fix(aula-14): melhorar UX do setup e corrigir instalação do Istio

- Extrair função ask_hostname para simplificar coleta de inputs - Remover variável DOMAIN do .env (usar hosts individuais) - Herdar domínio da aula-10 como default para hostnames - Adicionar label PodSecurity privileged no namespace istio-system - Usar ClusterIP no istio-ingressgateway e timeout de 10m no Helm - Permitir edição do email Let's Encrypt quando já configurado
2026-03-14 13:26:41 -03:00
parent f5cb6f0581
commit 62365e02a5
1 changed files with 37 additions and 36 deletions
--- a/aula-14/setup.sh
+++ b/aula-14/setup.sh
@@ -59,7 +59,6 @@ save_config() {

 REGISTRY_HOST=${REGISTRY_HOST}
 REGISTRY_PROJECT=${REGISTRY_PROJECT}
-DOMAIN=${DOMAIN}
 APP_HOST=${APP_HOST}
 KIALI_HOST=${KIALI_HOST}
 JAEGER_HOST=${JAEGER_HOST}
@@ -71,6 +70,20 @@ EOF
    log_success "Configuração salva em .env"
 }

+ask_hostname() {
+    local label="$1" current="$2" default="$3"
+    local value="${current:-$default}"
+
+    if [[ -n "$value" ]]; then
+        echo -e "${label}: ${GREEN}${value}${NC}" >&2
+        read -p "Enter para confirmar ou digite novo valor: " new_value
+        [[ -n "$new_value" ]] && value="$new_value"
+    else
+        read -p "${label}: " value
+    fi
+    echo "$value"
+}
+
 collect_user_input() {
    echo ""
    echo -e "${CYAN}═══════════════════════════════════════════════════════════${NC}"
@@ -93,25 +106,20 @@ collect_user_input() {
        fi
    fi

+    # Herdar defaults da aula-10
+    local INHERITED_DOMAIN=""
    if [[ -f "$AULA10_ENV" ]]; then
        source "$AULA10_ENV"
+        INHERITED_DOMAIN="${DOMAIN}"
        log_info "Configuração herdada da aula-10"
    fi

-    if [[ -z "$DOMAIN" ]]; then
-        read -p "Domínio base (ex: kube.quest): " DOMAIN
-    else
-        echo -e "Domínio: ${GREEN}${DOMAIN}${NC}"
-        read -p "Enter para confirmar ou digite novo valor: " new_domain
-        [[ -n "$new_domain" ]] && DOMAIN="$new_domain"
-    fi
-
-    if [[ -z "$REGISTRY_HOST" ]]; then
-        REGISTRY_HOST="reg.${DOMAIN}"
-    fi
-    echo -e "Registry: ${GREEN}${REGISTRY_HOST}${NC}"
-    read -p "Enter para confirmar ou digite novo valor: " new_reg
-    [[ -n "$new_reg" ]] && REGISTRY_HOST="$new_reg"
+    echo ""
+    REGISTRY_HOST=$(ask_hostname "Registry" "$REGISTRY_HOST" "reg.${INHERITED_DOMAIN}")
+    echo ""
+    APP_HOST=$(ask_hostname "App" "$APP_HOST" "app.${INHERITED_DOMAIN}")
+    KIALI_HOST=$(ask_hostname "Kiali" "$KIALI_HOST" "kiali.${INHERITED_DOMAIN}")
+    JAEGER_HOST=$(ask_hostname "Jaeger" "$JAEGER_HOST" "jaeger.${INHERITED_DOMAIN}")

    # Owner/repo no Gitea para o registry (ex: root, demo, factory)
    if [[ -z "$REGISTRY_PROJECT" ]]; then
@@ -124,29 +132,17 @@ collect_user_input() {
    read -p "Grupo/projeto [${REGISTRY_PROJECT}]: " new_project
    [[ -n "$new_project" ]] && REGISTRY_PROJECT="$new_project"

-    APP_HOST="${APP_HOST:-app.${DOMAIN}}"
-    KIALI_HOST="${KIALI_HOST:-kiali.${DOMAIN}}"
-    JAEGER_HOST="${JAEGER_HOST:-jaeger.${DOMAIN}}"
-
-    echo ""
-    echo -e "Hosts para serviços:"
-    echo -e "  App:    ${GREEN}${APP_HOST}${NC}"
-    echo -e "  Kiali:  ${GREEN}${KIALI_HOST}${NC}"
-    echo -e "  Jaeger: ${GREEN}${JAEGER_HOST}${NC}"
-    read -p "Enter para confirmar ou 'n' para personalizar: " confirm
-    if [[ "$confirm" == "n" ]]; then
-        read -p "Host do App: " APP_HOST
-        read -p "Host do Kiali: " KIALI_HOST
-        read -p "Host do Jaeger: " JAEGER_HOST
-    fi
-
    echo ""
    echo -e "[1] Usar Let's Encrypt (HTTPS)"
    echo -e "[2] Sem TLS (HTTP)"
    read -p "Escolha [1/2]: " tls_choice
    if [[ "$tls_choice" == "1" ]]; then
        USE_LETSENCRYPT=true
-        if [[ -z "$LETSENCRYPT_EMAIL" ]]; then
+        if [[ -n "$LETSENCRYPT_EMAIL" ]]; then
+            echo -e "Email Let's Encrypt: ${GREEN}${LETSENCRYPT_EMAIL}${NC}"
+            read -p "Enter para confirmar ou digite novo valor: " new_email
+            [[ -n "$new_email" ]] && LETSENCRYPT_EMAIL="$new_email"
+        else
            read -p "Email para Let's Encrypt: " LETSENCRYPT_EMAIL
        fi
    else
@@ -232,6 +228,10 @@ install_istio() {
    helm repo update istio

    kubectl create namespace istio-system 2>/dev/null || true
+    kubectl label namespace istio-system \
+        pod-security.kubernetes.io/enforce=privileged \
+        pod-security.kubernetes.io/warn=privileged \
+        --overwrite 2>/dev/null || true

    log_info "Instalando istio-base..."
    if helm status istio-base -n istio-system &> /dev/null; then
@@ -243,9 +243,9 @@ install_istio() {

    log_info "Instalando istiod..."
    if helm status istiod -n istio-system &> /dev/null; then
-        helm upgrade istiod istio/istiod -n istio-system --wait
+        helm upgrade istiod istio/istiod -n istio-system --wait --timeout=10m
    else
-        helm install istiod istio/istiod -n istio-system --wait
+        helm install istiod istio/istiod -n istio-system --wait --timeout=10m
    fi
    log_success "istiod instalado"

@@ -254,10 +254,11 @@ install_istio() {
    log_success "istiod pronto"

    log_info "Instalando istio-ingressgateway..."
+    local GW_ARGS="--set service.type=ClusterIP"
    if helm status istio-ingressgateway -n istio-system &> /dev/null; then
-        helm upgrade istio-ingressgateway istio/gateway -n istio-system --wait
+        helm upgrade istio-ingressgateway istio/gateway -n istio-system $GW_ARGS --wait --timeout=10m
    else
-        helm install istio-ingressgateway istio/gateway -n istio-system --wait
+        helm install istio-ingressgateway istio/gateway -n istio-system $GW_ARGS --wait --timeout=10m
    fi
    log_success "istio-ingressgateway instalado"