SparkyFitness (https://github.com/CodeWithCJ/SparkyFitness) replaces wger on
workout.dooplex.hu / workout.home with native Authentik OIDC.
Components (sparkyfitness.yaml): dedicated postgres:15-alpine, server (3010,
/api/health), frontend nginx (root image, listens :80). PVCs sparkyfitness-postgres
+ sparkyfitness-uploads (Longhorn, backup labels). In-app OIDC, no forward-auth.
Deviations from the deploy spec, following upstream ground truth:
- In-container mount path for uploads is /app/SparkyFitnessServer/uploads (per the
upstream Helm chart values.yaml), not /app/uploads.
- Frontend root image (codewithcj/sparkyfitness) has 'listen 80;' hardcoded ->
NGINX_LISTEN_PORT=80, containerPort/Service 80.
- Image names use the docker-compose variants (codewithcj/sparkyfitness_server,
codewithcj/sparkyfitness); the upstream Helm chart uses -server/-frontend.
- All wger Deployments scaled to 0 (incl. celery worker/beat), not just
wger + wger-redis, so celery doesn't crashloop against the downed redis.
Secrets (outside git): sparky-oauth (client-id/client-secret, pre-existing) +
sparky-app (db + app-db creds, api-encryption-key, better-auth-secret).
wger is parked, not deleted: Deployments at 0, both Ingresses removed (ArgoCD
prune frees the hostnames); Services/ConfigMap/PVCs/CNPG DB kept for rollback.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
admin
7f3c06f16c