Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-02-27 07:49:39

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -45,6 +45,7 @@ ArgoCD homelab project
 | **jellyfin** | [![jellyfin](https://ag.hexor.cy/api/badge?name=jellyfin&revision=true)](https://ag.hexor.cy/applications/argocd/jellyfin) |
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
+| **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |
 | **ollama** | [![ollama](https://ag.hexor.cy/api/badge?name=ollama&revision=true)](https://ag.hexor.cy/applications/argocd/ollama) |
 | **paperless** | [![paperless](https://ag.hexor.cy/api/badge?name=paperless&revision=true)](https://ag.hexor.cy/applications/argocd/paperless) |

k8s/apps/n8n/deployment-main.yaml

@@ -50,10 +50,12 @@ spec:
           runAsNonRoot: true
       containers:
       - name: n8n
-        image: docker.n8n.io/n8nio/n8n:latest
+        image: n8nio/n8n:latest
         ports:
         - containerPort: 5678
           name: http
+        - containerPort: 5679
+          name: task-broker
         env:
         - name: PATH
           value: "/opt/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -73,6 +75,10 @@ spec:
           value: "true"
         - name: N8N_RUNNERS_MODE
           value: "external"
+        - name: N8N_RUNNERS_BROKER_LISTEN_ADDRESS
+          value: "0.0.0.0"
+        - name: N8N_RUNNERS_BROKER_PORT
+          value: "5679"
         - name: EXECUTIONS_MODE
           value: "queue"
         - name: QUEUE_BULL_REDIS_HOST
@@ -127,18 +133,18 @@ spec:
           httpGet:
             path: /healthz
             port: http
-          initialDelaySeconds: 120
+          initialDelaySeconds: 240
           periodSeconds: 30
-          timeoutSeconds: 10
+          timeoutSeconds: 20
-          failureThreshold: 6
+          failureThreshold: 10
         readinessProbe:
           httpGet:
             path: /healthz/readiness
             port: http
-          initialDelaySeconds: 60
+          initialDelaySeconds: 120
           periodSeconds: 10
           timeoutSeconds: 5
-          failureThreshold: 10
+          failureThreshold: 15
       volumes:
       - name: n8n-data
         persistentVolumeClaim:

k8s/apps/n8n/deployment-runner.yaml

@@ -0,0 +1,87 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: n8n-runner
+  labels:
+    app: n8n
+    component: runner
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: n8n
+      component: runner
+  template:
+    metadata:
+      labels:
+        app: n8n
+        component: runner
+    spec:
+      serviceAccountName: n8n
+      containers:
+      - name: n8n-runner
+        image: n8nio/runners:latest
+        ports:
+        - containerPort: 5680
+          name: health
+        env:
+        - name: PATH
+          value: "/opt/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        - name: HOME
+          value: "/home/node"
+        - name: N8N_RUNNERS_TASK_BROKER_URI
+          value: "http://n8n:5679"
+        - name: N8N_RUNNERS_LAUNCHER_LOG_LEVEL
+          value: "info"
+        - name: N8N_RUNNERS_MAX_CONCURRENCY
+          value: "10"
+        - name: GENERIC_TIMEZONE
+          value: "Europe/Moscow"
+        - name: TZ
+          value: "Europe/Moscow"
+        - name: N8N_RUNNERS_AUTH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: credentials
+              key: runnertoken
+        volumeMounts:
+        - name: n8n-data
+          mountPath: /home/node/.n8n
+        - name: tools
+          mountPath: /opt/tools
+        resources:
+          requests:
+            cpu: 500m
+            memory: 512Mi
+          limits:
+            cpu: 2000m
+            memory: 2048Mi
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 5680
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 5680
+          initialDelaySeconds: 15
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+      volumes:
+      - name: n8n-data
+        persistentVolumeClaim:
+          claimName: n8n-data
+      - name: tools
+        persistentVolumeClaim:
+          claimName: n8n-tools
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        fsGroup: 1000

k8s/apps/n8n/deployment-worker.yaml

@@ -1,112 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: n8n-worker
-  labels:
-    app: n8n
-    component: worker
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: n8n
-      component: worker
-  template:
-    metadata:
-      labels:
-        app: n8n
-        component: worker
-    spec:
-      serviceAccountName: n8n
-      containers:
-      - name: n8n-worker
-        image: docker.n8n.io/n8nio/n8n:latest
-        command: ["n8n", "worker"]
-        env:
-        - name: PATH
-          value: "/opt/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-        - name: HOME
-          value: "/home/node"
-        - name: NODES_EXCLUDE
-          value: "[]"
-        - name: N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS
-          value: "true"
-        - name: N8N_RUNNERS_ENABLED
-          value: "true"
-        - name: N8N_RUNNERS_MODE
-          value: "external"
-        - name: N8N_PORT
-          value: "80"
-        - name: EXECUTIONS_MODE
-          value: "queue"
-        - name: QUEUE_BULL_REDIS_HOST
-          value: "n8n-redis"
-        - name: N8N_RUNNERS_TASK_BROKER_URI
-          value: "http://n8n:80"
-        - name: NODE_ENV
-          value: "production"
-        - name: GENERIC_TIMEZONE
-          value: "Europe/Moscow"
-        - name: TZ
-          value: "Europe/Moscow"
-        - name: DB_TYPE
-          value: "postgresdb"
-        - name: DB_POSTGRESDB_HOST
-          value: "psql.psql.svc"
-        - name: DB_POSTGRESDB_DATABASE
-          value: "n8n"
-        - name: DB_POSTGRESDB_USER
-          valueFrom:
-            secretKeyRef:
-              name: credentials
-              key: username
-        - name: DB_POSTGRESDB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: credentials
-              key: password
-        - name: N8N_ENCRYPTION_KEY
-          valueFrom:
-            secretKeyRef:
-              name: credentials
-              key: encryptionkey
-        - name: N8N_RUNNERS_AUTH_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: credentials
-              key: runnertoken
-        volumeMounts:
-        - name: n8n-data
-          mountPath: /home/node/.n8n
-        - name: tools
-          mountPath: /opt/tools
-        resources:
-          requests:
-            cpu: 2000m
-            memory: 512Mi
-          limits:
-            cpu: 4000m
-            memory: 2048Gi
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - "ps aux | grep '[n]8n worker' || exit 1"
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          timeoutSeconds: 5
-          failureThreshold: 3
-      volumes:
-      - name: n8n-data
-        persistentVolumeClaim:
-          claimName: n8n-data
-      - name: tools
-        persistentVolumeClaim:
-          claimName: n8n-tools
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        runAsNonRoot: true
-        fsGroup: 1000

k8s/apps/n8n/kustomization.yaml

@@ -10,7 +10,8 @@ resources:
   - paddleocr-deployment.yaml
   - paddleocr-service.yaml
   - deployment-main.yaml
-  - deployment-worker.yaml
+# - deployment-worker.yaml
+  - deployment-runner.yaml
   - service.yaml
   - ingress.yaml
 

k8s/apps/n8n/paddleocr-deployment.yaml

@@ -32,14 +32,12 @@ spec:
             cpu: 1000m
             memory: 2Gi
         livenessProbe:
-          httpGet:
+          tcpSocket:
-            path: /
             port: 5000
           initialDelaySeconds: 60
           periodSeconds: 30
         readinessProbe:
-          httpGet:
+          tcpSocket:
-            path: /
             port: 5000
           initialDelaySeconds: 30
           periodSeconds: 10

k8s/apps/n8n/service.yaml

@@ -14,4 +14,8 @@ spec:
     port: 80
     targetPort: 5678
     protocol: TCP
+  - name: task-broker
+    port: 5679
+    targetPort: 5679
+    protocol: TCP
   type: ClusterIP

k8s/apps/paperless/paperless-values.yaml

@@ -1,5 +1,5 @@
 image:
-  tag: 2.20.3
+  tag: latest
 resources:
   requests:
     memory: "1Gi"
@@ -9,7 +9,7 @@ resources:
     cpu: "3000m"
 initContainers:
   install-tesseract-langs:
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.18.2
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
     resources:
       requests:
         memory: "256Mi"

k8s/core/authentik/external-secrets.yaml

@@ -17,6 +17,10 @@ spec:
           {{ .username }}
         AUTHENTIK_POSTGRESQL__PASSWORD: |-
           {{ .password }}
+        POSTGRES_PASSWORD: |-
+          {{ .password }}
+        POSTGRES_USER: |-
+          {{ .username }}
         AUTHENTIK_SECRET_KEY: |-
           {{ .secret_key }}
   data:

k8s/core/authentik/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: authentik
     repo: https://charts.goauthentik.io
-    version: 2025.10.1
+    version: 2026.2.0
     releaseName: authentik
     namespace: authentik
     valuesFile: values.yaml