From 40173db9adb6efd2c0ec3aeb835f6a798cc355be Mon Sep 17 00:00:00 2001
From: Wade Barnes <wade@neoterictech.ca>
Date: Wed, 28 Jan 2026 07:29:32 -0800
Subject: [PATCH] Add support for managed ingresses (tlsSecrets)

- Initial pass at ingress query.

Signed-off-by: Wade Barnes <wade@neoterictech.ca>
---
 docker/entrypoint.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 8a927c1..d23a84a 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -160,6 +160,14 @@ EOF
 # Get a mapping of all managed routes and their hosts
 routeMap=$(oc get route -l certbot-managed=true -o=jsonpath='{range .items[*]}{.metadata.name}={.spec.host}{"\n"}{end}')
 
+
+# Get a mapping of tls secrets and their hosts from all managed ingresses.
+# Example:
+#   oc -n 4a9599-dev get ingress -l certbot-managed=true -o=jsonpath='{range .items[*]}{range .spec.tls[*]}{.secretName}={.hosts}{"\n"}{end}'
+# Result:
+#   mediator-credo-tls=["mediator-dev.digitaltrust.gov.bc.ca"]
+
+
 # Declare and populate a hash table to use as a dictionary for mapping the routes to their hosts.
 # - The host name will also be used as the certificate name in the case individual certificates are being requested.
 declare -A managedRoutes
@@ -233,7 +241,7 @@ rm -f ${CERTBOT_WORK_DIR}/deployed
 
 # Get certificate(s), either combined or individual
 if [ "${CERTBOT_CERT_PER_HOST}" == "true" ]; then
-  echo "Manage individual certificates for each unique host."  
+  echo "Manage individual certificates for each unique host."
   for certbot_host in $(</tmp/certbot-hosts.txt); do
     getCertificate "${certbot_host}" "${certbot_host}"
   done