#
# This script is intended to be run on an Ubuntu 20.04, 
# 2cpu, 8G node.  The course is **not** tested using containerd,
# so you may have endless issues, or not. Only for those already
# comfortable with Kubernetes, who want to compare and contrast
# various container engines
# By Tim Serewicz, 03/2022 GPL

# Note there is a lot of software downloaded, which may require
# some troubleshooting if any of the sites updates their code,
# which should be expected. 

# These first several steps can be done on cp and worker.
# Ensure two modules are loaded after reboot

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF


# Disable swap if not on a cloud instance - done anyway

sudo swapoff -a


# Load the modules now

sudo modprobe overlay

sudo modprobe br_netfilter


# Update sysctl to load iptables and ipforwarding

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system


# Install some necessary software  

sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common

# Install the Docker keyring
#  In Ubuntu 20.04, containerd part of local repos. 

sudo apt install containerd -y

#Older OS steps
#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add -

# Create a Docker repository
#sudo add-apt-repository  "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Install and configure the containerd package
#sudo apt-get update && sudo apt-get install -y containerd.io
#sudo mkdir -p /etc/containerd
#sudo containerd config default | sudo tee /etc/containerd/config.toml

# Verify the file has the appropriate contents
#cat /etc/containerd/config.toml



# Restart and check containerd

sudo systemctl restart containerd

sudo systemctl status containerd


#
#
#  RETURN TO THE BOOK now that containerd is installed.
#  Some of same steps included following to make life easier, and some 
#  troubleshooting
#
#
# Add the Kubernetes repo

sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"


# Add the GPG key for the new repo

sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"



# Install the Kubernetes packages - Using older version of k8s
# so we can upgrade to current in future lab. Stop after these steps
# if on the worker
sudo apt-get update

sudo apt-get install -y kubeadm=1.22.1-00 kubelet=1.22.1-00 kubectl=1.22.1-00

sudo apt-mark hold kubelet kubeadm kubectl



# Create a cluster using containerd - Using older version of k8s
# so we can upgrade to current in future lab. Only run init on
# the control plane (cp) - **not** the worker.
sudo kubeadm init --kubernetes-version 1.22.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16 | tee $HOME/cp.out

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config



# We'll use Calico for the network plugin

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

# Make sure all the infrastructure pods are running
kubectl get pod --all-namespaces

kubectl describe pod -l component=kube-apiserver -n kube-system

kubectl get events

# Enable command line completion
source <(kubectl completion bash)

echo "source <(kubectl completion bash)" >> $HOME/.bashrc

# Untaint the control plane, as we only have one node
kubectl taint node --all node-role.kubernetes.io/master-


# Troubleshooting and or optional add ons
# Get containerd running, append or create several files.
cat <<EOF | sudo tee /etc/containerd/config.toml
disabled_plugins = ["restart"]
[plugins.linux]
  shim_debug = true
[plugins.cri.containerd.runtimes.runsc]
  runtime_type = "io.containerd.runsc.v1"
EOF

cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///var/run/dockershim.sock
timeout: 10
debug: true
EOF


# Ensure containerd starts and 

sudo systemctl restart containerd

kubectl get pod --all-namespaces


# Optional 
# Install and configure crictl and gVisor if you want a more secure environment. 

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz

tar zxvf crictl-v1.22.0-linux-amd64.tar.gz

sudo mv crictl /usr/local/bin

cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF

sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/containerd-shim-runsc-v1 -O /usr/local/bin/containerd-shim-runsc-v1
sudo chmod +x /usr/local/bin/containerd-shim-runsc-v1

sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc -O /usr/local/bin/runsc
sudo chmod +x /usr/local/bin/runsc


