Caramelo.dev Estrutura do projeto
Neste laboratório, vamos montar um ambiente completo de CI/CD rodando totalmente local, usando ferramentas open source de nível enterprise — sem custos e sem depender de nuvem.
Pré-requisitos do ambiente
Ferramentas no host (Windows)
- Docker Desktop
- Kubernetes local (Kind)
- kubectl
- Helm
- Git
- Java 17
O que isso resolve?
Esse conjunto cria um ambiente enterprise-like, mas totalmente local — um CI/CD sem custos.
Docs oficiais:
1. Arquitetura do laboratório
Visão geral do fluxo CI/CD
Código → Github → Jenkins → Kaniko (CI) → Registry no Kubernetes → ArgoCD (CD) → Aplicação no Cluster
Fluxo Técnico Detalhado (Passo a Passo Real)
1️⃣ Developer → GitHub
- Alteramos o código
- Commit inclui: código Java,
Dockerfile,Jenkinsfilee (opcional)helm/
Ponto crítico: Jenkinsfile versionado → pipeline imutável.
2️⃣ GitHub → Jenkins
- Trigger via SCM Polling — como estamos rodando em
localhost, o GitHub não consegue descobrir o Jenkins via webhook, por isso configuramos polling a cada 2 minutos.
3️⃣ Jenkins → Pod Efêmero (Kubernetes Plugin)
Pod gerado dinamicamente contendo:
jnlp— conecta ao controllerkaniko— build de imagem (alternativa moderna)
Decisão de arquitetura:
- Sem Docker-in-Docker (DinD)
- Sem privileged container
- Totalmente cloud-native
4️⃣ Build da Aplicação
Dentro do pod:
mvn clean package -DskipTests
Resultado: JAR/WAR no workspace (emptyDir)
5️⃣ Build da Imagem com Kaniko
/kaniko/executor \
--context=&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${WORKSPACE}</span></span>&lt;/span&gt; \
--dockerfile=&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${WORKSPACE}</span></span>&lt;/span&gt;/Dockerfile \
--destination=&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${REGISTRY_CI}</span></span>&lt;/span&gt;/&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${PROJECT}</span></span>&lt;/span&gt;/&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${IMAGE_NAME}</span></span>&lt;/span&gt;:&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-variable&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${TAG}</span></span>&lt;/span&gt; \
--insecure \
--skip-tls-verify \
--cleanup
📌 O que é Kaniko? Kaniko é uma ferramenta open source para criar imagens de contêineres a partir de um Dockerfile diretamente dentro de um contêiner ou cluster Kubernetes, sem depender de um daemon Docker. Ideal para ambientes de CI/CD seguros — ele executa cada comando no espaço do usuário, cria as camadas e empurra direto para o registry.
6️⃣ Push → Docker Registry
O registry local recebe a imagem com sua tag.
7️⃣ Docker Registry Local → ArgoCD → Kubernetes
O ArgoCD:
- Observa alterações no repositório gitops-repo
- Os manifests Kubernetes apontam para a imagem no registry:
image: localhost:5000/cicd/cicd-api:30 - Quando há mudança no Git: sincroniza o estado, aplica o Deployment e o Kubernetes faz o pull da imagem do registry no namespace
cicd
👉 O ArgoCD não faz build — ele apenas aplica manifests. O build já foi feito pelo Kaniko.
2. Pré-requisitos do ambiente local
Infra base (máquina host):
- Docker Desktop ou Podman
- Kubernetes local: Kind (recomendado) ou k3d
- kubectl
- Helm 3.x
- Java 17 (para Jenkins pipelines e apps Java)
- Git
- Conta no GitHub
3. Kubernetes local com Kind
Manual de instalação: kind.sigs.k8s.io
Se estiver usando WSL:
curl -Lo kind https://kind.sigs.k8s.io/dl/v0.31.0/kind-linux-amd64
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">chmod</span></span>&lt;/span&gt; +x kind
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span>&lt;/span&gt; &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">mv</span></span>&lt;/span&gt; kind /usr/local/bin/kind
kind version
O Kind (Kubernetes IN Docker) cria clusters Kubernetes usando containers Docker. É ideal para labs, CI pipelines e testes locais — rápido, descartável e reproduzível.
Criar o cluster
kind create cluster --name cicd-lab
kubectl cluster-info
Após o comando, você verá:
Set kubectl context to &amp;quot;kind-cicd-lab&amp;quot;
You can now use your cluster with: kubectl cluster-info --context kind-cicd-lab
Caso ocorra erro de versão (WSL/Docker Desktop)
Crie o arquivo kind-config.yaml:
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;kind:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Cluster&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;apiVersion:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;kind.x-k8s.io/v1alpha4&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd-lab&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;nodes:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;role:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;control-plane&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;image:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;kindest/node:v1.29.4&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;containerdConfigPatches:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;|-</span></span>
[<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">plugins.&amp;quot;io.containerd.grpc.v1.cri&amp;quot;.registry.mirrors.&amp;quot;localhost:5000&amp;quot;</span></span>]
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">endpoint</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">=</span></span> [<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&amp;quot;http://localhost:5000&amp;quot;</span></span>]
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">insecure_skip_verify</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">=</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-literal">true</span><span</span> <span class="hljs-string">class="hljs-string">&lt;/span&gt;</span></span>
Depois:
kind create cluster --config kind-config.yaml --&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">wait</span></span>&lt;/span&gt; 5m
4. Configurar namespace no Kubernetes
kubectl create namespace cicd
Saída esperada: namespace/cicd created
Por que usar namespaces? Eles permitem isolamento lógico, organização por responsabilidade e simulação de ambientes (dev, cicd, infra).
Docs: kubernetes.io/docs/.../namespaces
5. Registry no Kubernetes
Subimos um Docker Registry oficial (registry:2) como Deployment no namespace cicd.
Componentes:
- Deployment: 1 réplica, porta
5000,hostPort: 5000para expor diretamente no nó Kind - Volume:
emptyDir(não persistente, suficiente para lab) - Service: Exposição interna no cluster (
registry.cicd.svc.cluster.local:5000)
👉 Aqui o registry é um Pod Kubernetes, diferente do setup clássico com Docker externo.
Crie o arquivo registry.yaml:
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;apiVersion:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;apps/v1&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;kind:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Deployment&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;metadata:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;namespace:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;spec:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;replicas:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-number&quot;&gt;1&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;selector:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;matchLabels:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;app:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;template:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;metadata:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;labels:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;app:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;spec:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;containers:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;image:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry:2&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;ports:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;containerPort:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-number&quot;&gt;5000&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;hostPort:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-number&quot;&gt;5000&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;volumeMounts:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry-data&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;mountPath:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;/var/lib/registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;volumes:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry-data&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;emptyDir:&lt;/span&gt;</span></span> {}
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-meta&quot;&gt;---&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;apiVersion:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;v1&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;kind:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Service&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;metadata:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;namespace:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;spec:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;selector:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;app:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;registry&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;ports:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-bullet&quot;&gt;-&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;port:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-number&quot;&gt;5000&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;targetPort:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-number&quot;&gt;5000&lt;/span&gt;</span></span>
Aplique e valide:
kubectl apply -f registry.yaml
kubectl get pods -n cicd
O hostPort: 5000 permite que o registry seja acessado via http://localhost:5000, facilitando testes locais com curl e push de imagens sem NodePort ou Ingress.
⚠️
hostPorté aceitável em labs, não recomendado em produção.
6. Jenkins no Kubernetes
Utilize o projeto como base: github.com/guigomes91/cicd — e deixe uma ⭐!
Instalação via Helm
helm repo add jenkins https://charts.jenkins.io
helm repo update
helm install jenkins jenkins/jenkins \
-n cicd \
--&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">set</span></span>&lt;/span&gt; controller.serviceType=NodePort
Por que NodePort no lab?
| Item | Situação |
|---|---|
| Kubernetes | Kind (local) |
| Infra | Docker Desktop + WSL2 |
| LoadBalancer | ❌ Não existe |
| Ingress Controller | ❌ Ainda não instalado |
Em produção, o padrão é:
| Ambiente | Exposição |
|---|---|
| Dev local | NodePort |
| Staging | Ingress |
| Produção | Ingress + TLS + LB |
Acessar o Jenkins
kubectl get svc -n cicd
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# jenkins NodePort ... 8080:30170/TCP&lt;/span&gt;
kubectl port-forward -n cicd svc/jenkins 8080:8080
Acesse: http://localhost:8080
Senha inicial do Jenkins
kubectl &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">exec</span></span>&lt;/span&gt; -n cicd deploy/jenkins -c jenkins -- &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">cat</span></span>&lt;/span&gt; /run/secrets/additional/chart-admin-password
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Alternativa:&lt;/span&gt;
kubectl get secret -n cicd jenkins -o jsonpath=&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-string&quot;</span>&gt;&amp;quot;{.data.jenkins-admin-password}&amp;quot;&lt;/span&gt; | &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span>&lt;/span&gt; -d
Criando o Pipeline
Clique em + Nova tarefa:
Informe o nome da tarefa (ex: cicd-api) e selecione Pipeline. Após criada, clique no link do job e depois em Configurar:
Na seção Triggers, marque Consultar periodicamente o SCM e configure o agendamento:
Na seção Pipeline, em Definition selecione Pipeline script from SCM:
Informe a URL do repositório e a branch (ex: master):
Em Script Path, deixe Jenkinsfile e clique em Save:
O que o Jenkins faz?
O Jenkins é o motor de CI: executa pipelines, compila código, roda testes, builda imagens Docker e publica artefatos. Ele não faz deploy — prepara tudo para o CD.
Docs: jenkins.io/doc | Helm Chart
Configurar SSH para o Kaniko atualizar o GitOps repo
Para o Kaniko atualizar o Deployment no repositório gitops-repo, é necessário configurar autenticação SSH dentro do pod, pois:
- ❌ O container do Jenkins não conhece o host github.com
- ❌ Não existe chave SSH válida dentro do pod
- ➡️ Cada pod é um ambiente totalmente limpo
Crie um secret no namespace cicd com o nome jenkins-gitops-ssh:
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span>&lt;/span&gt; nano jenkins-gitops-ssh.yaml
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;apiVersion:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;v1&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;kind:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Secret&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;metadata:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;jenkins-gitops-ssh&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;namespace:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;type:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Opaque&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;data:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;id_ed25519:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;&amp;lt;BASE64_DA_CHAVE_PRIVADA&amp;gt;&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;known_hosts:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;&amp;lt;BASE64_DO_KNOWN_HOSTS&amp;gt;&lt;/span&gt;</span></span>
Verificar chaves existentes:
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">ls</span></span>&lt;/span&gt; -l ~/.ssh
Se não existir nenhuma chave, gere uma ED25519:
ssh-keygen -t ed25519 -C &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-string&quot;</span>&gt;&amp;quot;jenkins-gitops&amp;quot;&lt;/span&gt;
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Pressione ENTER em todas as perguntas, sem senha&lt;/span&gt;
Gerar os valores Base64:
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Chave privada&lt;/span&gt;
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span>&lt;/span&gt; -w 0 ~/.ssh/id_ed25519
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Known hosts <span class=<span class="hljs-string">"hljs-keyword"</span>><span class="hljs-keyword">do</span></span> GitHub&lt;/span&gt;
ssh-keyscan github.com &amp;gt; /tmp/known_hosts
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span>&lt;/span&gt; -w 0 /tmp/known_hosts
Adicionar a chave pública no GitHub:
- Repositório
gitops-repo→ Settings → Deploy Keys - Marcar ✅ Allow write access
Aplique o secret:
kubectl apply -f jenkins-gitops-ssh.yaml
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Validar&lt;/span&gt;
kubectl get secret jenkins-gitops-ssh -n cicd -o yaml
7. ArgoCD
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Criar namespace&lt;/span&gt;
kubectl create namespace argocd
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Aplicar manifests oficiais&lt;/span&gt;
kubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-comment&quot;</span>&gt;# Aguardar pods&lt;/span&gt;
kubectl get pods -n argocd
Acesso à interface web
kubectl port-forward svc/argocd-server -n argocd 8083:443
Acesse: https://localhost:8083 — usuário: admin
Recuperar senha inicial:
kubectl -n argocd get secret argocd-initial-admin-secret \
-o jsonpath=&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-string&quot;</span>&gt;&amp;quot;{.data.password}&amp;quot;&lt;/span&gt; | &lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span>&lt;/span&gt; -d
Após o primeiro login, altere a senha.
Criando uma Application (GitOps)
Repositório de exemplo: gitops-repo/cicd-api/app/deployment.yaml
&lt;span class=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;hljs-built_in&quot;</span>&gt;<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span>&lt;/span&gt; nano application-argocd.yaml
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;apiVersion:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;argoproj.io/v1alpha1&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;kind:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;Application&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;metadata:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;name:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd-api&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;namespace:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;argocd&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;spec:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;project:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;default&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;source:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;repoURL:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;https://github.com/seu-user/gitops-repo.git&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;targetRevision:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;master&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;path:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd-api/app&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;destination:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;server:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;https://kubernetes.default.svc&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;namespace:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-string&quot;&gt;cicd-api&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;syncPolicy:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;automated:&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;prune:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-literal&quot;&gt;true&lt;/span&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-attr&quot;&gt;selfHeal:&lt;/span&gt;</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;span</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">class=&quot;hljs-literal&quot;&gt;true&lt;/span&gt;</span></span>
kubectl apply -f application-argocd.yaml
Após isso, a aplicação aparece no dashboard do ArgoCD e qualquer alteração no Git é refletida no cluster.
Regra fundamental do GitOps
Nunca altere recursos diretamente no cluster. Qualquer mudança via
kubectl editouapplyserá revertida para o estado definido no Git.
Validar sincronização:
kubectl get applications -n argocd
Ou acompanhe na interface web — Status: Synced | Health: Healthy
☝️ O ponto-chave: O ArgoCD não faz build, não baixa imagem e não decide registry. Ele faz apenas uma coisa: aplica no Kubernetes exatamente o que está no Git. Quem decide de onde vem a imagem é exclusivamente o
Deployment.
8. Aplicação de exemplo (Java Spring Boot)
Repositório: github.com/guigomes91/cicd
app/
├── Dockerfile
├── Jenkinsfile
├── pom.xml
└── src/
Dockerfile:
FROM eclipse-temurin:17-jre
COPY target/app.jar app.jar
ENTRYPOINT [&amp;quot;java&amp;quot;,&amp;quot;-jar&amp;quot;,&amp;quot;/app.jar&amp;quot;]
9. Cenários práticos para treino
Exercício 1 – CI
- Faça um commit que quebra o build
- Valide a falha no Jenkins
Exercício 2 – CD
- Suba uma nova imagem e observe o deploy automático
- Acompanhe o rollout no Kubernetes:
kubectl rollout status deployment cicd-api
Exercício 3 – Rollback
kubectl rollout undo deployment cicd-api
10. Evoluções do laboratório
Depois do básico, você pode adicionar:
- SonarQube — quality gate
- Trivy — scan de imagem
- Prometheus + Grafana — observabilidade
- Feature flags
- Separação de namespace por ambiente — dev, homolog e produção
- Multi-branch pipeline — separação por branch (dev, hml, prod)
11. Resultado final
Ao final do laboratório, você terá praticado:
- ✅ CI real com Jenkins
- ✅ Docker Registry local no Kubernetes
- ✅ Deploy via ArgoCD (GitOps)
- ✅ Kubernetes local com Kind
- ✅ Rollout, rollback e versionamento de imagens
Publicado por: Guilherme Gomes - 02/05/2026 20:29