Cloud Governance Tool
Project description
Cloud Governance
This tool provides an engineer with a lightweight and flexible framework for deploying cloud management policies and OpenShift management capabilities.
General
This tool support the following actions:
- policy: Run policy per account and region
- tag_cluster_resource: Update cluster tags by cluster name
- zombie_cluster_resource: Delete cluster's zombies resources
each action run in seperate container using podman
Reference:
- The cloud-governance package is placed in PyPi
- The cloud-governance image is placed in Quay.io
- The cloud-governance pipeline is placed in Jenkins
Table of Contents
Installation
Download cloud-governance image from quay.io
# Need to run it with root privileges using podman
sudo podman pull quay.io/ebattat/cloud-governance
Run Policy Using Podman
Run policy per account and region
Support policy:
-
ec2_idle - scan account/region for idle ec2
-
ebs_unattached - scan account/region for unattached ebs
-
tag_cluster_resource - tag all cluster resource
-
zombie_cluster_resource - zombie cluster resource
Fill the following Parameters in podman command:
(mandatory)AWS_ACCESS_KEY_ID=awsaccesskeyid
(mandatory)AWS_SECRET_ACCESS_KEY=awssecretaccesskey
(mandatory)policy=ebs_unattached / ec2_idle / tag_cluster_resource / zombie_cluster_resource
(mandatory)policy_output=s3://redhat-cloud-governance/logs
(policy:tag_cluster_resource)cluster_name=ocs-test
(policy:tag_cluster_resource)mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}"
(optional)AWS_DEFAULT_REGION=us-east-2/all (default = us-east-2)
(optional)dry_run=yes/no (default = yes)
(optional)log_level=INFO (default = INFO)
Run policy
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e policy=ebs_unattached -e dry_run=yes -e policy_output=s3://redhat-cloud-governance/logs -e log_level=INFO quay.io/ebattat/cloud-governance
Run Policy Using Pod
Run as a pod job via OpenShift
Job Pod:cloud-governance.yaml
Configmaps: cloud_governance_configmap.yaml
Quay.io Secret: quayio_secret.sh
AWS Secret: cloud_governance_secret.yaml
* Need to convert secret key to base64 [run_base64.py](pod_yaml/run_base64.py)
Pytest
python3 -m venv governance
source governance/bin/activate
(governance) $ python -m pip install --upgrade pip
(governance) $ pip install coverage
(governance) $ pip install pytest
(governance) $ git clone https://github.com/redhat-performance/cloud-governance
(governance) $ cd cloud-governance
(governance) $ coverage run -m pytest
(governance) $ deactivate
rm -rf *governance*
Post Installation
Delete cloud-governance image
sudo podman rmi quay.io/ebattat/cloud-governance
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for cloud_governance-1.0.25-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b1fd55814762feafc3c914556f3a5733911e3f2c534291c14eddc3990239beb9 |
|
MD5 | 11f84bc834f657a13ae715f5338ccb85 |
|
BLAKE2b-256 | 1c4e86368393e5d404f52a638bf0c5bc64e2e5a6c1501cef6155739002e4b26d |