Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-20 00:48:34

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/furumi-dev/external-secrets.yaml

@@ -20,8 +20,6 @@ spec:
           {{ .session_secret }}
         PG_STRING: |-
           postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev
-        PLAYER_API_KEY: |-
-          {{ .player_api_key }}
   data:
     - secretKey: client_id
       sourceRef:
@@ -47,14 +45,6 @@ spec:
       remoteRef:
         key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
         property: fields[2].value
-    - secretKey: player_api_key
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-        property: fields[3].value
     - secretKey: pg_pass
       sourceRef:
         storeRef:

k8s/core/authentik/kustomization.yaml

@@ -5,7 +5,6 @@ resources:
   - app.yaml
   - external-secrets.yaml
   - https-middleware.yaml
-  - outpost-selector-fix.yaml
 # - worker-restart.yaml
 
 helmCharts:

k8s/core/authentik/outpost-selector-fix.yaml

@@ -1,81 +0,0 @@
-## Workaround for authentik bug: embedded outpost controller creates
-## a Service with selectors that don't match the pod labels it sets.
-## Remove this after upgrading to a version with the fix.
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: outpost-selector-fix
-  namespace: authentik
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: outpost-selector-fix
-  namespace: authentik
-rules:
-  - apiGroups: [""]
-    resources: ["services"]
-    verbs: ["get", "patch"]
-  - apiGroups: [""]
-    resources: ["endpoints"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: outpost-selector-fix
-  namespace: authentik
-subjects:
-  - kind: ServiceAccount
-    name: outpost-selector-fix
-    namespace: authentik
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: outpost-selector-fix
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: outpost-selector-fix
-  namespace: authentik
-spec:
-  schedule: "* * * * *"
-  successfulJobsHistoryLimit: 1
-  failedJobsHistoryLimit: 3
-  concurrencyPolicy: Replace
-  jobTemplate:
-    spec:
-      ttlSecondsAfterFinished: 300
-      template:
-        spec:
-          serviceAccountName: outpost-selector-fix
-          restartPolicy: OnFailure
-          containers:
-            - name: fix
-              image: bitnami/kubectl:latest
-              command:
-                - /bin/sh
-                - -c
-                - |
-                  SVC="ak-outpost-authentik-embedded-outpost"
-                  # check if endpoints are populated
-                  ADDRS=$(kubectl get endpoints "$SVC" -n authentik -o jsonpath='{.subsets[*].addresses[*].ip}' 2>/dev/null)
-                  if [ -n "$ADDRS" ]; then
-                    echo "Endpoints OK ($ADDRS), nothing to fix"
-                    exit 0
-                  fi
-                  echo "No endpoints for $SVC, patching selector..."
-                  kubectl patch svc "$SVC" -n authentik --type=json -p '[
-                    {"op":"remove","path":"/spec/selector/app.kubernetes.io~1component"},
-                    {"op":"replace","path":"/spec/selector/app.kubernetes.io~1name","value":"authentik-outpost-proxy"}
-                  ]'
-                  echo "Patched. Verifying..."
-                  sleep 2
-                  ADDRS=$(kubectl get endpoints "$SVC" -n authentik -o jsonpath='{.subsets[*].addresses[*].ip}' 2>/dev/null)
-                  if [ -n "$ADDRS" ]; then
-                    echo "Fix confirmed, endpoints: $ADDRS"
-                  else
-                    echo "WARNING: still no endpoints after patch"
-                    exit 1
-                  fi