---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: credentials-sync
  namespace: flux-system
spec:
  template:
    spec:
      containers:
      - name: sync
        image: mcr.microsoft.com/azure-cli
        env:
        - name: RECONCILE_SH
          value: |-
            reconcile() {
              echo "Starting ACR token sync -- $(date)"
              echo "Logging into Azure"
              az login --identity
              echo "Logging into ACR: $ACR_NAME"
              output="$(az acr login --expose-token -o=tsv -n "$ACR_NAME")"
              read token server <<< "$output"
              user="00000000-0000-0000-0000-000000000000"

              echo "Creating secret: $KUBE_SECRET"
              apply-secret "$KUBE_SECRET" "$token" "$user" "$server"

              echo "Finished ACR token sync -- $(date)"
              echo
            }