✨ feat: topology, and improves handling

scripts/install.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 # Minikura Installer
-# This script installs Minikura on a Kubernetes cluster
 
 set -e
 
@@ -16,103 +15,47 @@ echo ""
 # Check prerequisites
 echo "-> Checking prerequisites..."
 if ! command -v kubectl &> /dev/null; then
-    echo "[ERROR] kubectl not found. Please install kubectl first."
-    exit 1
+    echo "[WARN] kubectl not found. Skipping k8s setup."
+    echo "[INFO] Install kubectl and run 'bash scripts/install.sh' manually when ready."
+    exit 0
 fi
 
 if ! kubectl cluster-info &> /dev/null; then
-    echo "[ERROR] Cannot connect to Kubernetes cluster. Please check your kubeconfig."
-    exit 1
+    echo "[WARN] Cannot connect to Kubernetes cluster. Skipping k8s setup."
+    echo "[INFO] Run 'bash scripts/install.sh' manually when cluster is ready."
+    exit 0
 fi
 
 echo "[OK] kubectl found"
 echo "[OK] Connected to Kubernetes cluster"
 echo ""
 
-# Step 1: Create namespace
+# Create namespace
 echo "-> Creating namespace: $NAMESPACE"
-if kubectl get namespace $NAMESPACE &>/dev/null; then
-    echo "[OK] Namespace already exists"
-else
-    kubectl create namespace $NAMESPACE
-    echo "[OK] Namespace created"
-fi
+kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
 echo ""
 
-# Step 2: Apply RBAC
-echo "-> Setting up RBAC (Service Accounts & Permissions)"
-kubectl apply -f "$PROJECT_ROOT/k8s/rbac/dev-rbac.yaml"
+# Apply RBAC (single SA for both backend and operator)
+echo "-> Setting up RBAC (minikura-operator ServiceAccount)"
 kubectl apply -f "$PROJECT_ROOT/k8s/rbac/operator-rbac.yaml"
 echo "[OK] RBAC configured"
-echo "  • minikura-dev (read-only)"
-echo "  • minikura-operator (full access)"
 echo ""
 
-# Step 3: Wait for tokens
-echo "-> Waiting for service account tokens..."
-sleep 3
-
-DEV_TOKEN=""
-OPERATOR_TOKEN=""
-for i in {1..10}; do
-    DEV_TOKEN=$(kubectl get secret minikura-dev-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d || echo "")
-    OPERATOR_TOKEN=$(kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d || echo "")
-    
-    if [ -n "$DEV_TOKEN" ] && [ -n "$OPERATOR_TOKEN" ]; then
-        break
-    fi
-    
-    sleep 2
-done
-
-if [ -z "$OPERATOR_TOKEN" ]; then
-    echo "[WARNING]  Tokens not ready yet. You may need to run 'bun run k8s:token' later."
-else
-    echo "[OK] Service account tokens generated"
-fi
+# CRD info
+echo "-> Custom Resource Definitions"
+echo "  CRDs are auto-created when the operator starts (ENABLE_CRD_REFLECTION=true)"
 echo ""
 
-# Step 4: CRD Information
-echo "-> Custom Resource Definitions (CRDs)"
-echo "  CRDs will be automatically created when the operator starts"
-echo "  with ENABLE_CRD_REFLECTION=true (default)"
-echo ""
-echo "  The operator will create:"
-echo "  • MinecraftServer CRD"
-echo "  • ReverseProxyServer CRD"
-echo ""
-
-# Step 5: Configuration
 echo "╔════════════════════════════════════════════════╗"
 echo "║              Installation Complete             ║"
 echo "╚════════════════════════════════════════════════╝"
 echo ""
-echo "Kubernetes resources created:"
+echo "Resources created:"
 echo "  [OK] Namespace: $NAMESPACE"
-echo "  [OK] Service Accounts: minikura-dev, minikura-operator"
-echo "  [OK] RBAC: ClusterRoles and ClusterRoleBindings"
-echo "  [OK] Tokens: Ready for authentication"
+echo "  [OK] ServiceAccount: minikura-operator"
+echo "  [OK] ClusterRole + ClusterRoleBinding"
 echo ""
 echo "Next steps:"
-echo ""
-echo "1. Configure environment variables (.env):"
-echo "   KUBERNETES_NAMESPACE=\"$NAMESPACE\""
-echo "   KUBERNETES_SKIP_TLS_VERIFY=\"true\"  # For local dev only"
-echo "   KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"<token>\""
-echo ""
-echo "   To get the token automatically:"
-echo "   $ bun run k8s:token"
-echo ""
-echo "2. Start the operator:"
-echo "   $ bun run k8s:dev"
-echo ""
-echo "   The operator will automatically:"
-echo "   - Create CRDs (MinecraftServer, ReverseProxyServer)"
-echo "   - Sync database state to Kubernetes"
-echo "   - Watch for changes and update resources"
-echo ""
-echo "3. Start the backend:"
-echo "   $ bun run dev"
-echo ""
-echo "For production deployment, see docs/DEPLOYMENT.md"
+echo "  bun run dev      - Start backend + web"
+echo "  bun run k8s:dev  - Start K8s operator"
 echo ""

scripts/refresh-k8s-token.sh

@@ -1,74 +0,0 @@
-#!/bin/bash
-# Quick script to refresh the Kubernetes service account token
-# Run this if you need to regenerate or check the token
-
-set -e
-
-NAMESPACE="${KUBERNETES_NAMESPACE:-minikura}"
-SERVICE_ACCOUNT="minikura-backend"
-SECRET_NAME="minikura-backend-token"
-
-echo "[INFO] Checking Kubernetes service account token..."
-echo ""
-
-# Check if service account exists
-if ! kubectl get serviceaccount $SERVICE_ACCOUNT -n $NAMESPACE &>/dev/null; then
-    echo "[ERROR] Service account '$SERVICE_ACCOUNT' not found in namespace '$NAMESPACE'"
-    echo ""
-    echo "Run the full setup script:"
-    echo "  bash .devcontainer/setup-k8s-token.sh"
-    exit 1
-fi
-
-# Check if secret exists
-if ! kubectl get secret $SECRET_NAME -n $NAMESPACE &>/dev/null; then
-    echo "[ERROR] Secret '$SECRET_NAME' not found in namespace '$NAMESPACE'"
-    echo ""
-    echo "Run the full setup script:"
-    echo "  bash .devcontainer/setup-k8s-token.sh"
-    exit 1
-fi
-
-# Get the token
-TOKEN=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-
-if [ -z "$TOKEN" ]; then
-    echo "[ERROR] Failed to retrieve service account token"
-    exit 1
-fi
-
-echo "=============================================="
-echo "[OK] Service Account Token"
-echo "=============================================="
-echo "Service Account: $SERVICE_ACCOUNT"
-echo "Namespace: $NAMESPACE"
-echo ""
-echo "Token (first 50 chars): ${TOKEN:0:50}..."
-echo "Token (last 20 chars): ...${TOKEN: -20}"
-echo ""
-echo "Full token:"
-echo "$TOKEN"
-echo ""
-
-# Update .env file if it exists
-ENV_FILE="$(pwd)/.env"
-
-if [ -f "$ENV_FILE" ]; then
-    echo "=============================================="
-    echo "[UPDATE] Updating .env file"
-    echo "=============================================="
-    
-    if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
-        sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"|" "$ENV_FILE"
-        echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN in .env"
-    else
-        echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"" >> "$ENV_FILE"
-        echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN to .env"
-    fi
-    echo ""
-fi
-
-echo "=============================================="
-echo "[WARNING]  Remember to restart your backend/operator"
-echo "=============================================="
-echo ""

scripts/setup-rbac.sh

@@ -1,101 +0,0 @@
-#!/bin/bash
-# Setup RBAC for Minikura
-# This script creates service accounts with appropriate permissions
-# for the backend (read-only) and operator (read/write)
-
-set -e
-
-NAMESPACE="${KUBERNETES_NAMESPACE:-minikura}"
-
-echo "================================================"
-echo "  Minikura Kubernetes RBAC Setup"
-echo "================================================"
-echo ""
-echo "Namespace: $NAMESPACE"
-echo ""
-
-# Create namespace if it doesn't exist
-if ! kubectl get namespace $NAMESPACE &>/dev/null; then
-    echo "Creating namespace: $NAMESPACE"
-    kubectl create namespace $NAMESPACE
-    echo "[OK] Namespace created"
-else
-    echo "[OK] Namespace already exists"
-fi
-echo ""
-
-# Apply RBAC manifests
-echo "================================================"
-echo "  Creating Service Accounts and RBAC"
-echo "================================================"
-echo ""
-
-# Dev (Backend) RBAC
-echo "1. Backend Service Account (minikura-dev)"
-echo "   - Read-only access to cluster resources"
-kubectl apply -f k8s/rbac/dev-rbac.yaml
-echo "   [OK] Created"
-echo ""
-
-# Operator RBAC
-echo "2. Operator Service Account (minikura-operator)"
-echo "   - Full read/write access to cluster resources"
-kubectl apply -f k8s/rbac/operator-rbac.yaml
-echo "   [OK] Created"
-echo ""
-
-# Wait for tokens to be generated
-echo "================================================"
-echo "  Waiting for Tokens"
-echo "================================================"
-echo ""
-echo "Kubernetes needs a few seconds to generate tokens..."
-sleep 5
-
-# Get tokens
-DEV_TOKEN=$(kubectl get secret minikura-dev-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-OPERATOR_TOKEN=$(kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-
-if [ -z "$DEV_TOKEN" ] || [ -z "$OPERATOR_TOKEN" ]; then
-    echo "[WARNING]  Tokens not ready yet. Wait a moment and run:"
-    echo "   bun run k8s:token"
-    echo ""
-else
-    echo "[OK] Tokens generated successfully"
-    echo ""
-fi
-
-# Update .env file
-ENV_FILE=".env"
-
-if [ -f "$ENV_FILE" ] && [ -n "$OPERATOR_TOKEN" ]; then
-    echo "================================================"
-    echo "  Updating .env"
-    echo "================================================"
-    echo ""
-    
-    if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
-        sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"|" "$ENV_FILE"
-        echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN"
-    else
-        echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"" >> "$ENV_FILE"
-        echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN"
-    fi
-    echo ""
-fi
-
-echo "================================================"
-echo "  [OK] Setup Complete"
-echo "================================================"
-echo ""
-echo "Service accounts created:"
-echo "  • minikura-dev (backend) - read-only"
-echo "  • minikura-operator - full access"
-echo ""
-echo "To view tokens:"
-echo "  bun run k8s:token"
-echo ""
-echo "Next steps:"
-echo "  1. Restart backend: bun run dev"
-echo "  2. Restart operator: bun run k8s:dev"
-echo ""

scripts/show-k8s-tokens.sh

@@ -1,76 +0,0 @@
-#!/bin/bash
-# Script to display all Kubernetes service account tokens for Bun
-# Bun has issues with TLS client certificates, so we use bearer tokens instead
-
-set -e
-
-NAMESPACE="${KUBERNETES_NAMESPACE:-minikura}"
-
-echo "================================================"
-echo "  Kubernetes Service Account Tokens for Bun"
-echo "================================================"
-echo ""
-
-# Backend token
-echo "1. Backend Token (minikura-dev - read-only)"
-echo "   Service Account: minikura-dev"
-echo "   Permissions: Read services, pods, deployments, etc."
-echo ""
-BACKEND_TOKEN=$(kubectl get secret minikura-dev-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-if [ -z "$BACKEND_TOKEN" ]; then
-    echo "   [ERROR] Token not found. Run: bash .devcontainer/setup-k8s-token.sh"
-else
-    echo "   Token: ${BACKEND_TOKEN:0:50}...${BACKEND_TOKEN: -20}"
-fi
-echo ""
-
-# Operator token
-echo "2. Operator Token (minikura-operator - read/write)"
-echo "   Service Account: minikura-operator"
-echo "   Permissions: Full control over resources"
-echo ""
-OPERATOR_TOKEN=$(kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-if [ -z "$OPERATOR_TOKEN" ]; then
-    echo "   [ERROR] Token not found. Creating service account..."
-    bash .devcontainer/setup-k8s-token.sh
-    OPERATOR_TOKEN=$(kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
-fi
-if [ -n "$OPERATOR_TOKEN" ]; then
-    echo "   Token: ${OPERATOR_TOKEN:0:50}...${OPERATOR_TOKEN: -20}"
-fi
-echo ""
-
-# Update .env file
-ENV_FILE="$(pwd)/.env"
-
-if [ -f "$ENV_FILE" ] && [ -n "$BACKEND_TOKEN" ]; then
-    echo "================================================"
-    echo "  Updating .env file"
-    echo "================================================"
-    
-    if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
-        # Backend and operator use the same token for now (operator has more permissions)
-        # In production, you'd want separate tokens
-        sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"|" "$ENV_FILE"
-        echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN (using operator token)"
-    else
-        echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"" >> "$ENV_FILE"
-        echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN (using operator token)"
-    fi
-    echo ""
-fi
-
-echo "================================================"
-echo "  Usage"
-echo "================================================"
-echo "Both backend and operator will use the operator token from .env"
-echo "The token is automatically detected when running with Bun."
-echo ""
-echo "To see full tokens:"
-echo "  kubectl get secret minikura-dev-token -n $NAMESPACE -o jsonpath='{.data.token}' | base64 -d"
-echo "  kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' | base64 -d"
-echo ""
-echo "[WARNING]  Restart backend and operator after updating tokens:"
-echo "  bun run dev"
-echo "  bun run k8s:dev"
-echo "================================================"