---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: credentials-sync-eventhub
  namespace: flux-system
spec:
  template:
    spec:
      containers:
        - name: sync
          image: mcr.microsoft.com/azure-cli
          env:
            - name: RECONCILE_SH
              value: |-
                reconcile() {
                  echo "Starting JWT token sync -- $(date)"
                  echo "Logging into Azure"
                  az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
                  echo "Getting JWT token"
                  token=$(az account get-access-token --resource https://eventhubs.azure.net |jq -r .accessToken)
                  echo "Creating secret: ${KUBE_SECRET}"
                  apply-secret "${KUBE_SECRET}" ${token} "${ADDRESS}"
                  echo "Finished JWT token sync -- $(date)"
                  echo
                }
            - name: AZURE_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: azure-credentials
                  key: AZURE_CLIENT_ID
            - name: AZURE_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: azure-credentials
                  key: AZURE_CLIENT_SECRET
            - name: AZURE_TENANT_ID
              valueFrom:
                secretKeyRef:
                  name: azure-credentials
                  key: AZURE_TENANT_ID