#!/bin/bash

set -e

renewed=0

configfiles=(
    /etc/kubernetes/kubelet.conf
    /etc/kubernetes/admin.conf
    /etc/kubernetes/scheduler.conf
    /etc/kubernetes/controller-manager.conf
)

certfiles=(
    /etc/kubernetes/pki/apiserver.crt
    /etc/kubernetes/pki/apiserver-etcd-client.crt
    /etc/kubernetes/pki/apiserver-kubelet-client.crt
    /etc/kubernetes/pki/ca.crt
    /etc/kubernetes/pki/front-proxy-ca.crt
    /etc/kubernetes/pki/front-proxy-client.crt
    /etc/kubernetes/pki/etcd/ca.crt
    /etc/kubernetes/pki/etcd/client.crt
    /etc/kubernetes/pki/etcd/peer.crt
    /etc/kubernetes/pki/etcd/server.crt
)

get_expire_time() {
    date=$(echo "$1" | openssl x509 -enddate -noout | sed "s/.*=\(.*\)/\1/")
    date_s=$(date -d "${date}" +%s)
    now_s=$(date -d now +%s)
    date_diff=$(( (date_s - now_s) / 86400 ))
    if [ $date_diff -eq 0 ]; then
        expires="$(( (date_s - now_s) / 3600 )) hours"
    else
        expires="$date_diff days"
    fi

    echo "$expires"
}

renew_certificate() {
    sudo kubeadm alpha certs renew all
    renewed=1
}

for configfile in ${configfiles[@]}; do
    if [ ! -f $configfile ]; then
        continue
    fi

    echo -n "Config file $configfile: "

    CERT_DATA=$(cat $configfile | grep client-certificate-data | sed 's/    client-certificate-data: //')
    CERT_FILE=$(cat $configfile | grep client-certificate | sed 's/    client-certificate: //')
    if [ "$CERT_DATA" ]; then
        expires=$(get_expire_time "$(echo $CERT_DATA | base64 -d)")
    elif [ "$CERT_FILE" ]; then
        expires=$(get_expire_time "$(cat $CERT_FILE)")
    else
        echo "no client certificate found"
        continue
    fi

    echo "certificate expires in $expires"

    # Sertifika süresi 30 günden az kalmışsa yenileme işlemi gerçekleştirilir
    if [ ${expires%% *} -lt 30 ]; then
        renew_certificate "$CERT_FILE"
    fi
done

for certfile in ${certfiles[@]}; do
    if [ ! -f $certfile ]; then
        continue
    fi

    echo -n "Certificate $certfile: "
    expires=$(get_expire_time "$(cat $certfile)")
    echo "certificate expires in $expires"

    # Sertifika süresi 30 günden az kalmışsa yenileme işlemi gerçekleştirilir
    if [ ${expires%% *} -lt 30 ]; then
        renew_certificate "$certfile"
    fi
done
echo

if [ $renewed -eq 1 ]; then
    echo -e "\e[32mSertifikalar başarıyla yenilendi.\e[0m"
    echo "Kodu tekrar çalıştırarak yeni sertifika sürelerinizi görebilirsiniz."
else
    echo -e "\e[31mSertifika süreniz hala geçerli.\e[0m"
fi
CODE