yuzu/Minikura
1
0
Fork 0
mirror of https://github.com/YuzuZensai/Minikura.git synced 2026-03-30 11:24:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8dbefde433ac2b2440fb007f1f37ae452133dee
Minikura/.devcontainer/setup-k8s-token.sh
Yuzu e8dbefde43 feat: initial prototype
2026-02-13 15:52:13 +07:00

104 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
NAMESPACE="minikura"
SERVICE_ACCOUNT="minikura-backend"
SECRET_NAME="minikura-backend-token"
echo "==> Setting up Kubernetes service account..."
# Create service account if it doesn't exist
kubectl create serviceaccount $SERVICE_ACCOUNT -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - 2>/dev/null || true
# Create RBAC role
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: minikura-backend-role
namespace: $NAMESPACE
rules:
- apiGroups: [""]
resources: ["services", "pods", "pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"]
EOF
# Create role binding
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: minikura-backend-rolebinding
namespace: $NAMESPACE
subjects:
- kind: ServiceAccount
name: $SERVICE_ACCOUNT
namespace: $NAMESPACE
roleRef:
kind: Role
name: minikura-backend-role
apiGroup: rbac.authorization.k8s.io
EOF
# Create secret for service account token
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: $SECRET_NAME
namespace: $NAMESPACE
annotations:
kubernetes.io/service-account.name: $SERVICE_ACCOUNT
type: kubernetes.io/service-account-token
EOF
echo "==> Waiting for token to be generated..."
sleep 3
# Get the token
TOKEN=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
if [ -z "$TOKEN" ]; then
echo "[ERROR] Failed to retrieve service account token"
exit 1
fi
echo ""
echo "=============================================="
echo "[OK] Service Account Token Retrieved"
echo "=============================================="
echo "Service Account: $SERVICE_ACCOUNT"
echo "Namespace: $NAMESPACE"
echo "Token: ${TOKEN:0:50}...${TOKEN: -20}"
echo ""
# Update .env file with the new token
ENV_FILE="/workspace/.env"
if [ -f "$ENV_FILE" ]; then
# Check if token line exists
if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
# Update existing token
sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"|" "$ENV_FILE"
echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN in .env"
else
# Add token to end of file
echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$TOKEN\"" >> "$ENV_FILE"
echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN to .env"
fi
else
echo "[WARNING] .env file not found at $ENV_FILE"
fi
echo "=============================================="
echo ""
Reference in New Issue View Git Blame Copy Permalink