#!/bin/bash
##
## Script to automate the Kubernetes CentOS client side pieces
##

. etcd_vars

KUBE_CONTROLLERS=$((KUBE_CONTROLLERS-1))
for (( i=0; i<=$KUBE_CONTROLLERS; i++)); do
  if [ "$i" == "$KUBE_CONTROLLERS" ]; then
    ETCD_SERVER=https://$KUBE_SUBNET_ADDR.1${i}:2379
  else
    ETCD_SERVER=https://$KUBE_SUBNET_ADDR.1${i}:2379,
  fi
  ETCD_SERVERS=`echo $ETCD_SERVERS$ETCD_SERVER`
done

curl https://storage.googleapis.com/kubernetes-release/release/v1.11.2/bin/linux/amd64/kube-apiserver -o /usr/local/bin/kube-apiserver
chmod 755 /usr/local/bin/kube-apiserver

mkdir -p /var/lib/kubernetes
mv ca.pem ca-key.pem kubernetes.pem kubernetes-key.pem service-account.pem service-account-key.pem encryption-config.yaml /var/lib/kubernetes/

cat > /etc/systemd/system/kube-apiserver.service << 'EOM'
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=etcd.service

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/apiserver
#User=kube
ExecStart=/usr/local/bin/kube-apiserver \
            $KUBE_LOGTOSTDERR \
            $KUBE_LOG_LEVEL \
            $KUBE_ETCD_SERVERS \
            $KUBE_API_ADDRESS \
            $KUBE_API_PORT \
            $KUBELET_PORT \
            $KUBE_ALLOW_PRIV \
            $KUBE_SERVICE_ADDRESSES \
            $KUBE_ADMISSION_CONTROL \
            $KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOM

cat > /etc/kubernetes/apiserver << EOM
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# The address on the local server to listen to.
#KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"

# The port on the local server to listen on.
#KUBE_API_PORT="--port=6443"

# Port minions listen on
KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=$ETCD_SERVERS"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.32.0.0/16"

# default admission control policies
KUBE_ADMISSION_CONTROL="--enable-admission-plugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"                                                   
# Add your own!
KUBE_API_ARGS="--advertise-address=`hostname -i` --allow-privileged=true --apiserver-count=2 --audit-log-maxage=30 --audit-log-maxbackup=3 audit-log-maxsize=100 audit-log-path=/var/log/audit/audit.log --authorization-mode=Node,RBAC --bind-address=0.0.0.0 --client-ca-file=/var/lib/kubernetes/ca.pem --enable-swagger-ui=true --etcd-cafile=/var/lib/kubernetes/ca.pem --etcd-certfile=/var/lib/kubernetes/kubernetes.pem --etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem --event-ttl=1h --experimental-encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml --kubelet-certificate-authority=/var/lib/kubernetes/ca.pem --kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem --kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem --kubelet-https=true --runtime-config=api/all --service-account-key-file=/var/lib/kubernetes/service-account.pem --service-node-port-range=30000-32767 --tls-cert-file=/var/lib/kubernetes/kubernetes.pem --tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem --v=2"
EOM

systemctl daemon-reload
systemctl start kube-apiserver 
systemctl enable kube-apiserver 

echo "The next step is to create the Kubernetes Controller Manager"