Cloud Governance Tool
Project description
Cloud Governance
This tool provides an engineer with a lightweight and flexible framework for deploying cloud management policies and OpenShift management capabilities.
General
This tool support the following actions:
- policy: Run policy per account and region
- tag_cluster_resource: Update cluster tags by cluster name
- zombie_cluster_resource: Delete cluster's zombies resources
each action run in seperate container using podman
Reference:
- The cloud-governance package is placed in PyPi
- The cloud-governance image is placed in Quay.io
- The cloud-governance pipeline is placed in Jenkins
Table of Contents
Installation
Download cloud-governance image from quay.io
# Need to run it with root privileges using podman
sudo podman pull quay.io/ebattat/cloud-governance
Policy
Run policy per account and region
Existing policies:
-
ec2_idle.yml - scan account/region for idle ec2
-
ebs_unattached.yml - scan account/region for unattached ebs
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
(optional)AWS_DEFAULT_REGION=us-east-2/all (default = us-east-2)
action=policy
(optional)dry_run=yes/no (default = yes)
policy_output=s3://redhat-cloud-governance/logs
policy=ebs_unattached.yml/all
(optional)log_level=INFO (default = INFO)
Run one policy
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=policy -e dry_run=yes -e policy_output=s3://redhat-cloud-governance/logs -e policy=ebs_unattached.yml -e log_level=INFO quay.io/ebattat/cloud-governance
Run all policies
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=policy -e dry_run=yes -e policy_output=s3://redhat-cloud-governance/logs -e policy=all -e log_level=INFO quay.io/ebattat/cloud-governance
Update Cluster Tags
Update cluster tags by cluster name
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
(optional)AWS_DEFAULT_REGION=us-east-2/all (default = us-east-2)
action=tag_cluster_resource
(optional)dry_run=yes/no (default = yes)
cluster_name=ocs-test
mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}"
(optional)log_level=INFO (default = INFO)
Update Cluster Tags
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=tag_cluster_resource -e dry_run=yes -e cluster_name=ocs-test -e mandatory_tags="{'Owner': 'Name','Email': 'name@redhat.com','Purpose': 'test'}" -e log_level=INFO quay.io/ebattat/cloud-governance
Delete Zombies Clusters
Delete cluster's zombies resources
Fill the following Parameters in podman command:
AWS_ACCESS_KEY_ID=awsaccesskeyid
AWS_SECRET_ACCESS_KEY=awssecretaccesskey
(optional)AWS_DEFAULT_REGION=us-east-2/all (default = us-east-2)
action=zombie_cluster_resource
(optional)dry_run=yes/no (default = yes)
(optional)log_level=INFO (default = INFO)
Delete Zombies Clusters
sudo podman run --rm --name cloud-governance -e AWS_ACCESS_KEY_ID=awsaccesskeyid -e AWS_SECRET_ACCESS_KEY=awssecretaccesskey -e AWS_DEFAULT_REGION=us-east-2 -e action=zombie_cluster_resource -e dry_run=yes -e log_level=INFO quay.io/ebattat/cloud-governance
Pytest
python3 -m venv governance
source governance/bin/activate
(governance) $ python -m pip install --upgrade pip
(governance) $ pip install coverage
(governance) $ pip install pytest
(governance) $ git clone https://github.com/redhat-performance/cloud-governance
(governance) $ cd cloud-governance
(governance) $ coverage run -m pytest
(governance) $ deactivate
rm -rf *governance*
Post Installation
Delete cloud-governance image
sudo podman rmi quay.io/ebattat/cloud-governance
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for cloud_governance-1.0.24-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 56971f5b3f7a76c667b5126ec69449380f59f058b3269cb9b756ab1fa8268c23 |
|
| MD5 | dc84e46e42e16cd87dde443447978e58 |
|
| BLAKE2b-256 | a188e6017bf28266dc24cfe4a254619b29650c04546b87143c6ec4bfb9c9584f |
