#!/bin/bash # ============================================================================= # Aula 11 - ArgoCD (GitOps) # ============================================================================= # # Este script instala: # 1. ArgoCD para CD declarativo (GitOps) # 2. Integração SSH com Gitea (aula-10) # # Pré-requisitos: # - Cluster Kubernetes (aula-08) # - Gitea instalado (aula-10) # - NGINX Ingress Controller # - kubectl e helm instalados # # ============================================================================= set -e # Cores para output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[OK]${NC} $1"; } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } log_error() { echo -e "${RED}[ERROR]${NC} $1"; } SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" ENV_FILE="${SCRIPT_DIR}/.env" # ============================================================================= # VERIFICAR PRÉ-REQUISITOS # ============================================================================= log_info "Verificando pré-requisitos..." if ! command -v kubectl &> /dev/null; then log_error "kubectl não encontrado. Instale com: brew install kubectl" exit 1 fi if ! command -v helm &> /dev/null; then log_error "helm não encontrado. Instale com: brew install helm" exit 1 fi if ! kubectl cluster-info &> /dev/null; then log_error "Não foi possível conectar ao cluster Kubernetes" log_info "Exemplo: export KUBECONFIG=\$(pwd)/../aula-08/kubeconfig" exit 1 fi # Verificar se Gitea está instalado if ! kubectl get namespace gitea &> /dev/null; then log_error "Namespace 'gitea' não encontrado" log_info "Execute primeiro a aula-10 para instalar o Gitea" exit 1 fi if ! kubectl get ingressclass nginx &> /dev/null; then log_error "NGINX Ingress Controller não encontrado" exit 1 fi log_success "Pré-requisitos verificados" # ============================================================================= # CARREGAR CONFIGURAÇÃO # ============================================================================= if [[ -f "$ENV_FILE" ]]; then log_info "Carregando configuração local..." source "$ENV_FILE" fi # Herdar da aula-10 if [[ -z "$GITEA_HOST" ]]; then AULA10_ENV="${SCRIPT_DIR}/../aula-10/.env" if [[ -f "$AULA10_ENV" ]]; then log_info "Herdando configuração da aula-10..." source "$AULA10_ENV" fi fi # ============================================================================= # COLETAR CONFIGURAÇÃO # ============================================================================= echo "" echo "==========================================" echo " Configuração do ArgoCD (GitOps)" echo "==========================================" echo "" # Gitea Host if [[ -z "$GITEA_HOST" ]]; then read -p "Hostname do Gitea (ex: gitea.kube.quest): " GITEA_HOST fi log_info "Gitea: https://${GITEA_HOST}" # Extrair domínio base if [[ -z "$DOMAIN" ]]; then DOMAIN=$(echo "$GITEA_HOST" | sed 's/^[^.]*\.//') fi # ArgoCD Host if [[ -z "$ARGOCD_HOST" ]]; then DEFAULT_ARGOCD="argocd.${DOMAIN}" read -p "Hostname do ArgoCD [${DEFAULT_ARGOCD}]: " ARGOCD_HOST ARGOCD_HOST="${ARGOCD_HOST:-$DEFAULT_ARGOCD}" fi log_info "ArgoCD: https://${ARGOCD_HOST}" # TLS if [[ "$USE_CLOUDFLARE" != "true" && "$USE_LETSENCRYPT" != "true" ]]; then echo "" echo "Configuração de TLS:" echo " 1) CloudFlare (proxy ativo - TLS na borda)" echo " 2) Let's Encrypt (cert-manager)" echo " 3) HTTP apenas (desenvolvimento)" read -p "Escolha [1-3]: " TLS_CHOICE case $TLS_CHOICE in 1) USE_CLOUDFLARE=true; USE_LETSENCRYPT=false ;; 2) USE_CLOUDFLARE=false; USE_LETSENCRYPT=true if [[ -z "$LETSENCRYPT_EMAIL" ]]; then read -p "Email para Let's Encrypt: " LETSENCRYPT_EMAIL fi ;; *) USE_CLOUDFLARE=false; USE_LETSENCRYPT=false ;; esac fi # Salvar configuração cat > "$ENV_FILE" << EOF # Configuração gerada pelo setup.sh # $(date) GITEA_HOST=${GITEA_HOST} ARGOCD_HOST=${ARGOCD_HOST} DOMAIN=${DOMAIN} USE_CLOUDFLARE=${USE_CLOUDFLARE} USE_LETSENCRYPT=${USE_LETSENCRYPT} LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} EOF log_success "Configuração salva em ${ENV_FILE}" # ============================================================================= # INSTALAR CERT-MANAGER (se Let's Encrypt) # ============================================================================= if [[ "$USE_LETSENCRYPT" == "true" ]]; then echo "" log_info "=== Verificando cert-manager ===" if ! kubectl get namespace cert-manager &> /dev/null; then log_info "Instalando cert-manager..." helm repo add jetstack https://charts.jetstack.io 2>/dev/null || true helm repo update helm install cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --set crds.enabled=true \ --wait --timeout 5m log_success "cert-manager instalado" else log_success "cert-manager já instalado" fi if ! kubectl get clusterissuer letsencrypt-prod &> /dev/null; then log_info "Criando ClusterIssuer letsencrypt-prod..." kubectl apply -f - << EOF apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: ${LETSENCRYPT_EMAIL} privateKeySecretRef: name: letsencrypt-prod solvers: - http01: ingress: class: nginx EOF log_success "ClusterIssuer criado" fi fi # ============================================================================= # PAUSA PARA CONFIGURAÇÃO DE DNS # ============================================================================= LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \ -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "") ARGOCD_NAME=$(echo "$ARGOCD_HOST" | cut -d. -f1) echo "" echo -e "${CYAN}═══════════════════════════════════════════════════${NC}" echo -e "${CYAN} Configure o DNS${NC}" echo -e "${CYAN}═══════════════════════════════════════════════════${NC}" echo "" echo "No seu provedor DNS:" echo "" echo -e " ${YELLOW}Tipo:${NC} A" echo -e " ${YELLOW}Nome:${NC} ${ARGOCD_NAME}" echo -e " ${YELLOW}Valor:${NC} ${GREEN}${LB_IP}${NC}" echo "" if [[ "$USE_LETSENCRYPT" == "true" ]]; then echo -e "${YELLOW}⚠ O Let's Encrypt precisa do DNS configurado para emitir o certificado.${NC}" else echo -e "${YELLOW}⚠ Configure o DNS agora antes de continuar.${NC}" fi echo "" echo -n "Pressione ENTER quando o DNS estiver configurado..." read -r echo "" # ============================================================================= # INSTALAR ARGOCD # ============================================================================= echo "" log_info "=== Instalando ArgoCD ===" helm repo add argo https://argoproj.github.io/argo-helm 2>/dev/null || true helm repo update kubectl create namespace argocd 2>/dev/null || true if helm status argocd -n argocd &> /dev/null; then log_warn "ArgoCD já instalado, fazendo upgrade..." HELM_CMD="upgrade" else HELM_CMD="install" fi # Argumentos Helm HELM_ARGS="" HELM_ARGS="$HELM_ARGS --set global.domain=${ARGOCD_HOST}" HELM_ARGS="$HELM_ARGS --set server.ingress.hosts[0]=${ARGOCD_HOST}" # TLS - gerar values overlay para anotações com pontos TEMP_TLS_VALUES=$(mktemp) if [[ "$USE_LETSENCRYPT" == "true" ]]; then HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].secretName=argocd-server-tls" HELM_ARGS="$HELM_ARGS --set server.ingress.tls[0].hosts[0]=${ARGOCD_HOST}" cat > "$TEMP_TLS_VALUES" < "$TEMP_TLS_VALUES" fi log_info "Instalando ArgoCD via Helm..." eval helm ${HELM_CMD} argocd argo/argo-cd \ --namespace argocd \ -f "${SCRIPT_DIR}/argocd-values.yaml" \ -f "$TEMP_TLS_VALUES" \ ${HELM_ARGS} \ --wait --timeout 10m rm -f "$TEMP_TLS_VALUES" log_success "ArgoCD instalado" # ============================================================================= # OBTER SENHA DO ADMIN # ============================================================================= echo "" log_info "=== Credenciais do ArgoCD ===" log_info "Aguardando secret de credenciais..." for i in {1..30}; do if kubectl get secret argocd-initial-admin-secret -n argocd &> /dev/null; then break fi sleep 2 done ARGOCD_PASSWORD=$(kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath='{.data.password}' 2>/dev/null | base64 -d 2>/dev/null || echo "") # ============================================================================= # CONFIGURAR INTEGRAÇÃO GITEA # ============================================================================= echo "" log_info "=== Configurando Integração Gitea ===" log_info "Obtendo SSH host key do Gitea..." SSH_HOST_KEY=$(ssh-keyscan -t ed25519 ${GITEA_HOST} 2>/dev/null || ssh-keyscan ${GITEA_HOST} 2>/dev/null || echo "") if [[ -n "$SSH_HOST_KEY" ]]; then kubectl create configmap argocd-ssh-known-hosts-cm \ --from-literal=ssh_known_hosts="${SSH_HOST_KEY}" \ -n argocd \ --dry-run=client -o yaml | kubectl apply -f - log_success "SSH host key configurado" else log_warn "Não foi possível obter SSH host key" log_info "Configure manualmente: argocd cert add-ssh --batch < known_hosts" fi # ============================================================================= # RESUMO FINAL # ============================================================================= echo "" echo "==========================================" echo " Instalação Concluída!" echo "==========================================" echo "" echo "ArgoCD:" echo " URL: https://${ARGOCD_HOST}" echo " Username: admin" if [[ -n "$ARGOCD_PASSWORD" ]]; then echo " Password: ${ARGOCD_PASSWORD}" else echo " Password: kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath='{.data.password}' | base64 -d" fi echo "" echo "Próximos passos:" echo "" echo "1. Configure DNS:" echo " Adicione registro A para ${ARGOCD_HOST} apontando para o LoadBalancer" echo "" echo "2. Crie um repositório GitOps no Gitea:" echo " - Nome: gitops-demo" echo " - Estrutura: apps/node-bugado/{deployment,service,configmap}.yaml" echo "" echo "3. Configure repositório no ArgoCD:" echo " a) Gere uma deploy key:" echo " ssh-keygen -t ed25519 -f argocd-deploy-key -N ''" echo "" echo " b) Adicione a chave pública no Gitea:" echo " Repositório → Settings → Deploy Keys" echo "" echo " c) Conecte o repositório no ArgoCD:" echo " - Acesse https://${ARGOCD_HOST}" echo " - Settings → Repositories → Connect Repo" echo " - Method: SSH" echo " - URL: git@${GITEA_HOST}:/gitops-demo.git" echo " - SSH private key: (conteúdo de argocd-deploy-key)" echo "" echo "Comandos úteis:" echo " kubectl get pods -n argocd" echo " kubectl get applications -n argocd" echo "" # Status dos pods log_info "Status dos pods:" kubectl get pods -n argocd