Etapa 3 – Instalação de Componentes Essenciais

Componente	Finalidade
Nginx Ingress Controller	Exposição de serviços HTTP/HTTPS
Cert-Manager	Gerenciar certificados TLS (Let’s Encrypt)
Kubernetes Dashboard	Interface web de gerenciamento

4.1 – NGINX Ingress Controller

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml

Aguarde os pods ficarem prontos:

kubectl get pods -n ingress-nginx -w

Para acesso externo, crie um LoadBalancer ou um NodePort com IP fixo via MetalLB ou Ingress IP.

---

🧩 4.2 – Instalar Cert-Manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml

Verifique se os pods iniciaram:

kubectl get pods -n cert-manager

Opcional: criar ClusterIssuer para Let’s Encrypt:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: seu-email@dominio.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

Salve como cluster-issuer.yaml e aplique:

kubectl apply -f cluster-issuer.yaml

---

🧩 4.3 – Instalar Kubernetes Dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

Criar Service Account com acesso admin:

kubectl create serviceaccount admin-user -n kubernetes-dashboard

kubectl create clusterrolebinding admin-user-binding \
  --clusterrole=cluster-admin \
  --serviceaccount=kubernetes-dashboard:admin-user

Pegar o token de acesso:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

Expose via ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard
  namespace: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: dashboard.seudominio.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

---

🧩 4.4 – Instalar Prometheus e Grafana (via kube-prometheus-stack)

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

kubectl create namespace monitoring

helm install prometheus prometheus-community/kube-prometheus-stack -n monitoring

Para acessar o Grafana:

kubectl get svc -n monitoring
kubectl get secret -n monitoring prometheus-grafana -o jsonpath="{.data.admin-password}" | base64 --decode

---

🧩 4.5 – Instalar ArgoCD (GitOps)

kubectl create namespace argocd

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

Criar ingress para acesso externo:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-ingress
  namespace: argocd
spec:
  rules:
  - host: argocd.seudominio.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: argocd-server
            port:
              number: 80

Pegar a senha do admin:

kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d

---

✅ Etapa Concluída

Neste ponto você tem um cluster com:

• Acesso externo via Ingress
• TLS automático via Let’s Encrypt
• Dashboard administrativo
• Monitoramento com Prometheus e Grafana
• GitOps com ArgoCD

---

🔜 Próxima Etapa (Opcional):

Etapa 5 – Instalar MetalLB ou Ingress Externo com IPs fixos no on-premises

Deseja que eu prepare essa etapa também?

Posso também preparar manifests YAML prontos ou um repositório GitOps base para você usar no ArgoCD. Deseja seguir por esse caminho?