Caramelo.dev Estrutura do projeto
Neste laboratório, vamos montar um ambiente completo de CI/CD rodando totalmente local, usando ferramentas open source de nível enterprise — sem custos e sem depender de nuvem.
Pré-requisitos do ambiente
Ferramentas no host (Windows)
- Docker Desktop
- Kubernetes local (Kind)
- kubectl
- Helm
- Git
- Java 17
O que isso resolve?
Esse conjunto cria um ambiente enterprise-like, mas totalmente local — um CI/CD sem custos.
Docs oficiais:
1. Arquitetura do laboratório
Visão geral do fluxo CI/CD
Código → Github → Jenkins → Kaniko (CI) → Registry no Kubernetes → ArgoCD (CD) → Aplicação no Cluster
Fluxo Técnico Detalhado (Passo a Passo Real)
1️⃣ Developer → GitHub
- Alteramos o código
- Commit inclui: código Java,
Dockerfile,Jenkinsfilee (opcional)helm/
Ponto crítico: Jenkinsfile versionado → pipeline imutável.
2️⃣ GitHub → Jenkins
- Trigger via SCM Polling — como estamos rodando em
localhost, o GitHub não consegue descobrir o Jenkins via webhook, por isso configuramos polling a cada 2 minutos.
3️⃣ Jenkins → Pod Efêmero (Kubernetes Plugin)
Pod gerado dinamicamente contendo:
jnlp— conecta ao controllerkaniko— build de imagem (alternativa moderna)
Decisão de arquitetura:
- Sem Docker-in-Docker (DinD)
- Sem privileged container
- Totalmente cloud-native
4️⃣ Build da Aplicação
Dentro do pod:
mvn clean package -DskipTests
Resultado: JAR/WAR no workspace (emptyDir)
5️⃣ Build da Imagem com Kaniko
/kaniko/executor \
--context=<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${WORKSPACE}</span></span> \
--dockerfile=<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${WORKSPACE}</span></span>/Dockerfile \
--destination=<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${REGISTRY_CI}</span></span>/<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${PROJECT}</span></span>/<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${IMAGE_NAME}</span></span>:<span class=<span class="hljs-string">"hljs-variable"</span>><span class="hljs-variable">${TAG}</span></span> \
--insecure \
--skip-tls-verify \
--cleanup
📌 O que é Kaniko? Kaniko é uma ferramenta open source para criar imagens de contêineres a partir de um Dockerfile diretamente dentro de um contêiner ou cluster Kubernetes, sem depender de um daemon Docker. Ideal para ambientes de CI/CD seguros — ele executa cada comando no espaço do usuário, cria as camadas e empurra direto para o registry.
6️⃣ Push → Docker Registry
O registry local recebe a imagem com sua tag.
7️⃣ Docker Registry Local → ArgoCD → Kubernetes
O ArgoCD:
- Observa alterações no repositório gitops-repo
- Os manifests Kubernetes apontam para a imagem no registry:
image: localhost:5000/cicd/cicd-api:30 - Quando há mudança no Git: sincroniza o estado, aplica o Deployment e o Kubernetes faz o pull da imagem do registry no namespace
cicd
👉 O ArgoCD não faz build — ele apenas aplica manifests. O build já foi feito pelo Kaniko.
2. Pré-requisitos do ambiente local
Infra base (máquina host):
- Docker Desktop ou Podman
- Kubernetes local: Kind (recomendado) ou k3d
- kubectl
- Helm 3.x
- Java 17 (para Jenkins pipelines e apps Java)
- Git
- Conta no GitHub
3. Kubernetes local com Kind
Manual de instalação: kind.sigs.k8s.io
Se estiver usando WSL:
curl -Lo kind https://kind.sigs.k8s.io/dl/v0.31.0/kind-linux-amd64
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">chmod</span></span> +x kind
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span> <span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">mv</span></span> kind /usr/local/bin/kind
kind version
O Kind (Kubernetes IN Docker) cria clusters Kubernetes usando containers Docker. É ideal para labs, CI pipelines e testes locais — rápido, descartável e reproduzível.
Criar o cluster
kind create cluster --name cicd-lab
kubectl cluster-info
Após o comando, você verá:
Set kubectl context to &quot;kind-cicd-lab&quot;
You can now use your cluster with: kubectl cluster-info --context kind-cicd-lab
Caso ocorra erro de versão (WSL/Docker Desktop)
Crie o arquivo kind-config.yaml:
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">kind:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Cluster</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">apiVersion:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">kind.x-k8s.io/v1alpha4</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd-lab</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">nodes:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">role:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">control-plane</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">image:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">kindest/node:v1.29.4</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">containerdConfigPatches:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">|-</span>
[<span class="hljs-string">plugins.&quot;io.containerd.grpc.v1.cri&quot;.registry.mirrors.&quot;localhost:5000&quot;</span>]
<span class="hljs-string">endpoint</span> <span class="hljs-string">=</span> [<span class="hljs-string">&quot;http://localhost:5000&quot;</span>]
<span class="hljs-string">insecure_skip_verify</span> <span class="hljs-string">=</span> <span class="hljs-literal">true</span><span class="hljs-string"></span></span>
Depois:
kind create cluster --config kind-config.yaml --<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">wait</span></span> 5m
4. Configurar namespace no Kubernetes
kubectl create namespace cicd
Saída esperada: namespace/cicd created
Por que usar namespaces? Eles permitem isolamento lógico, organização por responsabilidade e simulação de ambientes (dev, cicd, infra).
Docs: kubernetes.io/docs/.../namespaces
5. Registry no Kubernetes
Subimos um Docker Registry oficial (registry:2) como Deployment no namespace cicd.
Componentes:
- Deployment: 1 réplica, porta
5000,hostPort: 5000para expor diretamente no nó Kind - Volume:
emptyDir(não persistente, suficiente para lab) - Service: Exposição interna no cluster (
registry.cicd.svc.cluster.local:5000)
👉 Aqui o registry é um Pod Kubernetes, diferente do setup clássico com Docker externo.
Crie o arquivo registry.yaml:
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">apiVersion:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">apps/v1</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">kind:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Deployment</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">metadata:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">namespace:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">spec:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">replicas:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-number">1</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">selector:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">matchLabels:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">app:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">template:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">metadata:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">labels:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">app:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">spec:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">containers:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">image:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry:2</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">ports:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">containerPort:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-number">5000</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">hostPort:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-number">5000</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">volumeMounts:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry-data</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">mountPath:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">/var/lib/registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">volumes:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry-data</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">emptyDir:</span></span> {}
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-meta">---</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">apiVersion:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">v1</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">kind:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Service</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">metadata:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">namespace:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">spec:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">selector:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">app:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">registry</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">ports:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-bullet">-</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">port:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-number">5000</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">targetPort:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-number">5000</span></span>
Aplique e valide:
kubectl apply -f registry.yaml
kubectl get pods -n cicd
O hostPort: 5000 permite que o registry seja acessado via http://localhost:5000, facilitando testes locais com curl e push de imagens sem NodePort ou Ingress.
⚠️
hostPorté aceitável em labs, não recomendado em produção.
6. Jenkins no Kubernetes
Utilize o projeto como base: github.com/guigomes91/cicd — e deixe uma ⭐!
Instalação via Helm
helm repo add jenkins https://charts.jenkins.io
helm repo update
helm install jenkins jenkins/jenkins \
-n cicd \
--<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">set</span></span> controller.serviceType=NodePort
Por que NodePort no lab?
| Item | Situação |
|---|---|
| Kubernetes | Kind (local) |
| Infra | Docker Desktop + WSL2 |
| LoadBalancer | ❌ Não existe |
| Ingress Controller | ❌ Ainda não instalado |
Em produção, o padrão é:
| Ambiente | Exposição |
|---|---|
| Dev local | NodePort |
| Staging | Ingress |
| Produção | Ingress + TLS + LB |
Acessar o Jenkins
kubectl get svc -n cicd
<span class=<span class="hljs-string">"hljs-comment"</span>># jenkins NodePort ... 8080:30170/TCP</span>
kubectl port-forward -n cicd svc/jenkins 8080:8080
Acesse: http://localhost:8080
Senha inicial do Jenkins
kubectl <span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">exec</span></span> -n cicd deploy/jenkins -c jenkins -- <span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">cat</span></span> /run/secrets/additional/chart-admin-password
<span class=<span class="hljs-string">"hljs-comment"</span>># Alternativa:</span>
kubectl get secret -n cicd jenkins -o jsonpath=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;{.data.jenkins-admin-password}&quot;</span> | <span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span> -d
Criando o Pipeline
Clique em + Nova tarefa:
Informe o nome da tarefa (ex: cicd-api) e selecione Pipeline. Após criada, clique no link do job e depois em Configurar:
Na seção Triggers, marque Consultar periodicamente o SCM e configure o agendamento:
Na seção Pipeline, em Definition selecione Pipeline script from SCM:
Informe a URL do repositório e a branch (ex: master):
Em Script Path, deixe Jenkinsfile e clique em Save:
O que o Jenkins faz?
O Jenkins é o motor de CI: executa pipelines, compila código, roda testes, builda imagens Docker e publica artefatos. Ele não faz deploy — prepara tudo para o CD.
Docs: jenkins.io/doc | Helm Chart
Configurar SSH para o Kaniko atualizar o GitOps repo
Para o Kaniko atualizar o Deployment no repositório gitops-repo, é necessário configurar autenticação SSH dentro do pod, pois:
- ❌ O container do Jenkins não conhece o host github.com
- ❌ Não existe chave SSH válida dentro do pod
- ➡️ Cada pod é um ambiente totalmente limpo
Crie um secret no namespace cicd com o nome jenkins-gitops-ssh:
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span> nano jenkins-gitops-ssh.yaml
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">apiVersion:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">v1</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">kind:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Secret</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">metadata:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">jenkins-gitops-ssh</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">namespace:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">type:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Opaque</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">data:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">id_ed25519:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;BASE64_DA_CHAVE_PRIVADA&gt;</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">known_hosts:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">&lt;BASE64_DO_KNOWN_HOSTS&gt;</span></span>
Verificar chaves existentes:
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">ls</span></span> -l ~/.ssh
Se não existir nenhuma chave, gere uma ED25519:
ssh-keygen -t ed25519 -C <span class=<span class="hljs-string">"hljs-string"</span>>&quot;jenkins-gitops&quot;</span>
<span class=<span class="hljs-string">"hljs-comment"</span>># Pressione ENTER em todas as perguntas, sem senha</span>
Gerar os valores Base64:
<span class=<span class="hljs-string">"hljs-comment"</span>># Chave privada</span>
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span> -w 0 ~/.ssh/id_ed25519
<span class=<span class="hljs-string">"hljs-comment"</span>># Known hosts <span class="hljs-keyword">do</span> GitHub</span>
ssh-keyscan github.com &gt; /tmp/known_hosts
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span> -w 0 /tmp/known_hosts
Adicionar a chave pública no GitHub:
- Repositório
gitops-repo→ Settings → Deploy Keys - Marcar ✅ Allow write access
Aplique o secret:
kubectl apply -f jenkins-gitops-ssh.yaml
<span class=<span class="hljs-string">"hljs-comment"</span>># Validar</span>
kubectl get secret jenkins-gitops-ssh -n cicd -o yaml
7. ArgoCD
<span class=<span class="hljs-string">"hljs-comment"</span>># Criar namespace</span>
kubectl create namespace argocd
<span class=<span class="hljs-string">"hljs-comment"</span>># Aplicar manifests oficiais</span>
kubectl apply -n argocd \
-f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
<span class=<span class="hljs-string">"hljs-comment"</span>># Aguardar pods</span>
kubectl get pods -n argocd
Acesso à interface web
kubectl port-forward svc/argocd-server -n argocd 8083:443
Acesse: https://localhost:8083 — usuário: admin
Recuperar senha inicial:
kubectl -n argocd get secret argocd-initial-admin-secret \
-o jsonpath=<span class=<span class="hljs-string">"hljs-string"</span>>&quot;{.data.password}&quot;</span> | <span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">base64</span></span> -d
Após o primeiro login, altere a senha.
Criando uma Application (GitOps)
Repositório de exemplo: gitops-repo/cicd-api/app/deployment.yaml
<span class=<span class="hljs-string">"hljs-built_in"</span>><span class="hljs-built_in">sudo</span></span> nano application-argocd.yaml
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">apiVersion:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">argoproj.io/v1alpha1</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">kind:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">Application</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">metadata:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">name:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd-api</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">namespace:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">argocd</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">spec:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">project:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">default</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">source:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">repoURL:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">https://github.com/seu-user/gitops-repo.git</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">targetRevision:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">master</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">path:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd-api/app</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">destination:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">server:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">https://kubernetes.default.svc</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">namespace:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-string">cicd-api</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">syncPolicy:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">automated:</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">prune:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-literal">true</span></span>
<span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-attr">selfHeal:</span></span> <span class="hljs-string"><span</span> <span class="hljs-string">class="hljs-literal">true</span></span>
kubectl apply -f application-argocd.yaml
Após isso, a aplicação aparece no dashboard do ArgoCD e qualquer alteração no Git é refletida no cluster.
Regra fundamental do GitOps
Nunca altere recursos diretamente no cluster. Qualquer mudança via
kubectl editouapplyserá revertida para o estado definido no Git.
Validar sincronização:
kubectl get applications -n argocd
Ou acompanhe na interface web — Status: Synced | Health: Healthy
☝️ O ponto-chave: O ArgoCD não faz build, não baixa imagem e não decide registry. Ele faz apenas uma coisa: aplica no Kubernetes exatamente o que está no Git. Quem decide de onde vem a imagem é exclusivamente o
Deployment.
8. Aplicação de exemplo (Java Spring Boot)
Repositório: github.com/guigomes91/cicd
app/
├── Dockerfile
├── Jenkinsfile
├── pom.xml
└── src/
Dockerfile:
FROM eclipse-temurin:17-jre
COPY target/app.jar app.jar
ENTRYPOINT [&quot;java&quot;,&quot;-jar&quot;,&quot;/app.jar&quot;]
9. Cenários práticos para treino
Exercício 1 – CI
- Faça um commit que quebra o build
- Valide a falha no Jenkins
Exercício 2 – CD
- Suba uma nova imagem e observe o deploy automático
- Acompanhe o rollout no Kubernetes:
kubectl rollout status deployment cicd-api
Exercício 3 – Rollback
kubectl rollout undo deployment cicd-api
10. Evoluções do laboratório
Depois do básico, você pode adicionar:
- SonarQube — quality gate
- Trivy — scan de imagem
- Prometheus + Grafana — observabilidade
- Feature flags
- Separação de namespace por ambiente — dev, homolog e produção
- Multi-branch pipeline — separação por branch (dev, hml, prod)
11. Resultado final
Ao final do laboratório, você terá praticado:
- ✅ CI real com Jenkins
- ✅ Docker Registry local no Kubernetes
- ✅ Deploy via ArgoCD (GitOps)
- ✅ Kubernetes local com Kind
- ✅ Rollout, rollback e versionamento de imagens
Publicado por: Guilherme Gomes - 02/05/2026 20:29