fix(aula-14): melhorar UX do setup e corrigir instalação do Istio

- Extrair função ask_hostname para simplificar coleta de inputs
- Remover variável DOMAIN do .env (usar hosts individuais)
- Herdar domínio da aula-10 como default para hostnames
- Adicionar label PodSecurity privileged no namespace istio-system
- Usar ClusterIP no istio-ingressgateway e timeout de 10m no Helm
- Permitir edição do email Let's Encrypt quando já configurado

aula-14/setup.sh

@@ -59,7 +59,6 @@ save_config() {
 
 REGISTRY_HOST=${REGISTRY_HOST}
 REGISTRY_PROJECT=${REGISTRY_PROJECT}
-DOMAIN=${DOMAIN}
 APP_HOST=${APP_HOST}
 KIALI_HOST=${KIALI_HOST}
 JAEGER_HOST=${JAEGER_HOST}
@@ -71,6 +70,20 @@ EOF
     log_success "Configuração salva em .env"
 }
 
+ask_hostname() {
+    local label="$1" current="$2" default="$3"
+    local value="${current:-$default}"
+
+    if [[ -n "$value" ]]; then
+        echo -e "${label}: ${GREEN}${value}${NC}" >&2
+        read -p "Enter para confirmar ou digite novo valor: " new_value
+        [[ -n "$new_value" ]] && value="$new_value"
+    else
+        read -p "${label}: " value
+    fi
+    echo "$value"
+}
+
 collect_user_input() {
     echo ""
     echo -e "${CYAN}═══════════════════════════════════════════════════════════${NC}"
@@ -93,25 +106,20 @@ collect_user_input() {
         fi
     fi
 
+    # Herdar defaults da aula-10
+    local INHERITED_DOMAIN=""
     if [[ -f "$AULA10_ENV" ]]; then
         source "$AULA10_ENV"
+        INHERITED_DOMAIN="${DOMAIN}"
         log_info "Configuração herdada da aula-10"
     fi
 
-    if [[ -z "$DOMAIN" ]]; then
+    echo ""
-        read -p "Domínio base (ex: kube.quest): " DOMAIN
+    REGISTRY_HOST=$(ask_hostname "Registry" "$REGISTRY_HOST" "reg.${INHERITED_DOMAIN}")
-    else
+    echo ""
-        echo -e "Domínio: ${GREEN}${DOMAIN}${NC}"
+    APP_HOST=$(ask_hostname "App" "$APP_HOST" "app.${INHERITED_DOMAIN}")
-        read -p "Enter para confirmar ou digite novo valor: " new_domain
+    KIALI_HOST=$(ask_hostname "Kiali" "$KIALI_HOST" "kiali.${INHERITED_DOMAIN}")
-        [[ -n "$new_domain" ]] && DOMAIN="$new_domain"
+    JAEGER_HOST=$(ask_hostname "Jaeger" "$JAEGER_HOST" "jaeger.${INHERITED_DOMAIN}")
-    fi
-
-    if [[ -z "$REGISTRY_HOST" ]]; then
-        REGISTRY_HOST="reg.${DOMAIN}"
-    fi
-    echo -e "Registry: ${GREEN}${REGISTRY_HOST}${NC}"
-    read -p "Enter para confirmar ou digite novo valor: " new_reg
-    [[ -n "$new_reg" ]] && REGISTRY_HOST="$new_reg"
 
     # Owner/repo no Gitea para o registry (ex: root, demo, factory)
     if [[ -z "$REGISTRY_PROJECT" ]]; then
@@ -124,29 +132,17 @@ collect_user_input() {
     read -p "Grupo/projeto [${REGISTRY_PROJECT}]: " new_project
     [[ -n "$new_project" ]] && REGISTRY_PROJECT="$new_project"
 
-    APP_HOST="${APP_HOST:-app.${DOMAIN}}"
-    KIALI_HOST="${KIALI_HOST:-kiali.${DOMAIN}}"
-    JAEGER_HOST="${JAEGER_HOST:-jaeger.${DOMAIN}}"
-
-    echo ""
-    echo -e "Hosts para serviços:"
-    echo -e "  App:    ${GREEN}${APP_HOST}${NC}"
-    echo -e "  Kiali:  ${GREEN}${KIALI_HOST}${NC}"
-    echo -e "  Jaeger: ${GREEN}${JAEGER_HOST}${NC}"
-    read -p "Enter para confirmar ou 'n' para personalizar: " confirm
-    if [[ "$confirm" == "n" ]]; then
-        read -p "Host do App: " APP_HOST
-        read -p "Host do Kiali: " KIALI_HOST
-        read -p "Host do Jaeger: " JAEGER_HOST
-    fi
-
     echo ""
     echo -e "[1] Usar Let's Encrypt (HTTPS)"
     echo -e "[2] Sem TLS (HTTP)"
     read -p "Escolha [1/2]: " tls_choice
     if [[ "$tls_choice" == "1" ]]; then
         USE_LETSENCRYPT=true
-        if [[ -z "$LETSENCRYPT_EMAIL" ]]; then
+        if [[ -n "$LETSENCRYPT_EMAIL" ]]; then
+            echo -e "Email Let's Encrypt: ${GREEN}${LETSENCRYPT_EMAIL}${NC}"
+            read -p "Enter para confirmar ou digite novo valor: " new_email
+            [[ -n "$new_email" ]] && LETSENCRYPT_EMAIL="$new_email"
+        else
             read -p "Email para Let's Encrypt: " LETSENCRYPT_EMAIL
         fi
     else
@@ -232,6 +228,10 @@ install_istio() {
     helm repo update istio
 
     kubectl create namespace istio-system 2>/dev/null || true
+    kubectl label namespace istio-system \
+        pod-security.kubernetes.io/enforce=privileged \
+        pod-security.kubernetes.io/warn=privileged \
+        --overwrite 2>/dev/null || true
 
     log_info "Instalando istio-base..."
     if helm status istio-base -n istio-system &> /dev/null; then
@@ -243,9 +243,9 @@ install_istio() {
 
     log_info "Instalando istiod..."
     if helm status istiod -n istio-system &> /dev/null; then
-        helm upgrade istiod istio/istiod -n istio-system --wait
+        helm upgrade istiod istio/istiod -n istio-system --wait --timeout=10m
     else
-        helm install istiod istio/istiod -n istio-system --wait
+        helm install istiod istio/istiod -n istio-system --wait --timeout=10m
     fi
     log_success "istiod instalado"
 
@@ -254,10 +254,11 @@ install_istio() {
     log_success "istiod pronto"
 
     log_info "Instalando istio-ingressgateway..."
+    local GW_ARGS="--set service.type=ClusterIP"
     if helm status istio-ingressgateway -n istio-system &> /dev/null; then
-        helm upgrade istio-ingressgateway istio/gateway -n istio-system --wait
+        helm upgrade istio-ingressgateway istio/gateway -n istio-system $GW_ARGS --wait --timeout=10m
     else
-        helm install istio-ingressgateway istio/gateway -n istio-system --wait
+        helm install istio-ingressgateway istio/gateway -n istio-system $GW_ARGS --wait --timeout=10m
     fi
     log_success "istio-ingressgateway instalado"