Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-02-11 23:01:30

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/mtproxy/Dockerfile

@@ -1,12 +1,32 @@
-FROM debian:bookworm-slim AS builder
+FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS builder
+
+ARG TARGETARCH
 
 RUN apt-get update && apt-get install -y \
-    git curl build-essential libssl-dev zlib1g-dev \
+    git curl make gcc libssl-dev zlib1g-dev \
     && rm -rf /var/lib/apt/lists/*
 
+RUN if [ "$(dpkg --print-architecture)" != "$TARGETARCH" ]; then \
+      dpkg --add-architecture $TARGETARCH && \
+      apt-get update && \
+      case "$TARGETARCH" in \
+        arm64) apt-get install -y gcc-aarch64-linux-gnu libssl-dev:arm64 zlib1g-dev:arm64 ;; \
+        amd64) apt-get install -y gcc-x86-64-linux-gnu libssl-dev:amd64 zlib1g-dev:amd64 ;; \
+      esac && \
+      rm -rf /var/lib/apt/lists/*; \
+    fi
+
 RUN git clone https://github.com/TelegramMessenger/MTProxy.git /src
 WORKDIR /src
-RUN make -j$(nproc)
+
+RUN NATIVE=$(dpkg --print-architecture) && \
+    if [ "$NATIVE" != "$TARGETARCH" ]; then \
+      case "$TARGETARCH" in \
+        arm64) export CC=aarch64-linux-gnu-gcc ;; \
+        amd64) export CC=x86_64-linux-gnu-gcc ;; \
+      esac; \
+    fi && \
+    make -j$(nproc)
 
 FROM debian:bookworm-slim
 

k8s/apps/mtproxy/daemonset.yaml

@@ -67,7 +67,8 @@ spec:
               echo "Done"
       containers:
         - name: mtproxy
-          image: ultradesu/mtproxy:v0.02
+          image: telegrammessenger/proxy:latest
+          # image: ultradesu/mtproxy:v0.02
           imagePullPolicy: Always
           ports:
             - name: proxy
@@ -77,14 +78,16 @@ spec:
             - /bin/sh
             - -c
             - >-
+              curl -s https://core.telegram.org/getProxySecret -o proxy-secret && \
+              curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf && \
               mtproto-proxy
               -u nobody
               -p 8888
               -H $(PORT)
               -M 1
               -S $(SECRET)
-              --aes-pwd /etc/mtproxy/proxy-secret
+              --aes-pwd proxy-secret
-              /etc/mtproxy/proxy-multi.conf
+              proxy-multi.conf
           env:
             - name: SECRET
               valueFrom:

k8s/apps/mtproxy/external-secrets.yaml

@@ -12,7 +12,7 @@ spec:
       data:
         SECRET: |-
           {{ .secret }}
-        PORT: 30443
+        PORT: "30443"
   data:
     - secretKey: secret
       sourceRef:

k8s/apps/mtproxy/kustomization.yaml

@@ -6,5 +6,6 @@ resources:
   - ./rbac.yaml
   - ./daemonset.yaml
   - ./external-secrets.yaml
+  - ./service.yaml
+  - ./secret-reader.yaml
 # - ./storage.yaml
-# - ./service.yaml

k8s/apps/mtproxy/secret-reader.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: secret-reader
+  labels:
+    app: secret-reader
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: secret-reader
+  template:
+    metadata:
+      labels:
+        app: secret-reader
+    spec:
+      serviceAccountName: mtproxy
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+      - name: secret-reader
+        image: ultradesu/k8s-secrets:0.2.1
+        imagePullPolicy: Always
+        args:
+          - "--secrets"
+          - "mtproxy-links"
+          - "--namespace"
+          - "mtproxy"
+          - "--port"
+          - "3000"
+        ports:
+        - containerPort: 3000
+          name: http
+        env:
+        - name: RUST_LOG
+          value: "info"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "150m"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - ALL

k8s/apps/mtproxy/service.yaml

@@ -2,15 +2,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: mtproxy
+  name: secret-reader
+  labels:
+    app: secret-reader
 spec:
-  type: LoadBalancer
+  type: ClusterIP
   selector:
-    app: mtproxy
+    app: secret-reader
   ports:
-    - name: proxy
+  - port: 80
-      port: 30443
+    targetPort: 3000
-      targetPort: 30443
+    protocol: TCP
-      protocol: TCP
+    name: http
-      nodePort: 30443
-

terraform/authentik/proxy-apps.tfvars

@@ -60,7 +60,23 @@ EOT
     create_group                 = true
     access_groups                = ["admins"]
   }
-
+  "mtproxy-links" = {
+    name                         = "mtproxy-links"
+    slug                         = "mtproxy-links"
+    group                        = "Core"
+    external_host                = "https://proxy.hexor.cy"
+    internal_host                = "http://secret-reader.mtproxy.svc:80"
+    internal_host_ssl_validation = false
+    meta_description             = ""
+    skip_path_regex              = <<-EOT
+/webhook
+EOT
+    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
+    mode                         = "proxy"
+    outpost                      = "kubernetes-outpost"
+    create_group                 = true
+    access_groups                = ["admins"]
+  }
   # Tools applications
   "vpn" = {
     name                         = "VPN"