#!/bin/sh
# 90-kubesolo.sh — Start KubeSolo (final init stage)
#
# This stage exec's KubeSolo as PID 1 (replacing init).
# KubeSolo manages containerd, kubelet, API server, and all K8s components.

KUBESOLO_BIN="/usr/bin/kubesolo"

if [ ! -x "$KUBESOLO_BIN" ]; then
    log_err "KubeSolo binary not found at $KUBESOLO_BIN"
    return 1
fi

# Build KubeSolo command line
KUBESOLO_ARGS="--path /var/lib/kubesolo --local-storage"

# Add extra SANs if hostname resolves
HOSTNAME="$(hostname)"
if [ -n "$HOSTNAME" ]; then
    KUBESOLO_ARGS="$KUBESOLO_ARGS --apiserver-extra-sans $HOSTNAME"
fi

# Add any extra flags from boot parameters
if [ -n "$KUBESOLO_EXTRA_FLAGS" ]; then
    KUBESOLO_ARGS="$KUBESOLO_ARGS $KUBESOLO_EXTRA_FLAGS"
fi

# Add flags from persistent config file
if [ -f /etc/kubesolo/extra-flags ]; then
    KUBESOLO_ARGS="$KUBESOLO_ARGS $(cat /etc/kubesolo/extra-flags)"
fi

# Pre-initialize iptables filter table and base chains.
# KubeSolo's kube-proxy uses iptables-restore (nf_tables backend) which needs
# the filter table to exist. Without this, the first iptables-restore fails
# with "RULE_APPEND failed (No such file or directory)".
if command -v iptables >/dev/null 2>&1; then
    iptables -t filter -L -n >/dev/null 2>&1 || true
    iptables -t nat -L -n >/dev/null 2>&1 || true
    iptables -t mangle -L -n >/dev/null 2>&1 || true
    log "Pre-initialized iptables tables (filter, nat, mangle)"
fi

log "Starting KubeSolo: $KUBESOLO_BIN $KUBESOLO_ARGS"
log "Kubeconfig will be at: /var/lib/kubesolo/pki/admin/admin.kubeconfig"

# exec replaces this init process — KubeSolo becomes PID 1
# shellcheck disable=SC2086
exec $KUBESOLO_BIN $KUBESOLO_ARGS