Auto-update README with current k8s applications

Generated by CI/CD workflow on 2025-11-24 16:40:09

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/remnawave/external-secrets.yaml

@@ -10,16 +10,22 @@ spec:
     template:
       type: Opaque
       data:
+        METRICS_USER: admin
+        FRONT_END_DOMAIN: rw.hexor.cy
+        SUB_PUBLIC_DOMAIN: sub.hexor.cy
+        REDIS_HOST: remnawave-redis
+        REDIS_PORT: "6379"
+
         DATABASE_URL: |-
           postgresql://remnawave:{{ .pg_pass }}@psql.psql.svc:5432/remnawave
-#       JWT_AUTH_SECRET: |-
+        JWT_AUTH_SECRET: |-
-#         {{ .jwt_auth_secret }}
+          {{ .jwt_auth_secret }}
-#       JWT_API_TOKENS_SECRET: |-
+        JWT_API_TOKENS_SECRET: |-
-#         {{ .jwt_api_tokens_secret }}
+          {{ .jwt_api_tokens_secret }}
-#       METRICS_USER: |-
+        METRICS_PASS: |-
-#         {{ .metrics_user }}
+          {{ .metrics_pass }}
-#       METRICS_PASS: |-
+        WEBHOOK_SECRET_HEADER: |-
-#         {{ .metrics_pass }}
+          {{ .webhook_secret }}
 
   data:
     - secretKey: pg_pass
@@ -30,35 +36,35 @@ spec:
       remoteRef:
         key: 2a9deb39-ef22-433e-a1be-df1555625e22
         property: fields[10].value
-#   - secretKey: jwt_auth_secret
+    - secretKey: jwt_auth_secret
-#     sourceRef:
+      sourceRef:
-#       storeRef:
+        storeRef:
-#         name: vaultwarden-login
+          name: vaultwarden-login
-#         kind: ClusterSecretStore
+          kind: ClusterSecretStore
-#     remoteRef:
+      remoteRef:
-#       key: 35ec5880-2576-401b-a89a-3c9d56b9c1de
+        key: 0d090436-5e82-453a-914c-19cec2abded1
-#       property: login.password
+        property: fields[0].value
-#   - secretKey: jwt_api_tokens_secret
+    - secretKey: jwt_api_tokens_secret
-#     sourceRef:
+      sourceRef:
-#       storeRef:
+        storeRef:
-#         name: vaultwarden-login
+          name: vaultwarden-login
-#         kind: ClusterSecretStore
+          kind: ClusterSecretStore
-#     remoteRef:
+      remoteRef:
-#       key: 35ec5880-2576-401b-a89a-3c9d56b9c1de
+        key: 0d090436-5e82-453a-914c-19cec2abded1
-#       property: login.password
+        property: fields[1].value
-#   - secretKey: metrics_user
+    - secretKey: metrics_pass
-#     sourceRef:
+      sourceRef:
-#       storeRef:
+        storeRef:
-#         name: vaultwarden-login
+          name: vaultwarden-login
-#         kind: ClusterSecretStore
+          kind: ClusterSecretStore
-#     remoteRef:
+      remoteRef:
-#       key: 35ec5880-2576-401b-a89a-3c9d56b9c1de
+        key: 0d090436-5e82-453a-914c-19cec2abded1
-#       property: login.username
+        property: fields[2].value
-#   - secretKey: metrics_pass
+    - secretKey: webhook_secret
-#     sourceRef:
+      sourceRef:
-#       storeRef:
+        storeRef:
-#         name: vaultwarden-login
+          name: vaultwarden-login
-#         kind: ClusterSecretStore
+          kind: ClusterSecretStore
-#     remoteRef:
+      remoteRef:
-#       key: 35ec5880-2576-401b-a89a-3c9d56b9c1de
+        key: 0d090436-5e82-453a-914c-19cec2abded1
-#       property: login.password
+        property: fields[3].value

k8s/apps/remnawave/ingress.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: remnawave-tls-ingress
+  annotations:
+    ingressClassName: traefik
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  rules:
+    - host: sub.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: remnawave-subscription-page
+                port:
+                  number: 3010
+    - host: sub.hexor.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: remnawave-subscription-page
+                port:
+                  number: 3010
+  tls:
+    - secretName: remnawave-tls
+      hosts:
+        - sub.hexor.cy
+        - sub.hexor.ru

k8s/apps/remnawave/kustomization.yaml

@@ -5,4 +5,6 @@ resources:
   - ./external-secrets.yaml
   - ./deployment.yaml
   - ./redis-deployment.yaml
+  - ./subscription-page-configmap.yaml
+  - ./subscription-page-deployment.yaml
   - ./servicemonitor.yaml

k8s/apps/remnawave/subscription-page-configmap.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: remnawave-subscription-page-config
+  labels:
+    app: remnawave-subscription-page
+data:
+  APP_PORT: "3010"
+  REMNAWAVE_PANEL_URL: "http://remnawave.remnawave.svc:3000"
+  META_TITLE: "RemnaWave Subscription"
+  META_DESCRIPTION: "Your VPN subscription portal"
+  META_KEYWORDS: "vpn,subscription,remnawave"
+  META_AUTHOR: "RemnaWave"
+  ENABLE_ANALYTICS: "false"
+  ANALYTICS_MEASUREMENT_ID: ""
+  CUSTOM_SUB_PREFIX: ""
+  THEME: "dark"
+  CUSTOM_LOGO_URL: ""
+  SHOW_SUBSCRIPTION_INFO: "true"
+  SHOW_CONNECTION_INFO: "true"
+  SHOW_QR_CODE: "true"
+  QR_CODE_SIZE: "256"
+  REFRESH_INTERVAL: "30000"
+  SUBSCRIPTION_TEXT_COLOR: "#ffffff"
+  BACKGROUND_COLOR: "#1a1a1a"
+  ACCENT_COLOR: "#007bff"

k8s/apps/remnawave/subscription-page-deployment.yaml

@@ -0,0 +1,68 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: remnawave-subscription-page
+  labels:
+    app: remnawave-subscription-page
+spec:
+  selector:
+    matchLabels:
+      app: remnawave-subscription-page
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: remnawave-subscription-page
+    spec:
+      containers:
+        - name: subscription-page
+          image: 'remnawave/subscription-page:latest'
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: remnawave-subscription-page-config
+          ports:
+            - name: http
+              containerPort: 3010
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3010
+            initialDelaySeconds: 30
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3010
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "256Mi"
+              cpu: "200m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: remnawave-subscription-page
+  labels:
+    app: remnawave-subscription-page
+spec:
+  selector:
+    app: remnawave-subscription-page
+  ports:
+    - name: http
+      protocol: TCP
+      port: 3010
+      targetPort: 3010

k8s/core/authentik/values.yaml

@@ -47,6 +47,7 @@ server:
         - minecraft.hexor.cy # Minecraft UI and server
         - pass.hexor.cy      # k8s-secret for openai
         - ps.hexor.cy        # pasarguard UI
+#       - rw.hexor.cy        # RemnaWave UI
       tls:
         - secretName: idm-tls
           hosts:

terraform/authentik/proxy-apps.tfvars

@@ -206,5 +206,22 @@ EOT
     create_group                 = true
     access_groups                = ["admins"]
   }
+  "remnawave" = {
+    name                         = "RemnaWave"
+    slug                         = "remnawave"
+    group                        = "Tools"
+    external_host                = "https://rw.hexor.cy"
+    internal_host                = "http://remnawave.remnawave.svc:3000"
+    internal_host_ssl_validation = false
+    meta_description             = ""
+    skip_path_regex              = <<-EOT
+/api/sub/
+EOT
+    meta_icon                    = "https://camo.githubusercontent.com/0fbcff9dfaebb0363774139d00ef58d7f128eed3ddabaaf2bf7d18b68fd296a1/68747470733a2f2f63646e2e72656d6e612e73742f6c6f676f732f6c6f676f2e737667"
+    mode                         = "proxy"
+    outpost                      = "kubernetes-outpost"
+    create_group                 = true
+    access_groups                = ["admins"]
+  }
 }