Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-02-11 19:37:43

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/mtproxy/Dockerfile

@@ -1,32 +1,12 @@
-FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS builder
+FROM debian:bookworm-slim AS builder
-
-ARG TARGETARCH
 
 RUN apt-get update && apt-get install -y \
-    git curl make gcc libssl-dev zlib1g-dev \
+    git curl build-essential libssl-dev zlib1g-dev \
     && rm -rf /var/lib/apt/lists/*
 
-RUN if [ "$(dpkg --print-architecture)" != "$TARGETARCH" ]; then \
-      dpkg --add-architecture $TARGETARCH && \
-      apt-get update && \
-      case "$TARGETARCH" in \
-        arm64) apt-get install -y gcc-aarch64-linux-gnu libssl-dev:arm64 zlib1g-dev:arm64 ;; \
-        amd64) apt-get install -y gcc-x86-64-linux-gnu libssl-dev:amd64 zlib1g-dev:amd64 ;; \
-      esac && \
-      rm -rf /var/lib/apt/lists/*; \
-    fi
-
 RUN git clone https://github.com/TelegramMessenger/MTProxy.git /src
 WORKDIR /src
-
+RUN make -j$(nproc)
-RUN NATIVE=$(dpkg --print-architecture) && \
-    if [ "$NATIVE" != "$TARGETARCH" ]; then \
-      case "$TARGETARCH" in \
-        arm64) export CC=aarch64-linux-gnu-gcc ;; \
-        amd64) export CC=x86_64-linux-gnu-gcc ;; \
-      esac; \
-    fi && \
-    make -j$(nproc)
 
 FROM debian:bookworm-slim
 

k8s/apps/mtproxy/daemonset.yaml

@@ -44,16 +44,11 @@ spec:
                 secretKeyRef:
                   name: tgproxy-secret
                   key: PORT
-          volumeMounts:
-            - name: data
-              mountPath: /data
           command:
             - /bin/bash
             - -c
             - |
               set -e
-              curl -s https://core.telegram.org/getProxySecret -o /data/proxy-secret
-              curl -s https://core.telegram.org/getProxyConfig -o /data/proxy-multi.conf
               NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
               SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
               if [ -z "${SERVER}" ]; then
@@ -72,8 +67,7 @@ spec:
               echo "Done"
       containers:
         - name: mtproxy
-          image: telegrammessenger/proxy:latest
+          image: ultradesu/mtproxy:v0.02
-          # image: ultradesu/mtproxy:v0.02
           imagePullPolicy: Always
           ports:
             - name: proxy
@@ -89,8 +83,8 @@ spec:
               -H $(PORT)
               -M 1
               -S $(SECRET)
-              --aes-pwd /data/proxy-secret
+              --aes-pwd /etc/mtproxy/proxy-secret
-              /data/proxy-multi.conf
+              /etc/mtproxy/proxy-multi.conf
           env:
             - name: SECRET
               valueFrom:

k8s/apps/mtproxy/external-secrets.yaml

@@ -12,7 +12,7 @@ spec:
       data:
         SECRET: |-
           {{ .secret }}
-        PORT: "30443"
+        PORT: 30443
   data:
     - secretKey: secret
       sourceRef:

k8s/apps/mtproxy/kustomization.yaml

@@ -6,6 +6,5 @@ resources:
   - ./rbac.yaml
   - ./daemonset.yaml
   - ./external-secrets.yaml
-  - ./service.yaml
-  - ./secret-reader.yaml
 # - ./storage.yaml
+# - ./service.yaml

k8s/apps/mtproxy/secret-reader.yaml

@@ -1,63 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: secret-reader
-  labels:
-    app: secret-reader
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: secret-reader
-  template:
-    metadata:
-      labels:
-        app: secret-reader
-    spec:
-      serviceAccountName: mtproxy
-      nodeSelector:
-        kubernetes.io/os: linux
-      containers:
-      - name: secret-reader
-        image: ultradesu/k8s-secrets:0.2.1
-        imagePullPolicy: Always
-        args:
-          - "--secrets"
-          - "mtproxy-links"
-          - "--namespace"
-          - "mtproxy"
-          - "--port"
-          - "3000"
-        ports:
-        - containerPort: 3000
-          name: http
-        env:
-        - name: RUST_LOG
-          value: "info"
-        resources:
-          requests:
-            memory: "64Mi"
-            cpu: "50m"
-          limits:
-            memory: "128Mi"
-            cpu: "150m"
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: http
-          initialDelaySeconds: 10
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /health
-            port: http
-          initialDelaySeconds: 5
-          periodSeconds: 5
-        securityContext:
-          runAsNonRoot: true
-          runAsUser: 1000
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          capabilities:
-            drop:
-            - ALL

k8s/apps/mtproxy/service.yaml

@@ -2,15 +2,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: secret-reader
+  name: mtproxy
-  labels:
-    app: secret-reader
 spec:
-  type: ClusterIP
+  type: LoadBalancer
   selector:
-    app: secret-reader
+    app: mtproxy
   ports:
-  - port: 80
+    - name: proxy
-    targetPort: 3000
+      port: 30443
-    protocol: TCP
+      targetPort: 30443
-    name: http
+      protocol: TCP
+      nodePort: 30443
+

terraform/authentik/proxy-apps.tfvars

@@ -60,23 +60,7 @@ EOT
     create_group                 = true
     access_groups                = ["admins"]
   }
-  "mtproxy-links" = {
+
-    name                         = "mtproxy-links"
-    slug                         = "mtproxy-links"
-    group                        = "Core"
-    external_host                = "https://proxy.hexor.cy"
-    internal_host                = "http://secret-reader.mtproxy.svc:80"
-    internal_host_ssl_validation = false
-    meta_description             = ""
-    skip_path_regex              = <<-EOT
-/webhook
-EOT
-    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
-    mode                         = "proxy"
-    outpost                      = "kubernetes-outpost"
-    create_group                 = true
-    access_groups                = ["admins"]
-  }
   # Tools applications
   "vpn" = {
     name                         = "VPN"