#!/usr/bin/env bash

IP_ROUTE=""
IP_ADDRESS=""
ADD_HOSTS=""
if ! ( [[ "$(uname -s)" == *"Darwin"* ]] || [[ "$(uname -s)" == "Linux" && "$(uname -r)" =~ "microsoft-standard" ]] ); then
  IP_ROUTE=$(ip route get 1)
  IP_ADDRESS=$(echo ${IP_ROUTE#*src} | awk '{print $1}')
  ADD_HOSTS="--add-host gardener.localhost:$IP_ADDRESS"
fi

LABEL=${1:-local-garden}

SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"

IMAGE=k8s.gcr.io/kube-apiserver:v1.17.9
MOUNTS="-v $SCRIPTPATH/certificates/certs:/certs -v $SCRIPTPATH/certificates/keys:/keys"
ETCD_PORT=12379
LISTEN_PORT="2443"

echo "Starting gardener-dev kube-apiserver!"
docker run -d --name kube-apiserver -l $LABEL $ADD_HOSTS --network gardener-dev --rm -p $LISTEN_PORT:$LISTEN_PORT $MOUNTS $IMAGE /usr/local/bin/kube-apiserver \
  --etcd-servers="https://etcd:$ETCD_PORT" \
  --storage-media-type='application/json' \
  --authorization-mode="Node,RBAC" \
  --etcd-cafile="/certs/ca.crt" \
  --etcd-keyfile="/keys/kube-apiserver-etcd-client.key" \
  --etcd-certfile="/certs/kube-apiserver-etcd-client.crt" \
  --tls-cert-file="/certs/kube-apiserver.crt" \
  --tls-private-key-file="/keys/kube-apiserver.key" \
  --requestheader-client-ca-file="/certs/ca.crt" \
  --requestheader-extra-headers-prefix=X-Remote-Extra- \
  --requestheader-group-headers=X-Remote-Group \
  --requestheader-username-headers=X-Remote-User \
  --client-ca-file="/certs/ca.crt" \
  --proxy-client-key-file="/keys/front-proxy-client.key" \
  --proxy-client-cert-file="/certs/front-proxy-client.crt" \
  --service-account-key-file="/keys/sa.key" \
  --secure-port=$LISTEN_PORT
