Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-18 11:40:20

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/furumi-server/ingress.yaml

@@ -15,7 +15,7 @@ metadata:
   annotations:
     ingressClassName: traefik
     cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/router.middlewares: furumi-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
     acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
   rules:
@@ -29,6 +29,23 @@ spec:
                 name: furumi-web-player
                 port:
                   number: 8080
+  tls:
+    - secretName: furumi-tls
+      hosts:
+        - '*.hexor.cy'
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: furumi-admin-ingress
+  annotations:
+    ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.middlewares: furumi-server-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd
+spec:
+  rules:
+    - host: music.hexor.cy
+      http:
+        paths:
           - path: /admin
             pathType: Prefix
             backend:
@@ -40,5 +57,3 @@ spec:
     - secretName: furumi-tls
       hosts:
         - '*.hexor.cy'
-
-

k8s/apps/furumi-server/web-player.yaml

@@ -21,27 +21,27 @@ spec:
           image: ultradesu/furumi-web-player:trunk
           imagePullPolicy: Always
           env:
-            - name: FURUMI_OIDC_CLIENT_ID
+            - name: FURUMI_PLAYER_OIDC_CLIENT_ID
               valueFrom:
                 secretKeyRef:
                   name: furumi-ng-creds
                   key: OIDC_CLIENT_ID
-            - name: FURUMI_OIDC_CLIENT_SECRET
+            - name: FURUMI_PLAYER_OIDC_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
                   name: furumi-ng-creds
                   key: OIDC_CLIENT_SECRET
-            - name: FURUMI_OIDC_ISSUER_URL
+            - name: FURUMI_PLAYER_OIDC_ISSUER_URL
               valueFrom:
                 secretKeyRef:
                   name: furumi-ng-creds
                   key: OIDC_ISSUER_URL
-            - name: FURUMI_OIDC_REDIRECT_URL
+            - name: FURUMI_PLAYER_OIDC_REDIRECT_URL
               valueFrom:
                 secretKeyRef:
                   name: furumi-ng-creds
                   key: OIDC_REDIRECT_URL
-            - name: FURUMI_OIDC_SESSION_SECRET
+            - name: FURUMI_PLAYER_OIDC_SESSION_SECRET
               valueFrom:
                 secretKeyRef:
                   name: furumi-ng-creds

terraform/authentik/main.tf

@@ -292,7 +292,60 @@ resource "authentik_outpost" "outposts" {
     authentik_host_browser         = ""
     object_naming_template         = "ak-outpost-%(name)s"
     authentik_host_insecure        = false
-    kubernetes_json_patches        = null
+    kubernetes_json_patches = {
+      deployment = [
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__HOST"
+            value = "psql.psql.svc"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__PORT"
+            value = "5432"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__NAME"
+            value = "authentik"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__USER"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__USER"
+              }
+            }
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__PASSWORD"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__PASSWORD"
+              }
+            }
+          }
+        }
+      ]
+    }
     kubernetes_service_type        = "ClusterIP"
     kubernetes_image_pull_secrets  = []
     kubernetes_ingress_class_name  = null

terraform/authentik/proxy-apps.auto.tfvars

@@ -151,7 +151,7 @@ EOT
     meta_icon                    = "https://img.icons8.com/liquid-glass/48/key.png"
     mode                         = "proxy"
     outpost                      = "kubernetes-outpost"
-    access_groups                = ["admins", "khm"] # Используем существующие группы
+    access_groups                = ["admins", "khm"]
     create_group                 = true
     access_groups                = ["admins"]
   }
@@ -191,5 +191,20 @@ EOT
     create_group                 = true
     access_groups                = ["admins"]
   }
+  "ollama-public" = {
+    name                         = "Ollama Public"
+    slug                         = "ollama-public"
+    group                        = "AI"
+    external_host                = "https://ollama.hexor.cy"
+    internal_host                = "http://ollama.ollama.svc:11434"
+    internal_host_ssl_validation = false
+    meta_description             = ""
+    meta_icon                    = "https://img.icons8.com/external-icongeek26-outline-icongeek26/64/external-llama-animal-head-icongeek26-outline-icongeek26.png"
+    mode                         = "proxy"
+    outpost                      = "kubernetes-outpost"
+    intercept_header_auth        = true
+    create_group                 = true
+    access_groups                = ["admins"]
+  }
 }