#!/bin/bash

kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key

kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key

scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
rm ./{production,staging}_tls.{crt,key}

# on k3s-loadbalancer
# chmod 600 ./{production,staging}_tls.{crt,key}
# sudo chown root:root ./{production,staging}_tls.{crt,key}
# sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/