depaula/workshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: corrigir setup.sh de múltiplas aulas

Browse Source 
- aula-08: adicionar key cluster-config no secret do autoscaler
- aula-09,10,11,12,14,15: adicionar pausa DNS antes do helm install
  (Let's Encrypt precisa do DNS configurado para emitir certificado)
- aula-09,10,11: corrigir anotação cert-manager.io/cluster-issuer
  (--set do Helm interpreta pontos como separadores de nested keys)
- aula-10: corrigir load_config com set -e (exit silencioso)
- aula-10: adicionar teste rápido do registry no README
This commit is contained in:
ArgoCD Setup
2026-03-14 04:42:07 -03:00
parent 46ec271788
commit 19d97159ce
8 changed files with 224 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
aula-08/setup.sh
View File

@@ -491,12 +491,42 @@ log_info "Criando namespace cluster-autoscaler..."
kubectl create namespace cluster-autoscaler --dry-run=client -o yaml | kubectl apply -f - kubectl create namespace cluster-autoscaler --dry-run=client -o yaml | kubectl apply -f -
kubectl label namespace cluster-autoscaler pod-security.kubernetes.io/enforce=privileged --overwrite kubectl label namespace cluster-autoscaler pod-security.kubernetes.io/enforce=privileged --overwrite
# Gerar cluster-config JSON (imagem por arch + config por pool)
CLUSTER_CONFIG_JSON=$(cat <<CCEOF
{
"imagesForArch": {
"arm64": "$TALOS_IMAGE_ID"
},
"nodeConfigs": {
"worker-pool": {
"cloudInit": "$WORKER_CONFIG_BASE64"
},
"gitlab-pool": {
"cloudInit": "$WORKER_CONFIG_BASE64"
},
"build-pool": {
"cloudInit": "$WORKER_CONFIG_BASE64",
"taints": [
{
"key": "dedicated",
"value": "builds",
"effect": "NoSchedule"
}
]
}
}
}
CCEOF
)
CLUSTER_CONFIG_BASE64=$(echo "$CLUSTER_CONFIG_JSON" | base64 | tr -d '\n')
# Criar secret # Criar secret
log_info "Criando secret do autoscaler..." log_info "Criando secret do autoscaler..."
kubectl create secret generic hcloud-autoscaler \ kubectl create secret generic hcloud-autoscaler \
--namespace cluster-autoscaler \ --namespace cluster-autoscaler \
--from-literal=token="$HCLOUD_TOKEN" \ --from-literal=token="$HCLOUD_TOKEN" \
--from-literal=cloud-init="$WORKER_CONFIG_BASE64" \ --from-literal=cloud-init="$WORKER_CONFIG_BASE64" \
--from-literal=cluster-config="$CLUSTER_CONFIG_BASE64" \
--dry-run=client -o yaml | kubectl apply -f - --dry-run=client -o yaml | kubectl apply -f -
log_success "Secret criado" log_success "Secret criado"

35
aula-09/setup.sh
View File

@@ -337,6 +337,23 @@ if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo "" echo ""
fi fi
# =============================================================================
# 2.5. PAUSA PARA CONFIGURAÇÃO DE DNS
# =============================================================================
show_dns_instructions
echo ""
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW} O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
echo ""
# ============================================================================= # =============================================================================
# 3. CRIAR NAMESPACE E APLICAR SECRETS # 3. CRIAR NAMESPACE E APLICAR SECRETS
# ============================================================================= # =============================================================================
@@ -380,11 +397,18 @@ else
HELM_ARGS="$HELM_ARGS --set webhook.url=http://${N8N_HOST}" HELM_ARGS="$HELM_ARGS --set webhook.url=http://${N8N_HOST}"
fi fi
# Configurar TLS # Configurar TLS - gerar values overlay para anotações com pontos
TEMP_TLS_VALUES=$(mktemp)
if [[ "$USE_LETSENCRYPT" == "true" ]]; then if [[ "$USE_LETSENCRYPT" == "true" ]]; then
HELM_ARGS="$HELM_ARGS --set ingress.annotations.cert-manager\\.io/cluster-issuer=letsencrypt"
HELM_ARGS="$HELM_ARGS --set ingress.tls[0].hosts[0]=${N8N_HOST}" HELM_ARGS="$HELM_ARGS --set ingress.tls[0].hosts[0]=${N8N_HOST}"
HELM_ARGS="$HELM_ARGS --set ingress.tls[0].secretName=n8n-tls" HELM_ARGS="$HELM_ARGS --set ingress.tls[0].secretName=n8n-tls"
cat > "$TEMP_TLS_VALUES" <<EOF
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
EOF
else
echo "{}" > "$TEMP_TLS_VALUES"
fi fi
# Configurar N8N_SECURE_COOKIE # Configurar N8N_SECURE_COOKIE
@@ -400,6 +424,7 @@ if helm status n8n -n n8n &> /dev/null; then
eval helm upgrade n8n community-charts/n8n \ eval helm upgrade n8n community-charts/n8n \
--namespace n8n \ --namespace n8n \
--values "$SCRIPT_DIR/custom-values.yaml" \ --values "$SCRIPT_DIR/custom-values.yaml" \
-f "$TEMP_TLS_VALUES" \
$HELM_ARGS \ $HELM_ARGS \
--wait \ --wait \
--timeout 10m --timeout 10m
@@ -409,12 +434,15 @@ else
eval helm install n8n community-charts/n8n \ eval helm install n8n community-charts/n8n \
--namespace n8n \ --namespace n8n \
--values "$SCRIPT_DIR/custom-values.yaml" \ --values "$SCRIPT_DIR/custom-values.yaml" \
-f "$TEMP_TLS_VALUES" \
$HELM_ARGS \ $HELM_ARGS \
--wait \ --wait \
--timeout 10m --timeout 10m
log_success "n8n instalado com sucesso!" log_success "n8n instalado com sucesso!"
fi fi
rm -f "$TEMP_TLS_VALUES"
echo "" echo ""
# ============================================================================= # =============================================================================
@@ -480,9 +508,6 @@ echo " Hostname: ${N8N_HOST}"
echo " CloudFlare: ${USE_CLOUDFLARE}" echo " CloudFlare: ${USE_CLOUDFLARE}"
echo " Let's Encrypt: ${USE_LETSENCRYPT}" echo " Let's Encrypt: ${USE_LETSENCRYPT}"
# Mostrar instruções de DNS
show_dns_instructions
echo "" echo ""
echo "Comandos úteis:" echo "Comandos úteis:"
echo " # Ver todos os pods" echo " # Ver todos os pods"

7
aula-10/README.md
View File

@@ -189,7 +189,12 @@ O Gitea inclui um Container Registry OCI integrado. Sem Harbor, sem MinIO, sem c
# Login no registry # Login no registry
docker login gitea.kube.quest docker login gitea.kube.quest
# Push de imagem # Teste rápido: pull de uma imagem pública, tag e push
docker pull alpine:latest
docker tag alpine:latest gitea.kube.quest/gitea_admin/alpine:test
docker push gitea.kube.quest/gitea_admin/alpine:test
# Push de imagem própria
docker tag minha-app:v1 gitea.kube.quest/usuario/minha-app:v1 docker tag minha-app:v1 gitea.kube.quest/usuario/minha-app:v1
docker push gitea.kube.quest/usuario/minha-app:v1 docker push gitea.kube.quest/usuario/minha-app:v1
``` ```

40
aula-10/setup.sh
View File

@@ -93,7 +93,7 @@ collect_user_input() {
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}" echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo "" echo ""
load_config load_config || true
# Se já tem configuração, oferecer reutilizar # Se já tem configuração, oferecer reutilizar
if [[ -n "$GITEA_HOST" ]]; then if [[ -n "$GITEA_HOST" ]]; then
@@ -328,6 +328,23 @@ if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo "" echo ""
fi fi
# =============================================================================
# 3.5. PAUSA PARA CONFIGURAÇÃO DE DNS
# =============================================================================
show_dns_instructions
echo ""
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW} O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
echo ""
# ============================================================================= # =============================================================================
# 4. ADICIONAR REPOSITÓRIO HELM # 4. ADICIONAR REPOSITÓRIO HELM
# ============================================================================= # =============================================================================
@@ -383,14 +400,20 @@ HELM_ARGS="$HELM_ARGS --set gitea.config.server.SSH_DOMAIN=${GITEA_HOST}"
# Senha do admin # Senha do admin
HELM_ARGS="$HELM_ARGS --set gitea.admin.password=${ADMIN_PASSWORD}" HELM_ARGS="$HELM_ARGS --set gitea.admin.password=${ADMIN_PASSWORD}"
# TLS # TLS - gerar values overlay temporário para anotações com pontos
TEMP_TLS_VALUES=$(mktemp)
if [[ "$USE_LETSENCRYPT" == "true" ]]; then if [[ "$USE_LETSENCRYPT" == "true" ]]; then
HELM_ARGS="$HELM_ARGS --set ingress.tls[0].secretName=gitea-tls" HELM_ARGS="$HELM_ARGS --set ingress.tls[0].secretName=gitea-tls"
HELM_ARGS="$HELM_ARGS --set ingress.tls[0].hosts[0]=${GITEA_HOST}" HELM_ARGS="$HELM_ARGS --set ingress.tls[0].hosts[0]=${GITEA_HOST}"
HELM_ARGS="$HELM_ARGS --set ingress.annotations.cert-manager\\.io/cluster-issuer=letsencrypt-prod" cat > "$TEMP_TLS_VALUES" <<EOF
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
EOF
elif [[ "$USE_CLOUDFLARE" == "true" ]]; then elif [[ "$USE_CLOUDFLARE" == "true" ]]; then
# CloudFlare: TLS na edge, backend HTTP — sem configuração extra no Gitea echo "{}" > "$TEMP_TLS_VALUES"
: else
echo "{}" > "$TEMP_TLS_VALUES"
fi fi
# Verificar se já está instalado # Verificar se já está instalado
@@ -399,6 +422,7 @@ if helm status gitea -n gitea &> /dev/null; then
eval helm upgrade gitea gitea-charts/gitea \ eval helm upgrade gitea gitea-charts/gitea \
--namespace gitea \ --namespace gitea \
-f "$SCRIPT_DIR/gitea-values.yaml" \ -f "$SCRIPT_DIR/gitea-values.yaml" \
-f "$TEMP_TLS_VALUES" \
$HELM_ARGS \ $HELM_ARGS \
--timeout 10m \ --timeout 10m \
--wait --wait
@@ -408,12 +432,15 @@ else
eval helm install gitea gitea-charts/gitea \ eval helm install gitea gitea-charts/gitea \
--namespace gitea \ --namespace gitea \
-f "$SCRIPT_DIR/gitea-values.yaml" \ -f "$SCRIPT_DIR/gitea-values.yaml" \
-f "$TEMP_TLS_VALUES" \
$HELM_ARGS \ $HELM_ARGS \
--timeout 10m \ --timeout 10m \
--wait --wait
log_success "Gitea instalado com sucesso!" log_success "Gitea instalado com sucesso!"
fi fi
rm -f "$TEMP_TLS_VALUES"
echo "" echo ""
# ============================================================================= # =============================================================================
@@ -479,9 +506,6 @@ echo " Senha: ${ADMIN_PASSWORD}"
echo "" echo ""
echo -e "${YELLOW}⚠ Guarde a senha! Ela não pode ser recuperada depois.${NC}" echo -e "${YELLOW}⚠ Guarde a senha! Ela não pode ser recuperada depois.${NC}"
# Mostrar instruções de DNS
show_dns_instructions
echo "" echo ""
echo "Container Registry:" echo "Container Registry:"
echo " # Login" echo " # Login"

44
aula-11/setup.sh
View File

@@ -196,6 +196,36 @@ EOF
fi fi
fi fi
# =============================================================================
# PAUSA PARA CONFIGURAÇÃO DE DNS
# =============================================================================
LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "<pendente>")
ARGOCD_NAME=$(echo "$ARGOCD_HOST" | cut -d. -f1)
echo ""
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo -e "${CYAN} Configure o DNS${NC}"
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo ""
echo "No seu provedor DNS:"
echo ""
echo -e " ${YELLOW}Tipo:${NC} A"
echo -e " ${YELLOW}Nome:${NC} ${ARGOCD_NAME}"
echo -e " ${YELLOW}Valor:${NC} ${GREEN}${LB_IP}${NC}"
echo ""
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW}⚠ O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
else
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
echo ""
# ============================================================================= # =============================================================================
# INSTALAR ARGOCD # INSTALAR ARGOCD
# ============================================================================= # =============================================================================
@@ -220,19 +250,31 @@ HELM_ARGS=""
HELM_ARGS="$HELM_ARGS --set global.domain=${ARGOCD_HOST}" HELM_ARGS="$HELM_ARGS --set global.domain=${ARGOCD_HOST}"
HELM_ARGS="$HELM_ARGS --set server.ingress.hosts[0]=${ARGOCD_HOST}" HELM_ARGS="$HELM_ARGS --set server.ingress.hosts[0]=${ARGOCD_HOST}"
# TLS - gerar values overlay para anotações com pontos
TEMP_TLS_VALUES=$(mktemp)
if [[ "$USE_LETSENCRYPT" == "true" ]]; then if [[ "$USE_LETSENCRYPT" == "true" ]]; then
HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].secretName=argocd-server-tls" HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].secretName=argocd-server-tls"
HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].hosts[0]=${ARGOCD_HOST}" HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].hosts[0]=${ARGOCD_HOST}"
HELM_ARGS="$HELM_ARGS --set 'server.ingress.annotations.cert-manager\.io/cluster-issuer=letsencrypt-prod'" cat > "$TEMP_TLS_VALUES" <<EOF
server:
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
EOF
else
echo "{}" > "$TEMP_TLS_VALUES"
fi fi
log_info "Instalando ArgoCD via Helm..." log_info "Instalando ArgoCD via Helm..."
eval helm ${HELM_CMD} argocd argo/argo-cd \ eval helm ${HELM_CMD} argocd argo/argo-cd \
--namespace argocd \ --namespace argocd \
-f "${SCRIPT_DIR}/argocd-values.yaml" \ -f "${SCRIPT_DIR}/argocd-values.yaml" \
-f "$TEMP_TLS_VALUES" \
${HELM_ARGS} \ ${HELM_ARGS} \
--wait --timeout 10m --wait --timeout 10m
rm -f "$TEMP_TLS_VALUES"
log_success "ArgoCD instalado" log_success "ArgoCD instalado"
# ============================================================================= # =============================================================================

30
aula-12/setup.sh
View File

@@ -139,6 +139,36 @@ if [[ "$USE_CLOUDFLARE" == "true" || "$USE_LETSENCRYPT" != "true" ]]; then
rm -f "$TEMP_VALUES.bak" rm -f "$TEMP_VALUES.bak"
fi fi
# =============================================================================
# PAUSA PARA CONFIGURAÇÃO DE DNS
# =============================================================================
LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "<pendente>")
GRAFANA_NAME=$(echo "$GRAFANA_HOST" | cut -d. -f1)
echo ""
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo -e "${CYAN} Configure o DNS${NC}"
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo ""
echo "No seu provedor DNS:"
echo ""
echo -e " ${YELLOW}Tipo:${NC} A"
echo -e " ${YELLOW}Nome:${NC} ${GRAFANA_NAME}"
echo -e " ${YELLOW}Valor:${NC} ${GREEN}${LB_IP}${NC}"
echo ""
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW}⚠ O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
else
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
echo ""
# ============================================================================= # =============================================================================
# INSTALAR VIA HELM # INSTALAR VIA HELM
# ============================================================================= # =============================================================================

26
aula-14/setup.sh
View File

@@ -580,6 +580,32 @@ main() {
install_istio install_istio
install_observability install_observability
setup_basic_auth setup_basic_auth
# Pausa para configuração de DNS
local LB_IP
LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "<pendente>")
echo ""
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo -e "${CYAN} Configure o DNS${NC}"
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo ""
echo "No seu provedor DNS, crie registros A apontando para ${GREEN}${LB_IP}${NC}:"
echo ""
echo -e " ${YELLOW}${APP_HOST}${NC}"
echo -e " ${YELLOW}${KIALI_HOST}${NC}"
echo -e " ${YELLOW}${JAEGER_HOST}${NC}"
echo ""
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW}⚠ O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
else
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
setup_ingress setup_ingress
build_and_push_images build_and_push_images
create_registry_secret create_registry_secret

27
aula-15/setup.sh
View File

@@ -359,6 +359,33 @@ log_success "Deployment demo-app criado"
kubectl apply -f "${SCRIPT_DIR}/demo-app/k8s/service.yaml" kubectl apply -f "${SCRIPT_DIR}/demo-app/k8s/service.yaml"
log_success "Service demo-app criado" log_success "Service demo-app criado"
# Pausa para configuração de DNS
LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "<pendente>")
DEMO_NAME=$(echo "$DEMO_HOST" | cut -d. -f1)
echo ""
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo -e "${CYAN} Configure o DNS${NC}"
echo -e "${CYAN}═══════════════════════════════════════════════════${NC}"
echo ""
echo "No seu provedor DNS:"
echo ""
echo -e " ${YELLOW}Tipo:${NC} A"
echo -e " ${YELLOW}Nome:${NC} ${DEMO_NAME}"
echo -e " ${YELLOW}Valor:${NC} ${GREEN}${LB_IP}${NC}"
echo ""
if [[ "$USE_LETSENCRYPT" == "true" ]]; then
echo -e "${YELLOW}⚠ O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}"
else
echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}"
fi
echo ""
echo -n "Pressione ENTER quando o DNS estiver configurado..."
read -r
echo ""
# Deploy do Ingress (substituir placeholders) # Deploy do Ingress (substituir placeholders)
TEMP_INGRESS=$(mktemp) TEMP_INGRESS=$(mktemp)
sed "s/DEMO_HOST_PLACEHOLDER/${DEMO_HOST}/g" "${SCRIPT_DIR}/demo-app/k8s/ingress.yaml" > "$TEMP_INGRESS" sed "s/DEMO_HOST_PLACEHOLDER/${DEMO_HOST}/g" "${SCRIPT_DIR}/demo-app/k8s/ingress.yaml" > "$TEMP_INGRESS"