Cloud Governance Tool
Project description
Cloud Governance
This tool provides an engineer with a lightweight and flexible framework for deploying cloud management policies and OpenShift management capabilities.
General
This tool run the following actions using podman. Each action run in separate container based on downloaded cloud-governance image from quay.io and remove it at the end.
- policy: Run policy per account and region
- tag_cluster_resource: Update cluster tags by cluster name
- zombie_cluster_resource: Delete cluster's zombies resources
Reference:
- The cloud-governance package is placed in PyPi
- The cloud-governance quay.io is placed in Quay.io
- The cloud-governance pipeline is placed in Jenkins
Table of Contents
Installation
Download cloud-governance image from quay.io
# Need to run it as root using podman
sudo podman pull quay.io/ebattat/cloud-governance
Policy
Run policy per account and region
Existing policies:
-
ec2_idle.yml - scan account/region for idle ec2
-
ebs_unattached.yml - scan account/region for unattached ebs
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
AWS_DEFAULT_REGION=us-east-2
action=policy
dry_run=yes/no
policies_output=s3://redhat-cloud-governance/logs
policy=ebs_unattached.yml/all
Run one policy
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=policy -e dry_run=yes -e policies_output=s3://redhat-cloud-governance/logs -e policy=ebs_unattached.yml quay.io/ebattat/cloud-governance
Run all policies
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=policy -e dry_run=yes -e policies_output=s3://redhat-cloud-governance/logs -e policy=all quay.io/ebattat/cloud-governance
Update Cluster Tags
Update cluster tags by cluster name
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
AWS_DEFAULT_REGION=us-east-2
action=tag_cluster_resource
dry_run=yes
cluster_name=ocs-test
mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}"
Update Cluster Tags
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=tag_cluster_resource -e dry_run=yes -e cluster_name=ocs-test -e mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}" quay.io/ebattat/cloud-governance
Delete Zombies Clusters
Delete cluster's zombies resources
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
AWS_DEFAULT_REGION=us-east-2
action=zombie_cluster_resource
dry_run=yes
Delete Zombies Clusters
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=zombie_cluster_resource -e dry_run=yes quay.io/ebattat/cloud-governance
Pytest
python3 -m venv governance
source governance/bin/activate
(governance) $ python -m pip install --upgrade pip
(governance) $ pip install coverage
(governance) $ pip install pytest
(governance) $ git clone https://github.com/redhat-performance/cloud-governance
(governance) $ cd cloud-governance
(governance) $ coverage run -m pytest
(governance) $ deactivate
rm -rf *governance*
Post Installation
Delete cloud-governance image
sudo podman rmi quay.io/ebattat/cloud-governance
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for cloud_governance-1.0.15-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 00890f678be7bfccffe84350b13f0905a6c1f56d149a8a9fe2cf2c2c442b8436 |
|
MD5 | ec101f00406424e546d0aed0d7feb473 |
|
BLAKE2b-256 | 3980122af3bf8b5ec67b1c16eeab22d11f321090112394d8c3ef168e99b20ae0 |