Cloud Governance Tool
Project description
Cloud Governance
This tool provides an engineer with a lightweight and flexible framework for deploying cloud management policies and OpenShift management capabilities.
General
This tool support the following actions:
- policy: Run policy per account and region
- tag_cluster_resource: Update cluster tags by cluster name
- zombie_cluster_resource: Delete cluster's zombies resources
each action run in seperate container using podman
Reference:
- The cloud-governance package is placed in PyPi
- The cloud-governance image is placed in Quay.io
- The cloud-governance pipeline is placed in Jenkins
Table of Contents
Installation
Download cloud-governance image from quay.io
# Need to run it with root privileges using podman
sudo podman pull quay.io/ebattat/cloud-governance
Run Policy Using Podman
Run policy per account and region
Support policy:
-
ec2_idle - scan account/region for idle ec2
-
ebs_unattached - scan account/region for unattached ebs
-
tag_cluster_resource - tag all cluster resource
-
zombie_cluster_resource - zombie cluster resource
Fill the following Parameters in podman command:
(mandatory)AWS_ACCESS_KEY_ID=awsaccesskeyid
(mandatory)AWS_SECRET_ACCESS_KEY=awssecretaccesskey
(mandatory)policy=ebs_unattached / ec2_idle / tag_cluster_resource / zombie_cluster_resource
(mandatory)policy_output=s3://redhat-cloud-governance/logs
(policy:tag_cluster_resource)cluster_name=ocs-test
(policy:tag_cluster_resource)mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}"
(optional)AWS_DEFAULT_REGION=us-east-2/all (default = us-east-2)
(optional)dry_run=yes/no (default = yes)
(optional)log_level=INFO (default = INFO)
Run policy
# policy=ebs_unattached
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e policy=ebs_unattached -e dry_run=yes -e policy_output=s3://redhat-cloud-governance/logs -e log_level=INFO quay.io/ebattat/cloud-governance
# policy=ec2_idle
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e policy=ec2_idle -e dry_run=yes -e policy_output=s3://redhat-cloud-governance/logs -e log_level=INFO quay.io/ebattat/cloud-governance
# policy=tag_cluster_resource
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e policy=tag_cluster_resource -e dry_run=yes -e cluster_name=ocs-test -e mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}" -e log_level=INFO quay.io/ebattat/cloud-governance
# policy=zombie_cluster_resource
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e policy=zombie_cluster_resource -e dry_run=yes -e log_level=INFO quay.io/ebattat/cloud-governance
Run Policy Using Pod
Run as a pod job via OpenShift
Job Pod: cloud-governance.yaml
Configmaps: cloud_governance_configmap.yaml
Quay.io Secret: quayio_secret.sh
AWS Secret: cloud_governance_secret.yaml
* Need to convert secret key to base64 [run_base64.py](pod_yaml/run_base64.py)
Pytest
python3 -m venv governance
source governance/bin/activate
(governance) $ python -m pip install --upgrade pip
(governance) $ pip install coverage
(governance) $ pip install pytest
(governance) $ git clone https://github.com/redhat-performance/cloud-governance
(governance) $ cd cloud-governance
(governance) $ coverage run -m pytest
(governance) $ deactivate
rm -rf *governance*
Post Installation
Delete cloud-governance image
sudo podman rmi quay.io/ebattat/cloud-governance
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for cloud_governance-1.0.26-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8ff3b194e58dfc339f0d1bd66df31594dcf04e121524e8df1d08de4af7938883 |
|
MD5 | f2b98160ae070a9d90868b94f6dba6b2 |
|
BLAKE2b-256 | b64c944668b718c16834fc69ff550a9d912163544a6d403cd4337d45abdd9f2b |