local-k8s/setup

#!/usr/bin/env bash

set -euo pipefail

kind create cluster --config kind/kind.yaml --wait 10m

kubectl create secret docker-registry gitlab \
          --docker-server=registry.gitlab.com \
          --docker-username=gitlab \
          --docker-password="${GITLAB_TOKEN}" \
          --docker-email=gitlab@unbound.se

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gitlab"}]}'

kustomized="$(mktemp -t unboundtraefik.yaml.XXXXXX)"

kubectl kustomize --enable-helm "k8s/traefik" >> "${kustomized}"
kubectl apply -f "${kustomized}" --server-side || true

printf "\nWait for pod app.kubernetes.io/name=traefik to be created."
while :; do
  sleep 2
  [ -n "$(kubectl -n traefik get pod --selector=app.kubernetes.io/name=traefik 2>/dev/null)" ] && printf "\n\n" && break
  printf "."
done

echo "Wait for traefik to be available."
until [[ $(kubectl -n traefik get endpointslices -l 'kubernetes.io/service-name=traefik' -o=jsonpath='{.items[*].endpoints[*].addresses[*]}') ]]; do sleep 5; done

kustomized="$(mktemp -t unboundinfra.yaml.XXXXXX)"

kubectl kustomize --enable-helm "k8s/infra" >> "${kustomized}"
kubectl apply -f "${kustomized}" --server-side || true

printf "\nWait for pod app.kubernetes.io/instance=cert-manager to be created."
while :; do
  sleep 2
  [ -n "$(kubectl -n cert-manager get pod --selector=app.kubernetes.io/instance=cert-manager 2>/dev/null)" ] && printf "\n\n" && break
  printf "."
done
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cert-manager --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cainjector --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=webhook --timeout 4m
kubectl wait --for=condition=Ready pods --all -n external-secrets --timeout=5m
# Apply again to get any CRD's that wasn't applied earlier since the definitions wasn't available
kubectl apply -f "${kustomized}" --server-side || true
kubectl apply -k k8s/app --server-side

kubectl wait --for=condition=Ready pods -n cert-manager -l app=cert-manager --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=cainjector --timeout 4m
kubectl wait --for=condition=Ready pods -n cert-manager -l app=webhook --timeout 4m
kubectl wait --for=condition=Ready pods --all -n external-secrets --timeout=5m
kubectl wait --for=condition=Ready pods --all -n default --timeout 3m