apiVersion: v1
kind: Pod
metadata:
  name: identity-check
  namespace: app-identity
spec:
  serviceAccountName: api-reader
  restartPolicy: Never
  containers:
    - name: identity-check
      image: curlimages/curl:8.10.1
      command:
        - sh
        - -c
        - |
          TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
          NAMESPACE="$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)"
          HTTP_CODE="$(
            curl --silent --output /tmp/pod.json --write-out '%{http_code}' \
              --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
              --header "Authorization: Bearer ${TOKEN}" \
              "https://kubernetes.default.svc/api/v1/namespaces/${NAMESPACE}/pods/identity-check"
          )"
          echo "namespace=${NAMESPACE}"
          echo "serviceAccountName=api-reader"
          echo "api_status=${HTTP_CODE}"
          sleep 300