✨ feat: topology, and improves handling

2026-03-30 12:25:35 +00:00 · 2026-02-17 18:12:02 +07:00
parent e8dbefde43
commit d14f043e7c
145 changed files with 4213 additions and 2861 deletions
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -20,7 +20,7 @@ services:
      - "6443:6443"   # k3s API
      - "25565:25565" # minecraft
      - "25577:25577" # velocity
-      - "30000:32767" # NodePort range
+      - "30000-32767:30000-32767" # NodePort range
    volumes:
      - "../:/workspace"
      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
@@ -32,8 +32,9 @@ services:
    environment:
      - KUBECONFIG=/home/dev/.kube/config
      - DATABASE_URL=postgresql://postgres:postgres@db:5432/minikura?sslmode=disable
+      - WEB_URL=http://localhost:3001
+      - NEXT_PUBLIC_API_URL=http://localhost:3000
      - KUBERNETES_NAMESPACE=minikura
-      - KUBERNETES_SKIP_TLS_VERIFY=true
      - ENABLE_CRD_REFLECTION=true

  db:
--- a/.devcontainer/post-create.sh
+++ b/.devcontainer/post-create.sh
@@ -25,20 +25,35 @@ mkdir -p /home/dev/.kube
 until [ -f /etc/rancher/k3s/k3s.yaml ]; do sleep 1; done
 sudo cp /etc/rancher/k3s/k3s.yaml /home/dev/.kube/config
 sudo chown dev:dev /home/dev/.kube/config
+chmod 600 /home/dev/.kube/config

-# Wait for node
-echo "==> Waiting for node..."
+# Allow k3s self-signed certs
+kubectl config set-cluster default --insecure-skip-tls-verify=true
+
+# Wait for k3s API server to be fully ready
+echo "==> Waiting for k3s API server..."
+for i in {1..60}; do
+    kubectl get nodes --request-timeout=2s >/dev/null 2>&1 && break
+    echo "  Attempt $i/60..."
+    sleep 1
+done
+sleep 2  # Extra buffer for stability
+
+# Verify k3s is actually working
+echo "==> Verifying k3s..."
+kubectl get nodes || { echo "[ERROR] k3s not responding properly"; exit 1; }
+
+# Wait for node to be Ready
+echo "==> Waiting for node to be Ready..."
 for i in {1..30}; do
    kubectl get nodes 2>/dev/null | grep -q " Ready" && break
    sleep 2
 done

 # Create namespace
+echo "==> Creating minikura namespace..."
 kubectl create namespace minikura --dry-run=client -o yaml | kubectl apply -f - 2>/dev/null || true

-# Uncomment the line below if you need service account token in .env
-# bash /workspace/.devcontainer/setup-k8s-token.sh
-
 # Install dependencies
 echo "==> Installing dependencies..."
 cd /workspace
--- a/.devcontainer/setup-k8s-token.sh
+++ b/.devcontainer/setup-k8s-token.sh
@@ -1,103 +0,0 @@
-#!/bin/bash
-set -e
-
-NAMESPACE="minikura"
-SERVICE_ACCOUNT="minikura-backend"
-SECRET_NAME="minikura-backend-token"
-
-echo "==> Setting up Kubernetes service account..."
-
-# Create service account if it doesn't exist
-kubectl create serviceaccount $SERVICE_ACCOUNT -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - 2>/dev/null || true
-
-# Create RBAC role
-cat <<EOF | kubectl apply -f -
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: minikura-backend-role
-  namespace: $NAMESPACE
-rules:
- apiGroups: [""]
-  resources: ["services", "pods", "pods/log"]
-  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
-  resources: ["deployments", "statefulsets"]
-  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
-  resources: ["ingresses"]
-  verbs: ["get", "list", "watch"]
- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["get", "list"]
-EOF
-
-# Create role binding
-cat <<EOF | kubectl apply -f -
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: minikura-backend-rolebinding
-  namespace: $NAMESPACE
-subjects:
- kind: ServiceAccount
-  name: $SERVICE_ACCOUNT
-  namespace: $NAMESPACE
-roleRef:
-  kind: Role
-  name: minikura-backend-role
-  apiGroup: rbac.authorization.k8s.io
-EOF
-
-# Create secret for service account token
-cat <<EOF | kubectl apply -f -
-apiVersion: v1
-kind: Secret
-metadata:
-  name: $SECRET_NAME
-  namespace: $NAMESPACE
-  annotations:
-    kubernetes.io/service-account.name: $SERVICE_ACCOUNT
-type: kubernetes.io/service-account-token
-EOF
-
-echo "==> Waiting for token to be generated..."
-sleep 3
-
-# Get the token
-TOKEN=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-
-if [ -z "$TOKEN" ]; then
-    echo "[ERROR] Failed to retrieve service account token"
-    exit 1
-fi
-
-echo ""
-echo "=============================================="
-echo "[OK] Service Account Token Retrieved"
-echo "=============================================="
-echo "Service Account: $SERVICE_ACCOUNT"
-echo "Namespace: $NAMESPACE"
-echo "Token: ${TOKEN:0:50}...${TOKEN: -20}"
-echo ""
-
-# Update .env file with the new token
-ENV_FILE="/workspace/.env"
-
-if [ -f "$ENV_FILE" ]; then
-    # Check if token line exists
-    if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
-        # Update existing token
-        sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"|" "$ENV_FILE"
-        echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN in .env"
-    else
-        # Add token to end of file
-        echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"" >> "$ENV_FILE"
-        echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN to .env"
-    fi
-else
-    echo "[WARNING]  .env file not found at $ENV_FILE"
-fi
-
-echo "=============================================="
-echo ""