Add: scripts de deploy completo com ImagePullSecret para cluster-admin
2025-09-25 15:24:31 -03:00
DOCUMENTATION.md
Clean: Remove all outdated documentation files, keep only essential docs
2025-09-29 12:53:25 -03:00
Makefile
Add: scripts de deploy completo com ImagePullSecret para cluster-admin
2025-09-25 15:24:31 -03:00
openshift-deploy.sh
Translate all Portuguese text to English
2025-09-25 21:05:41 -03:00
openshift-git-deploy.yaml
Update to use Docker Hub registry
2025-09-25 14:46:09 -03:00
README.md
Fix: Remove duplicated sections and update outdated information in README
2025-09-29 12:25:59 -03:00
requirements.txt
Add: scripts de deploy completo com ImagePullSecret para cluster-admin
2025-09-25 15:24:31 -03:00
setup.sh
Translate all Portuguese text to English
2025-09-25 21:05:41 -03:00

README.md

OpenShift Resource Governance Tool

A resource governance tool for OpenShift clusters that goes beyond what Metrics Server and VPA offer, providing validations, reports and consolidated recommendations.

🚀 Features

  • Automatic Collection: Collects requests/limits from all pods/containers in the cluster
  • Red Hat Validations: Validates capacity management best practices with specific request/limit values
  • Historical Analysis: Workload-based historical resource usage analysis (1d, 7d, 30d)
  • Prometheus Integration: Collects real consumption metrics from OpenShift monitoring
  • Export Reports: Generates reports in JSON, CSV formats
  • Web UI: Modern interface with sidebar navigation and real-time updates
  • Cluster Agnostic: Works on any OpenShift cluster without configuration

📋 Requirements

  • OpenShift 4.x
  • Prometheus (native in OCP)
  • VPA (optional, for recommendations)
  • Python 3.11+
  • Docker
  • OpenShift CLI (oc)

🛠️ Installation

🚀 Quick Deploy (Recommended)

# 1. Clone the repository
git clone <repository-url>
cd RequestsAndLimits

# 2. Login to OpenShift
oc login <cluster-url>

# 3. Complete deploy (creates everything automatically)
./scripts/deploy-complete.sh

📋 Manual Deploy (Development)

# Build and push image
./scripts/build-and-push.sh

# Deploy to OpenShift
oc apply -f k8s/

# Wait for deployment
oc rollout status deployment/resource-governance -n resource-governance

🗑️ Undeploy

# Completely remove application
./scripts/undeploy-complete.sh

🌐 Application Access

After deploy, access the application through the created route:

# Get route URL
oc get route -n resource-governance

# Access via browser (URL will be automatically generated)
# Example: https://resource-governance-route-resource-governance.apps.your-cluster.com

🔧 Configuration

ConfigMap

The application is configured through the ConfigMap resource-governance-config:

data:
  CPU_LIMIT_RATIO: "3.0"                    # Default limit:request ratio for CPU
  MEMORY_LIMIT_RATIO: "3.0"                 # Default limit:request ratio for memory
  MIN_CPU_REQUEST: "10m"                    # Minimum CPU request
  MIN_MEMORY_REQUEST: "32Mi"                # Minimum memory request
  CRITICAL_NAMESPACES: |                    # Critical namespaces for VPA
    openshift-monitoring
    openshift-ingress
    openshift-apiserver
  PROMETHEUS_URL: "http://prometheus-k8s.openshift-monitoring.svc.cluster.local:9091"

Environment Variables

  • KUBECONFIG: Path to kubeconfig (used in development)
  • PROMETHEUS_URL: Prometheus URL
  • CPU_LIMIT_RATIO: CPU limit:request ratio
  • MEMORY_LIMIT_RATIO: Memory limit:request ratio
  • MIN_CPU_REQUEST: Minimum CPU request
  • MIN_MEMORY_REQUEST: Minimum memory request

📊 Usage

API Endpoints

Cluster Status

GET /api/v1/cluster/status

Namespace Status

GET /api/v1/namespace/{namespace}/status

Validations

GET /api/v1/validations?namespace=default&severity=error

Historical Analysis

GET /api/v1/namespace/{namespace}/workload/{workload}/historical-analysis?time_range=24h

Export Report

POST /api/v1/export
Content-Type: application/json

{
  "format": "csv",
  "namespaces": ["default", "kube-system"],
  "includeVPA": true,
  "includeAnalysis": true
}

Usage Examples

1. Check Cluster Status

curl https://your-route-url/api/v1/cluster/status

2. Export CSV Report

curl -X POST https://your-route-url/api/v1/export \
  -H "Content-Type: application/json" \
  -d '{"format": "csv", "includeAnalysis": true}'

3. View Critical Validations

curl "https://your-route-url/api/v1/validations?severity=critical"

🔍 Implemented Validations

1. Required Requests

  • Problem: Pods without defined requests
  • Severity: Error
  • Recommendation: Define CPU and memory requests

2. Recommended Limits

  • Problem: Pods without defined limits
  • Severity: Warning
  • Recommendation: Define limits to avoid excessive consumption

3. Limit:Request Ratio

  • Problem: Ratio too high or low
  • Severity: Warning/Error
  • Recommendation: Adjust to 3:1 ratio
  • Details: Shows specific request and limit values (e.g., "Request: 100m, Limit: 500m")

4. Minimum Values

  • Problem: Requests too low
  • Severity: Warning
  • Recommendation: Increase to minimum values

5. Overcommit

  • Problem: Requests exceed cluster capacity
  • Severity: Critical
  • Recommendation: Reduce requests or add nodes

📈 Reports

JSON Format

{
  "timestamp": "2024-01-15T10:30:00Z",
  "total_pods": 150,
  "total_namespaces": 25,
  "total_nodes": 3,
  "validations": [...],
  "vpa_recommendations": [...],
  "summary": {
    "total_validations": 45,
    "critical_issues": 5,
    "warnings": 25,
    "errors": 15
  }
}

CSV Format

Pod Name,Namespace,Container Name,Validation Type,Severity,Message,Recommendation
pod-1,default,nginx,missing_requests,error,Container without defined requests,Define CPU and memory requests

🔐 Security

RBAC

The application uses a dedicated ServiceAccount with minimal permissions:

  • Pods: get, list, watch, patch, update
  • Namespaces: get, list, watch
  • Nodes: get, list, watch
  • VPA: get, list, watch
  • Deployments/ReplicaSets: get, list, watch, patch, update

Security Context

  • Runs as non-root user (OpenShift assigns UID automatically)
  • Uses SecurityContext with runAsNonRoot: true
  • Limits resources with requests/limits
  • Cluster-agnostic security context

🐛 Troubleshooting

Check Logs

oc logs -f deployment/resource-governance -n resource-governance

Check Pod Status

oc get pods -n resource-governance
oc describe pod <pod-name> -n resource-governance

Check RBAC

oc auth can-i get pods --as=system:serviceaccount:resource-governance:resource-governance-sa

Test Connectivity

# Health check
curl https://your-route-url/health

# API test
curl https://your-route-url/api/v1/cluster/status

🚀 Development

Run Locally

# Install dependencies
pip install -r requirements.txt

# Run application
python -m uvicorn app.main:app --reload --host 0.0.0.0 --port 8080

Run with Docker

# Build
docker build -t resource-governance .

# Run
docker run -p 8080:8080 resource-governance

Tests

# Test import
python -c "import app.main; print('OK')"

# Test API
curl http://localhost:8080/health

📝 Roadmap

Upcoming Versions

  • VPA Integration and Health Monitoring
  • PDF reports with charts
  • Advanced filtering and search
  • Alerting system (email, Slack)
  • Multi-cluster support
  • RBAC integration
  • API documentation (OpenAPI/Swagger)

🤝 Contributing

  1. Fork the project
  2. Create a branch for your feature (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

📄 License

This project is under the MIT license. See the LICENSE file for details.

📞 Support

For support and questions:

  • Open an issue on GitHub
  • Consult OpenShift documentation
  • Check application logs
Reference in New Issue View Git Blame Copy Permalink
Description
Ferramenta de governança de recursos para clusters OpenShift que vai além do Metrics Server e VPA, fornecendo validações, relatórios e recomendações consolidadas.
Readme 696 KiB
Languages
Python 53%
HTML 43.2%
Shell 3.6%
Dockerfile 0.2%