apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: credentials-sync
  namespace: flux-system
spec:
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: sync
            image: mcr.microsoft.com/azure-cli
            env:
            - name: RECONCILE_SH
              value: |-
                reconcile() {
                  echo "Starting ACR token sync -- $(date)"
                  echo "Logging into Azure"
                  az login --identity
                  echo "Logging into ACR: ${ACR_NAME}"
                  output="$(az acr login --expose-token -o=tsv -n "${ACR_NAME}")"
                  read token server <<< "${output}"
                  user="00000000-0000-0000-0000-000000000000"

                  echo "Creating secret: ${KUBE_SECRET}"
                  /kbin/kubectl create secret docker-registry "${KUBE_SECRET}" \
                    --docker-server="${server}" \
                    --docker-username="00000000-0000-0000-0000-000000000000" \
                    --docker-password="${token}" \
                    --dry-run=client -o=yaml \
                    | grep -v "creationTimestamp:" \
                    | /kbin/kubectl apply -f -

                  echo "Finished ACR token sync -- $(date)"
                  echo
                }