# services/health/endurain-oidc-config-cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: endurain-oidc-config namespace: health spec: schedule: "*/30 * * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: backoffLimit: 1 template: spec: serviceAccountName: health-vault-sync restartPolicy: Never affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: ["arm64"] - key: node-role.kubernetes.io/worker operator: Exists preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: ["rpi5"] - weight: 70 preference: matchExpressions: - key: hardware operator: In values: ["rpi4"] containers: - name: configure image: alpine:3.20 command: ["/bin/sh", "-c"] args: - | set -euo pipefail apk add --no-cache bash curl jq >/dev/null exec /scripts/endurain_oidc_configure.sh env: - name: ENDURAIN_BASE_URL value: http://endurain.health.svc.cluster.local - name: ENDURAIN_ADMIN_USERNAME valueFrom: secretKeyRef: name: endurain-admin key: username - name: ENDURAIN_ADMIN_PASSWORD valueFrom: secretKeyRef: name: endurain-admin key: password - name: ENDURAIN_OIDC_CLIENT_ID valueFrom: secretKeyRef: name: endurain-oidc key: client_id - name: ENDURAIN_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: endurain-oidc key: client_secret - name: ENDURAIN_OIDC_ISSUER_URL valueFrom: secretKeyRef: name: endurain-oidc key: issuer_url volumeMounts: - name: endurain-oidc-config-script mountPath: /scripts readOnly: true volumes: - name: endurain-oidc-config-script configMap: name: endurain-oidc-config-script defaultMode: 0555