yuzu/Minikura
1
0
Fork 0
mirror of https://github.com/YuzuZensai/Minikura.git synced 2026-03-30 14:25:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8dbefde433ac2b2440fb007f1f37ae452133dee
Minikura/scripts/setup-rbac.sh
Yuzu e8dbefde43 feat: initial prototype
2026-02-13 15:52:13 +07:00

102 lines
3.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Setup RBAC for Minikura
# This script creates service accounts with appropriate permissions
# for the backend (read-only) and operator (read/write)
set -e
NAMESPACE="${KUBERNETES_NAMESPACE:-minikura}"
echo "================================================"
echo " Minikura Kubernetes RBAC Setup"
echo "================================================"
echo ""
echo "Namespace: $NAMESPACE"
echo ""
# Create namespace if it doesn't exist
if ! kubectl get namespace $NAMESPACE &>/dev/null; then
echo "Creating namespace: $NAMESPACE"
kubectl create namespace $NAMESPACE
echo "[OK] Namespace created"
else
echo "[OK] Namespace already exists"
fi
echo ""
# Apply RBAC manifests
echo "================================================"
echo " Creating Service Accounts and RBAC"
echo "================================================"
echo ""
# Dev (Backend) RBAC
echo "1. Backend Service Account (minikura-dev)"
echo " - Read-only access to cluster resources"
kubectl apply -f k8s/rbac/dev-rbac.yaml
echo " [OK] Created"
echo ""
# Operator RBAC
echo "2. Operator Service Account (minikura-operator)"
echo " - Full read/write access to cluster resources"
kubectl apply -f k8s/rbac/operator-rbac.yaml
echo " [OK] Created"
echo ""
# Wait for tokens to be generated
echo "================================================"
echo " Waiting for Tokens"
echo "================================================"
echo ""
echo "Kubernetes needs a few seconds to generate tokens..."
sleep 5
# Get tokens
DEV_TOKEN=$(kubectl get secret minikura-dev-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
OPERATOR_TOKEN=$(kubectl get secret minikura-operator-token -n $NAMESPACE -o jsonpath='{.data.token}' 2>/dev/null | base64 -d)
if [ -z "$DEV_TOKEN" ] || [ -z "$OPERATOR_TOKEN" ]; then
echo "[WARNING] Tokens not ready yet. Wait a moment and run:"
echo " bun run k8s:token"
echo ""
else
echo "[OK] Tokens generated successfully"
echo ""
fi
# Update .env file
ENV_FILE=".env"
if [ -f "$ENV_FILE" ] && [ -n "$OPERATOR_TOKEN" ]; then
echo "================================================"
echo " Updating .env"
echo "================================================"
echo ""
if grep -q "^KUBERNETES_SERVICE_ACCOUNT_TOKEN=" "$ENV_FILE"; then
sed -i "s|^KUBERNETES_SERVICE_ACCOUNT_TOKEN=.*|KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"|" "$ENV_FILE"
echo "[OK] Updated KUBERNETES_SERVICE_ACCOUNT_TOKEN"
else
echo "KUBERNETES_SERVICE_ACCOUNT_TOKEN=\"$OPERATOR_TOKEN\"" >> "$ENV_FILE"
echo "[OK] Added KUBERNETES_SERVICE_ACCOUNT_TOKEN"
fi
echo ""
fi
echo "================================================"
echo " [OK] Setup Complete"
echo "================================================"
echo ""
echo "Service accounts created:"
echo " • minikura-dev (backend) - read-only"
echo " • minikura-operator - full access"
echo ""
echo "To view tokens:"
echo " bun run k8s:token"
echo ""
echo "Next steps:"
echo " 1. Restart backend: bun run dev"
echo " 2. Restart operator: bun run k8s:dev"
echo ""
Reference in New Issue View Git Blame Copy Permalink