depaula/workshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auditoria de coerência entre aulas

Browse Source 
Bugs corrigidos:
- aula-15: tracing.js fallback OTel endpoint usava service name errado
  (otel-collector vs otel-collector-opentelemetry-collector)
- aula-11/13: manifests k8s com gitea.kube.quest hardcoded → placeholder

Arquivos legado removidos (9):
- aula-10: gitlab-values.yaml, gitlab-registry-storage-secret.yaml,
  object-storage-secret.yaml, registry-storage-secret.yaml
- aula-11: gitlab-runner-values.yaml, node-bugado/.gitlab-ci.yml
- aula-13: 3x .gitlab-ci.yml (substituídos por .gitea/workflows/ci.yml)

CLAUDE.md: comandos rápidos agora incluem aula-14 e aula-15
This commit is contained in:
ArgoCD Setup
2026-03-14 02:41:35 -03:00
parent 9b3168b996
commit 2904628bef
13 changed files with 9 additions and 977 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
aula-10/gitlab-registry-storage-secret.yaml
View File

@@ -1,34 +0,0 @@
# =============================================================================
# GitLab Registry Storage Secret - Hetzner Object Storage
# =============================================================================
#
# Este secret configura o Registry para usar Hetzner Object Storage (S3 compatível)
#
# ANTES DE APLICAR:
# 1. Crie o bucket "gitlab-registry" na Hetzner Cloud Console
# 2. Gere credenciais S3 (Access Key + Secret Key)
# 3. Substitua os valores <PLACEHOLDER> abaixo
#
# Para aplicar:
# kubectl apply -f gitlab-registry-storage-secret.yaml
#
# =============================================================================
apiVersion: v1
kind: Secret
metadata:
name: gitlab-registry-storage
namespace: gitlab
type: Opaque
stringData:
config: |
s3:
bucket: gitlab-registry
accesskey: <HETZNER_ACCESS_KEY>
secretkey: <HETZNER_SECRET_KEY>
region: eu-central
regionendpoint: https://fsn1.your-objectstorage.com
v4auth: true
secure: true
chunksize: 5242880
rootdirectory: /

329
aula-10/gitlab-values.yaml
View File

@@ -1,329 +0,0 @@
# =============================================================================
# GitLab Helm Chart - Configuração Base para Hetzner CAX11
# =============================================================================
#
# Esta configuração:
# - Usa NGINX Ingress Controller externo (instalado na aula-08)
# - Define ~5GB de recursos distribuídos em 2 workers CAX11 (antiAffinity)
# - Desabilita componentes não essenciais para economizar recursos
# - Configura Registry para container images
#
# Valores dinâmicos (configurados via --set no setup.sh):
# - global.hosts.domain
# - global.hosts.gitlab.name
# - global.hosts.registry.name
# - global.hosts.minio.name
# - global.hosts.https
# - global.ingress.tls.enabled
# - global.ingress.configureCertmanager
#
# Cenário CloudFlare (proxy ativo):
# - global.ingress.tls.enabled=false
# - global.hosts.https=true
# - gitlab.webservice.workhorse.trustedCIDRsForXForwardedFor=[CloudFlare IPs]
#
# Cenário Let's Encrypt:
# - global.ingress.tls.enabled=true
# - global.hosts.https=true
# - global.ingress.configureCertmanager=true
# - global.ingress.annotations.cert-manager.io/cluster-issuer=letsencrypt-prod
#
# =============================================================================
global:
# Desabilitar MinIO interno (migrado para Hetzner Object Storage)
minio:
enabled: false
# Usar Ingress Controller externo
ingress:
class: nginx
# configureCertmanager é definido via --set no setup.sh (true para Let's Encrypt)
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "900"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
# cert-manager.io/cluster-issuer é adicionado via --set quando Let's Encrypt
# Timezone
time_zone: America/Sao_Paulo
# Pod Security - evitar warnings de PodSecurity
pod:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# Email (opcional - configurar depois)
# email:
# from: gitlab@kube.quest
# display_name: GitLab
# reply_to: noreply@kube.quest
# =============================================================================
# NGINX BUNDLED - DESABILITAR (usamos o externo)
# =============================================================================
nginx-ingress:
enabled: false
# =============================================================================
# CERT-MANAGER - DESABILITAR BUNDLED
# =============================================================================
# O cert-manager é instalado separadamente se Let's Encrypt for escolhido.
# global.ingress.configureCertmanager controla a integração.
# =============================================================================
# GITLAB COMPONENTS
# =============================================================================
gitlab:
# Webservice (Rails app - UI e API)
# NOTA: antiAffinity garante que webservice e sidekiq rodem em nós diferentes
# Isso evita OOM quando ambos competem por memória no mesmo nó CAX11 (4GB)
webservice:
minReplicas: 1
maxReplicas: 1
resources:
requests:
memory: 2Gi
cpu: 200m
limits:
memory: 2.5Gi
cpu: 1
workerProcesses: 1
puma:
threads:
min: 1
max: 2
# Anti-affinity: não rodar no mesmo nó que sidekiq
# Node affinity: preferir nodes do pool gitlab-pool (CAX21 com 8GB)
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: hcloud/node-group
operator: In
values:
- gitlab-pool
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: sidekiq
topologyKey: kubernetes.io/hostname
# Sidekiq (background jobs)
# Anti-affinity: não rodar no mesmo nó que webservice
sidekiq:
minReplicas: 1
maxReplicas: 1
resources:
requests:
memory: 1.5Gi
cpu: 100m
limits:
memory: 2Gi
cpu: 500m
# Desabilitar memory watchdog interno do GitLab (deixa o OOM killer do K8s gerenciar)
memoryKiller:
maxRss: 2000000000 # 2GB - maior que o limite para evitar kills prematuros
# Node affinity: preferir nodes do pool gitlab-pool (CAX21 com 8GB)
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: hcloud/node-group
operator: In
values:
- gitlab-pool
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: webservice
topologyKey: kubernetes.io/hostname
# Gitaly (Git storage)
gitaly:
# Node affinity: preferir nodes do pool gitlab-pool (CAX21 com 8GB)
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: hcloud/node-group
operator: In
values:
- gitlab-pool
resources:
requests:
memory: 512Mi
cpu: 100m
limits:
memory: 1Gi
cpu: 500m
persistence:
size: 10Gi # Mínimo Hetzner ($0.0484/GB)
storageClass: hcloud-volumes
# GitLab Shell (SSH)
gitlab-shell:
minReplicas: 1
maxReplicas: 1
service:
type: ClusterIP # TCP passthrough pelo NGINX
resources:
requests:
memory: 64Mi
cpu: 50m
limits:
memory: 128Mi
cpu: 100m
# Toolbox (backup, rake tasks)
toolbox:
enabled: true
resources:
requests:
memory: 256Mi
cpu: 50m
limits:
memory: 512Mi
cpu: 200m
# GitLab Exporter (métricas)
gitlab-exporter:
enabled: false # Economiza recursos
# Migrations
migrations:
resources:
requests:
memory: 256Mi
cpu: 100m
# KAS (Kubernetes Agent Server) - desabilitar
kas:
enabled: false
# =============================================================================
# POSTGRESQL
# =============================================================================
postgresql:
install: true
primary:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: hcloud/node-group
operator: In
values:
- gitlab-pool
resources:
requests:
memory: 512Mi
cpu: 100m
limits:
memory: 1Gi
cpu: 500m
persistence:
size: 10Gi # Mínimo Hetzner ($0.0484/GB)
storageClass: hcloud-volumes
# =============================================================================
# REDIS
# =============================================================================
redis:
install: true
master:
resources:
requests:
memory: 256Mi
cpu: 50m
limits:
memory: 512Mi
cpu: 200m
persistence:
size: 10Gi # Mínimo Hetzner ($0.0484/GB)
storageClass: hcloud-volumes
# =============================================================================
# MINIO (Object Storage) - DESABILITADO
# =============================================================================
# Migrado para Hetzner Object Storage para resolver problema de espaço (89% cheio)
# O Registry agora usa S3 externo (Hetzner Object Storage)
#
# Para voltar ao MinIO interno (rollback):
# 1. Mudar minio.install: true
# 2. Remover registry.storage configuração
# 3. Re-deploy GitLab
minio:
install: false
# =============================================================================
# REGISTRY (Container Registry) - Usando Hetzner Object Storage
# =============================================================================
# IMPORTANTE: Antes de fazer deploy, criar o secret:
# kubectl apply -f gitlab-registry-storage-secret.yaml
#
# O secret contém as credenciais S3 para o Hetzner Object Storage
registry:
enabled: true
hpa:
minReplicas: 1
maxReplicas: 1
resources:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
# Storage configurado para Hetzner Object Storage (S3 compatível)
storage:
secret: gitlab-registry-storage
key: config
# =============================================================================
# COMPONENTES DESABILITADOS (economia de recursos)
# =============================================================================
# GitLab Runner - instalar separadamente se necessário
gitlab-runner:
install: false
# Prometheus - usar Victoria Metrics da aula-05
prometheus:
install: false
# Grafana
grafana:
install: false
# GitLab Pages
gitlab-pages:
enabled: false
# Praefect (Gitaly HA) - não necessário para instalação pequena
praefect:
enabled: false
# Spamcheck
spamcheck:
enabled: false
# =============================================================================
# UPGRADECHECK
# =============================================================================
upgradeCheck:
enabled: false

22
aula-10/object-storage-secret.yaml
View File

@@ -1,22 +0,0 @@
# =============================================================================
# Secret para GitLab Object Storage (Hetzner S3)
# =============================================================================
# Usado por: uploads, artifacts, lfs, packages, etc.
#
# Variáveis substituídas pelo setup.sh via envsubst:
# - S3_REGION, S3_ACCESS_KEY, S3_SECRET_KEY, S3_ENDPOINT
#
apiVersion: v1
kind: Secret
metadata:
name: gitlab-object-storage
namespace: gitlab
type: Opaque
stringData:
connection: |
provider: AWS
region: ${S3_REGION}
aws_access_key_id: ${S3_ACCESS_KEY}
aws_secret_access_key: ${S3_SECRET_KEY}
endpoint: https://${S3_ENDPOINT}
path_style: true

24
aula-10/registry-storage-secret.yaml
View File

@@ -1,24 +0,0 @@
# =============================================================================
# Secret para GitLab Registry Storage (Hetzner S3)
# =============================================================================
# Usado por: Container Registry
# Formato diferente do object-storage (registry usa config YAML)
#
# Variáveis substituídas pelo setup.sh via envsubst:
# - S3_BUCKET, S3_ACCESS_KEY, S3_SECRET_KEY, S3_REGION, S3_ENDPOINT
#
apiVersion: v1
kind: Secret
metadata:
name: gitlab-registry-storage
namespace: gitlab
type: Opaque
stringData:
config: |
s3:
bucket: ${S3_BUCKET}
accesskey: ${S3_ACCESS_KEY}
secretkey: ${S3_SECRET_KEY}
region: ${S3_REGION}
regionendpoint: https://${S3_ENDPOINT}
v4auth: true