#!/usr/bin/env bash

# Function to validate IPv4 and IPv6 addresses or CIDR notation
validate_ip() {
    local ip="$1"
    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?$ ]]; then
        # Validate IPv4 octets and CIDR range
        IFS='.' read -r -a octets <<< "$(echo "$ip" | cut -d '/' -f1)"
        for octet in "${octets[@]}"; do
            if ((octet < 0 || octet > 255)); then
                return 1
            fi
        done
        return 0
    elif [[ "$ip" =~ ^([a-fA-F0-9:]+:+)+[a-fA-F0-9]+(/[0-9]{1,3})?$ ]]; then
        # Validate IPv6 format and CIDR range
        return 0
    else
        return 1
    fi
}

# Prompt the user for an IP or CIDR range to allow through the firewall
prompt_for_ip() {
    while true; do
        read -rp "Enter the IP address or range to allow through the firewall: " user_ip
        if validate_ip "$user_ip"; then
            echo "Valid IP address or CIDR range."
            break
        else
            echo "Invalid IP address or CIDR range. Please enter a valid IP."
        fi
    done
}

# Prompt the user for the Kubernetes version
prompt_for_k8s_version() {
    read -rp "Enter the Kubernetes version (e.g., v1.31): " kubernetes_version
    kubernetes_version=${kubernetes_version:-v1.31}  # Default to v1.31 if empty
    echo "Using Kubernetes version: $kubernetes_version"
}

# Function to configure the firewall
configure_firewall() {
    sudo ufw allow ssh
    sudo ufw default allow routed # Allow routed traffic
    sudo ufw allow from "$user_ip"
    sudo ufw allow from fe80::/10 # Allow traffic from private network
    sudo ufw enable
    sudo ufw status verbose
}

# Function to install required packages
install_packages() {
    sudo apt-get update && sudo apt-get upgrade -y
    sudo apt-get install -y net-tools iputils-ping ufw vim socat
}

# Function to enable kernel modules and IP forwarding
configure_kernel() {
    cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
overlay
EOF
    sudo modprobe br_netfilter
    sudo modprobe overlay

    cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF
    sudo sysctl --system
}

# Function to install Kubernetes components and CRI-O
install_kubernetes_crio() {
    local crio_version="$kubernetes_version"

    # Add Kubernetes and CRI-O apt repositories
    curl -fsSL "https://pkgs.k8s.io/core:/stable:/$kubernetes_version/deb/Release.key" \
        | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$kubernetes_version/deb/ /" \
        | sudo tee /etc/apt/sources.list.d/kubernetes.list

    curl -fsSL "https://pkgs.k8s.io/addons:/cri-o:/stable:/$crio_version/deb/Release.key" \
        | sudo gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
    echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/$crio_version/deb/ /" \
        | sudo tee /etc/apt/sources.list.d/cri-o.list

    # Install Kubernetes and CRI-O packages
    sudo apt-get update
    local k8s_version=$(apt-cache madison kubeadm | awk '{print $3}' | head -1)
    local crio_version=$(apt-cache madison cri-o | awk '{print $3}' | head -1)
    sudo apt-get install -y kubeadm="$k8s_version" kubelet="$k8s_version" kubectl="$k8s_version" cri-o="$crio_version"
    sudo apt-mark hold kubeadm kubelet kubectl cri-o
    sudo systemctl enable --now crio
}

# Main script execution
prompt_for_ip
prompt_for_k8s_version
install_packages
configure_firewall
configure_kernel
install_kubernetes_crio