#!/bin/bash

# install calico
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/calico.yaml

# install metrics-server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

# patch metrics-server
kubectl patch deployment metrics-server -n kube-system --patch '{
  "spec": {
    "template": {
      "spec": {
        "containers": [{
          "name": "metrics-server",
          "args": [
            "--cert-dir=/tmp",
            "--secure-port=10250",
            "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
            "--kubelet-use-node-status-port",
            "--metric-resolution=15s",
            "--kubelet-insecure-tls"
          ]
        }]
      }
    }
  }
}'

# namespace based policy
# Szintek:
# - privileged: minden engedélyezett, mint root konténer futtatása, privilege escalation stb.
# - baseline: nem engedi a privilege escalation-t, root jogot stb.
# - restricted: a legszigorúbb szabály
kubectl create namespace secure
kubectl label namespace secure \
  pod-security.kubernetes.io/enforce=restricted \
  pod-security.kubernetes.io/enforce-version=latest

# dev-admin és readonly user hozzáadása
./setup-kind-users.sh