Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-20 09:39:42

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/furumi-dev/external-secrets.yaml

@@ -20,8 +20,6 @@ spec:
           {{ .session_secret }}
         PG_STRING: |-
           postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev
-        PLAYER_API_KEY: |-
-          {{ .player_api_key }}
   data:
     - secretKey: client_id
       sourceRef:
@@ -47,14 +45,6 @@ spec:
       remoteRef:
         key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
         property: fields[2].value
-    - secretKey: player_api_key
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-        property: fields[3].value
     - secretKey: pg_pass
       sourceRef:
         storeRef:

k8s/apps/furumi-dev/web-player.yaml

@@ -51,11 +51,6 @@ spec:
                 secretKeyRef:
                   name: furumi-ng-creds
                   key: PG_STRING
-            - name: FURUMI_PLAYER_API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: PLAYER_API_KEY
             - name: FURUMI_PLAYER_STORAGE_DIR
               value: "/media"
             - name: RUST_LOG

k8s/apps/mtproxy/kustomization.yaml

@@ -5,11 +5,7 @@ resources:
   - ./app.yaml
   - ./rbac.yaml
   - ./daemonset.yaml
-  - ./telemt-daemonset.yaml
   - ./external-secrets.yaml
-  - ./telemt-external-secrets.yaml
-  - ./telemt-service.yaml
-  - ./telemt-servicemonitor.yaml
   - ./service.yaml
   - ./secret-reader.yaml
 # - ./storage.yaml

k8s/apps/mtproxy/secret-reader.yaml

@@ -23,7 +23,7 @@ spec:
         imagePullPolicy: Always
         args:
           - "--secrets"
-          - "mtproxy-links,telemt-links"
+          - "mtproxy-links"
           - "--namespace"
           - "mtproxy"
           - "--port"

k8s/apps/mtproxy/telemt-daemonset.yaml

@@ -1,114 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: telemt
-  labels:
-    app: telemt
-spec:
-  selector:
-    matchLabels:
-      app: telemt
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: telemt
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: mtproxy
-                    operator: Exists
-      serviceAccountName: mtproxy
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      initContainers:
-        - name: register-proxy
-          image: bitnami/kubectl:latest
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tgproxy-secret
-                  key: SECRET
-            - name: TELEMT_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: telemt-secret
-                  key: PORT
-          command:
-            - /bin/bash
-            - -c
-            - |
-              set -e
-              NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
-              SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
-              if [ -z "${SERVER}" ]; then
-                echo "ERROR: node ${NODE_NAME} has no mtproxy label"
-                exit 1
-              fi
-              # Build ee-prefixed secret for secure mode
-              EE_SECRET="ee${SECRET}"
-              LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${EE_SECRET}"
-              echo "Registering telemt: ${SERVER} -> ${LINK}"
-              if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
-                kubectl patch secret telemt-links -n "${NAMESPACE}" \
-                  --type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
-              else
-                kubectl create secret generic telemt-links -n "${NAMESPACE}" \
-                  --from-literal="${SERVER}=${LINK}"
-              fi
-              echo "Done"
-      containers:
-        - name: telemt
-          image: ghcr.io/telemt/telemt:latest
-          imagePullPolicy: Always
-          ports:
-            - name: proxy
-              containerPort: 30444
-              protocol: TCP
-            - name: api
-              containerPort: 9091
-              protocol: TCP
-          workingDir: /run/telemt
-          env:
-            - name: RUST_LOG
-              value: info
-          volumeMounts:
-            - name: workdir
-              mountPath: /run/telemt
-            - name: config
-              mountPath: /run/telemt/config.toml
-              subPath: config.toml
-              readOnly: true
-            - name: etcdir
-              mountPath: /etc/telemt
-          securityContext:
-            readOnlyRootFilesystem: true
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-      volumes:
-        - name: config
-          secret:
-            secretName: telemt-secret
-            items:
-              - key: config.toml
-                path: config.toml
-        - name: workdir
-          emptyDir:
-            medium: Memory
-            sizeLimit: 1Mi
-        - name: etcdir
-          emptyDir:
-            medium: Memory
-            sizeLimit: 1Mi

k8s/apps/mtproxy/telemt-external-secrets.yaml

@@ -1,58 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: telemt-secret
-spec:
-  target:
-    name: telemt-secret
-    deletionPolicy: Delete
-    template:
-      type: Opaque
-      data:
-        SECRET: |-
-          {{ .secret }}
-        PORT: "30444"
-        config.toml: |
-          [general]
-          use_middle_proxy = true
-          log_level = "normal"
-
-          [general.modes]
-          classic = false
-          secure = false
-          tls = true
-
-          [general.links]
-          show = "*"
-          public_port = 30444
-
-          [server]
-          port = 30444
-          metrics_port = 9090
-
-          [server.api]
-          enabled = true
-          listen = "0.0.0.0:9091"
-          whitelist = ["0.0.0.0/0"]
-
-          [[server.listeners]]
-          ip = "0.0.0.0"
-
-          [censorship]
-          tls_domain = "ya.ru"
-          mask = true
-          tls_emulation = true
-          tls_front_dir = "tlsfront"
-
-          [access.users]
-          user = "{{ .secret }}"
-  data:
-    - secretKey: secret
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 58a37daf-72d8-430d-86bd-6152aa8f888d
-        property: fields[0].value

k8s/apps/mtproxy/telemt-service.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: telemt-metrics
-  labels:
-    app: telemt
-spec:
-  type: ClusterIP
-  clusterIP: None
-  selector:
-    app: telemt
-  ports:
-    - port: 9090
-      targetPort: 9090
-      protocol: TCP
-      name: metrics

k8s/apps/mtproxy/telemt-servicemonitor.yaml

@@ -1,21 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: telemt-metrics
-  labels:
-    app: telemt
-    release: prometheus
-spec:
-  selector:
-    matchLabels:
-      app: telemt
-  endpoints:
-    - port: metrics
-      path: /metrics
-      interval: 30s
-      scrapeTimeout: 10s
-      honorLabels: true
-  namespaceSelector:
-    matchNames:
-      - mtproxy