configs:
  sync-certs-sh:
    content: |
      #!/bin/bash
      ##############################################################################################################################
      
      set -e
      mkdir -p /tmp/.kube

      echo "Trace: Setup kube"
   
      echo "Trace: Processing KUBERNETES_CRT_AUTHORITY_BASE64"
      base64 -d <<< "${KUBERNETES_CRT_AUTHORIT_BASE64}" > "$${KUBERNETES_CRT_AUTHORITY}"
      echo "Trace: Processing KUBERNETES_CLIENT_CRT_BASE64"
      base64 -d <<< "${KUBERNETES_CLIENT_CRT_BASE64}" > "$${KUBERNETES_CLIENT_CRT}"
      echo "Trace: Processing KUBERNETES_CLIENT_KEY_BASE64"
      base64 -d <<< "${KUBERNETES_CLIENT_KEY_BASE64}" > "$${KUBERNETES_CLIENT_KEY}"

      # while true ; do
      #   sleep 5
      # done

   
      echo "Trace: Fetching secrets"
      CERT_NAMES=$(kubectl get secrets \
        -n casa-limbosolutions-com \
        --server="$${KUBERNETES_SERVER}" \
        --client-key="$${KUBERNETES_CLIENT_KEY}" \
        --client-certificate="$${KUBERNETES_CLIENT_CRT}" \
        --insecure-skip-tls-verify \
        -o json | jq -r '.items[].metadata.name')

      for CERT_NAME in $$CERT_NAMES; do
        echo "Trace: Syncing certificate: $$CERT_NAME"
        kubectl get secret "$$CERT_NAME" \
          -n casa-limbosolutions-com \
          --server="$${KUBERNETES_SERVER}" \
          --client-key="$${KUBERNETES_CLIENT_KEY}" \
          --client-certificate="$${KUBERNETES_CLIENT_CRT}" \
          --insecure-skip-tls-verify \
          -o json | \
          jq -r '.data | to_entries[] | "\(.key) \(.value)"' | \
          while IFS=' ' read -r KEY VALUE; do
            echo "Processing key: $$KEY"
            # Decode the base64 value and save it to the appropriate file
            echo "Trace: Saving key: /etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
            echo "$$VALUE" | base64 -d > "/etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
          done
      done
     
      echo "Info: Certificates synced successfully."  

services:
  kubectl:
    image: bitnami/kubectl:latest
    environment:
      KUBERNETES_SERVER: ${KUBERNETES_SERVER}
      KUBERNETES_CRT_AUTHORITY: /tmp/.kube/ca.crt
      KUBERNETES_CLIENT_CRT: /tmp/.kube/client.crt
      KUBERNETES_CLIENT_KEY: /tmp/.kube/client.key
    container_name: sync-certs-job
    entrypoint: bash -c /app/sync-certs.sh
    configs:
      - source: sync-certs-sh
        target: /app/sync-certs.sh
        mode: 0755
    volumes:
      - casa-certs:/etc/ssl/certs/casa-limbosolutions-com-certs:rw
volumes:
  casa-certs:
    name: casa-limbosolutions-com-certs
    external: true # Atention permission must be set to 1001:1001 (using chown on nginx container command)