# services/health/sparkyfitness-oidc-config-cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: sparkyfitness-oidc-config namespace: health spec: schedule: "*/30 * * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: backoffLimit: 1 template: spec: serviceAccountName: health-vault-sync restartPolicy: Never affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: ["arm64"] - key: node-role.kubernetes.io/worker operator: Exists preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: ["rpi5"] - weight: 70 preference: matchExpressions: - key: hardware operator: In values: ["rpi4"] containers: - name: configure image: alpine:3.20 command: ["/bin/sh", "-c"] args: - | set -euo pipefail apk add --no-cache bash curl jq >/dev/null exec /scripts/sparkyfitness_oidc_configure.sh env: - name: SPARKYFITNESS_BASE_URL value: http://sparkyfitness-server.health.svc.cluster.local:3010 - name: SPARKYFITNESS_FRONTEND_URL value: https://sparkyfitness.bstein.dev - name: SPARKYFITNESS_ADMIN_EMAIL valueFrom: secretKeyRef: name: sparkyfitness-admin key: email - name: SPARKYFITNESS_ADMIN_PASSWORD valueFrom: secretKeyRef: name: sparkyfitness-admin key: password - name: SPARKYFITNESS_OIDC_CLIENT_ID valueFrom: secretKeyRef: name: sparkyfitness-oidc key: client_id - name: SPARKYFITNESS_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: sparkyfitness-oidc key: client_secret - name: SPARKYFITNESS_OIDC_ISSUER_URL valueFrom: secretKeyRef: name: sparkyfitness-oidc key: issuer_url volumeMounts: - name: sparkyfitness-oidc-config-script mountPath: /scripts readOnly: true volumes: - name: sparkyfitness-oidc-config-script configMap: name: sparkyfitness-oidc-config-script defaultMode: 0555