#!/bin/bash

echo "[Step 1] Disable and turn off SWAP"
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin
# 文件最後一行：Swap disabled. You **MUST** disable swap in order for the kubelet to work properly.
# K8s需要關閉swap
# 先手動關閉
swapoff -a
# 將fstab裡的swap那一行註解
sed -i '/swap/s/^/#/' /etc/fstab

echo "[Step 2] Stop and disable Ubuntu ufw"
# https://kubernetes.io/docs/reference/ports-and-protocols/
# 參考K8s文件，將Firewall一一設定好。
# https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04
# Control plane
# ufw allow ssh ( or ufw allow 22/tcp)
# ufw allow http ( or ufw allow 80/tcp)
# ufw allow https ( or ufw allow 443/tcp)
# ufw allow 6443/tcp
# ufw allow 2379:2380/tcp
# ufw allow 10250/tcp
# ufw allow 10257/tcp
# ufw allow 10259/tcp
# Worker node
# ufw allow ssh ( or ufw allow 22/tcp)
# ufw allow 10250/tcp
# ufw allow 30000:32767/tcp
# Lab環境，讓我們偷懶一下，我直接將ufw關閉。
# 正式環境不宜關閉。
systemctl disable --now ufw

echo "[Step 3] Loading K8s required Kernel Modules"
# https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic
# 設定K8s開機所需的核心模組
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# 手動載入K8s所需核心模組
modprobe overlay
modprobe br_netfilter

echo "[Step 4] Setup iptables"
# K8s必須調整iptables規則
# 為了讓Linux節點的iptables正確查看bridge流量
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF
# 重新載入sysctl.d裡所有設定檔
sysctl --system

echo "[Step 5] Install containerd runtime"
# https://docs.docker.com/engine/install/ubuntu/
# 加入docker repos
apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
# 安裝containerd.io
apt update
apt install -y containerd.io
# 產生預設組態當
containerd config default | tee /etc/containerd/config.toml
# K8s需要以cgroup執行(超重要)
# https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd
sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
# 重啟containerd
systemctl restart containerd
systemctl enable containerd

echo "[Step 6] Install kubernetes Tools"
# 加入K8s repos
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl
# https://v1-32.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# 安裝 kubelet kubeadm kubectl 工具
apt update
# 查詢特定版號
# apt-cache policy kubelet 
# 最新版可能週邊套件跟不上
# apt install -y kubelet kubeadm kubectl
# 建議指定特定版本
apt install -y kubelet=1.32.7-1.1 kubeadm=1.32.7-1.1 kubectl=1.32.7-1.1
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl
# K8s文件請我們釘住它
apt-mark hold kubelet kubeadm kubectl

#echo "[Step 7] Check kubelet kubeadm kubectl version"
kubeadm version
kubelet --version
kubectl version

# echo "[Step 8] Steup kubectl completion"
# https://kubernetes.io/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/
#echo "Run $ echo 'source <(kubectl completion bash)' >>~/.bashrc"