# /infrastructure/controllers/metallb/config-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: metallb-config
  namespace: metallb-system
spec:
  template:
    spec:
      serviceAccountName: metallb-config-sa
      containers:
      - name: kubectl
        image: bitnami/kubectl:latest
        command:
        - /bin/bash
        - -c
        - |
          # Wait for the webhook to be ready
          echo "Waiting for MetalLB webhook to be ready..."
          sleep 30
          kubectl -n metallb-system wait --for=condition=ready --timeout=120s pods --all
          sleep 30

          # Get the external IP of the node using kubectl
          SERVER_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="ExternalIP")].address}')

          # Fallback to other address types if ExternalIP isn't available
          if [ -z "$SERVER_IP" ]; then
            echo "ExternalIP not found, trying InternalIP..."
            SERVER_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
          fi
          
          echo "Detected server IP: $SERVER_IP"

          if [ -z "$SERVER_IP" ]; then
            echo "No external IP found for the node"
            exit 1
          fi
          
          # Create a temporary file for the IPAddressPool
          echo "Creating IPAddressPool with IP: $SERVER_IP/32"
          
          cat > /tmp/ippool.yaml << EOF
          apiVersion: metallb.io/v1beta1
          kind: IPAddressPool
          metadata:
            name: first-pool
            namespace: metallb-system
          spec:
            addresses:
            - "$SERVER_IP/32"
          EOF
          
          kubectl apply -f /tmp/ippool.yaml
          
          # Create the L2Advertisement 
          cat > /tmp/l2advert.yaml << EOF
          apiVersion: metallb.io/v1beta1
          kind: L2Advertisement
          metadata:
            name: l2-advert
            namespace: metallb-system
          spec:
            ipAddressPools:
            - first-pool
          EOF
          
          kubectl apply -f /tmp/l2advert.yaml
          
          echo "MetalLB configured to use IP: $SERVER_IP"
      restartPolicy: OnFailure
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metallb-config-sa
  namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: metallb-config-role
rules:
- apiGroups: ["metallb.io"]
  resources: ["ipaddresspools", "l2advertisements"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metallb-config-rolebinding
subjects:
- kind: ServiceAccount
  name: metallb-config-sa
  namespace: metallb-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: metallb-config-role
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: metallb-config-role-ns
  namespace: metallb-system
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: metallb-config-rolebinding-ns
  namespace: metallb-system
subjects:
- kind: ServiceAccount
  name: metallb-config-sa
  namespace: metallb-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: metallb-config-role-ns