✨ feat: initial prototype

.devcontainer/post-create.sh

@@ -36,6 +36,9 @@ done
 # Create namespace
 kubectl create namespace minikura --dry-run=client -o yaml | kubectl apply -f - 2>/dev/null || true
 
+# Uncomment the line below if you need service account token in .env
+# bash /workspace/.devcontainer/setup-k8s-token.sh
+
 # Install dependencies
 echo "==> Installing dependencies..."
 cd /workspace

.devcontainer/setup-k8s-token.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+
+NAMESPACE="minikura"
+SERVICE_ACCOUNT="minikura-backend"
+SECRET_NAME="minikura-backend-token"
+
+echo "==> Setting up Kubernetes service account..."
+
+# Create service account if it doesn't exist
+kubectl create serviceaccount $SERVICE_ACCOUNT -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - 2>/dev/null || true
+
+# Create RBAC role
+cat <<EOF | kubectl apply -f -
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: minikura-backend-role
+  namespace: $NAMESPACE
+rules:
+- apiGroups: [""]
+  resources: ["services", "pods", "pods/log"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list"]
+EOF
+
+# Create role binding
+cat <<EOF | kubectl apply -f -
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: minikura-backend-rolebinding
+  namespace: $NAMESPACE
+subjects:
+- kind: ServiceAccount
+  name: $SERVICE_ACCOUNT
+  namespace: $NAMESPACE
+roleRef:
+  kind: Role
+  name: minikura-backend-role
+  apiGroup: rbac.authorization.k8s.io
+EOF
+
+# Create secret for service account token
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: $SECRET_NAME
+  namespace: $NAMESPACE
+  annotations:
+    kubernetes.io/service-account.name: $SERVICE_ACCOUNT
+type: kubernetes.io/service-account-token
+EOF
+
+echo "==> Waiting for token to be generated..."
+sleep 3
+
+# Get the token
+TOKEN=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
+
+if [ -z "$TOKEN" ]; then
+    echo "[ERROR] Failed to retrieve service account token"
+    exit 1
+fi
+
+echo ""
+echo "=============================================="
+echo "[OK] Service Account Token Retrieved"
+echo "=============================================="
+echo "Service Account: $SERVICE_ACCOUNT"
+echo "Namespace: $NAMESPACE"
+echo "Token: ${TOKEN:0:50}...${TOKEN: -20}"
+echo ""
+
+# Update .env file with the new token
+ENV_FILE="/workspace/.env"
+
+if [ -f "$ENV_FILE" ]; then
+    # Check if token line exists
+    if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
+        # Update existing token
+        sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"|" "$ENV_FILE"
+        echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN in .env"
+    else
+        # Add token to end of file
+        echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"" >> "$ENV_FILE"
+        echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN to .env"
+    fi
+else
+    echo "[WARNING]  .env file not found at $ENV_FILE"
+fi
+
+echo "=============================================="
+echo ""