#!/bin/sh

set -e
# set -x

# echo "--------------------------"
# echo "--- export ---"
# export
# echo "--- env ---"
# env
# echo "--- set ---"
# set
# echo "--------------------------"

# only execute this script as part of the pipeline.
[ -z "$CI" ] && ( echo "I am not running in Drone CI"; exit 2; )

# only execute the script when the client key and certificate exist.
[ -z "$KUB_KEY" ] && ( echo "I need kub_key secret"; exit 3; )
[ -z "$KUB_CRT" ] && ( echo "I need kub_crt secret"; exit 4; )

# only execute the script when the CA certificate is present.
[ -z "$KUB_CA" ] && ( echo "I need kub_ca"; exit 5; )

# write the client key and the certificate
echo -n "$KUB_KEY" > /root/kub.key
chmod 600 /root/kub.key
echo -n "$KUB_CRT" > /root/kub.crt

# write the Kubernetes CA
echo -n "$KUB_CA" > /root/ca.crt

# check whether the certificate is signed by the CA
# TODO: (install openssl ? ) openssl verify -CAfile /root/ca.crt /root/kub.crt && ( echo "kub_crt is not signed by kub_ca"; exit 6; )

# Configure the cluster and the context
kubectl config set-credentials arno --client-certificate=/root/kub.crt --client-key=/root/kub.key
kubectl config set-cluster kubernetes --server=https://k8s.nixaid.com:6443 --certificate-authority=/root/ca.crt
kubectl config set-context kub-context --cluster=kubernetes --namespace=arno --user=arno