Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-04 17:24:32 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added oauth2 proxy
2026-05-04 17:24:32 +00:00 · 2026-05-04 18:24:04 +01:00 · 2026-05-04 18:21:44 +01:00 · 2026-05-04 18:19:41 +01:00 · 2026-05-04 18:15:48 +01:00 · 2026-05-04 18:12:52 +01:00
8 changed files with 210 additions and 0 deletions
@@ -17,9 +17,12 @@ ArgoCD homelab project
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
 | **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kanidm** | [![kanidm](https://ag.hexor.cy/api/badge?name=kanidm&revision=true)](https://ag.hexor.cy/applications/argocd/kanidm) |
 | **keycloak** | [![keycloak](https://ag.hexor.cy/api/badge?name=keycloak&revision=true)](https://ag.hexor.cy/applications/argocd/keycloak) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
 | **oauth2-proxy** | [![oauth2-proxy](https://ag.hexor.cy/api/badge?name=oauth2-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/oauth2-proxy) |
 | **postgresql** | [![postgresql](https://ag.hexor.cy/api/badge?name=postgresql&revision=true)](https://ag.hexor.cy/applications/argocd/postgresql) |
 | **prom-stack** | [![prom-stack](https://ag.hexor.cy/api/badge?name=prom-stack&revision=true)](https://ag.hexor.cy/applications/argocd/prom-stack) |
 | **system-upgrade** | [![system-upgrade](https://ag.hexor.cy/api/badge?name=system-upgrade&revision=true)](https://ag.hexor.cy/applications/argocd/system-upgrade) |
@@ -62,9 +65,12 @@ ArgoCD homelab project
 | **sonarr-stack** | [![sonarr-stack](https://ag.hexor.cy/api/badge?name=sonarr-stack&revision=true)](https://ag.hexor.cy/applications/argocd/sonarr-stack) |
 | **stirling-pdf** | [![stirling-pdf](https://ag.hexor.cy/api/badge?name=stirling-pdf&revision=true)](https://ag.hexor.cy/applications/argocd/stirling-pdf) |
 | **syncthing** | [![syncthing](https://ag.hexor.cy/api/badge?name=syncthing&revision=true)](https://ag.hexor.cy/applications/argocd/syncthing) |
 | **teamspeak** | [![teamspeak](https://ag.hexor.cy/api/badge?name=teamspeak&revision=true)](https://ag.hexor.cy/applications/argocd/teamspeak) |
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
 | **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
 | **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 </td>
@@ -12,4 +12,5 @@ resources:
  - ./telemt-servicemonitor.yaml
  - ./service.yaml
  - ./secret-reader.yaml
  - ./secret-reader-ingress.yaml
 # - ./storage.yaml
@@ -0,0 +1,74 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: keycloak-auth
 spec:
  forwardAuth:
    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
    trustForwardHeader: true
    authResponseHeaders:
      - X-Auth-Request-User
      - X-Auth-Request-Email
      - X-Auth-Request-Groups
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: keycloak-auth-redirect
 spec:
  errors:
    status:
      - "401"
    service:
      name: oauth2-proxy-redirect
      port: 80
    query: /oauth2/sign_in?rd={url}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: oauth2-proxy-redirect
 spec:
  type: ExternalName
  externalName: oauth2-proxy.oauth2-proxy.svc.cluster.local
  ports:
    - port: 80
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: secret-reader
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`secret-reader.hexor.cy`) && PathPrefix(`/oauth2/`)
      kind: Rule
      services:
        - name: oauth2-proxy-redirect
          port: 80
    - match: Host(`secret-reader.hexor.cy`)
      kind: Rule
      middlewares:
        - name: keycloak-auth
        - name: keycloak-auth-redirect
      services:
        - name: secret-reader
          port: 80
  tls:
    secretName: secret-reader-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: secret-reader-tls
 spec:
  secretName: secret-reader-tls
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
    - secret-reader.hexor.cy
@@ -0,0 +1,21 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: oauth2-proxy
  namespace: argocd
 spec:
  project: core
  destination:
    namespace: oauth2-proxy
    server: https://kubernetes.default.svc
  source:
    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
    targetRevision: HEAD
    path: k8s/core/oauth2-proxy
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true
@@ -0,0 +1,40 @@
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: oauth2-proxy-creds
 spec:
  target:
    name: oauth2-proxy-creds
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        client-id: oauth2-proxy
        client-secret: |-
          {{ .client_secret }}
        cookie-secret: |-
          {{ .cookie_secret }}
  data:
    - secretKey: client_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        metadataPolicy: None
        key: e62e8c4d-d538-43b2-a682-9cdf2a5a1165
        property: login.password
    - secretKey: cookie_secret
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        metadataPolicy: None
        key: e62e8c4d-d538-43b2-a682-9cdf2a5a1165
        property: fields[0].value
@@ -0,0 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - app.yaml
  - external-secrets.yaml
 helmCharts:
  - name: oauth2-proxy
    repo: https://oauth2-proxy.github.io/manifests
    version: 10.4.3
    releaseName: oauth2-proxy
    namespace: oauth2-proxy
    valuesFile: values.yaml
@@ -0,0 +1,3 @@
 # Middleware is deployed per-namespace alongside each IngressRoute
 # because Traefik does not allow cross-namespace middleware references.
 # See k8s/apps/mtproxy/secret-reader-ingress.yaml for example.
@@ -0,0 +1,51 @@
 replicaCount: 1
 config:
  existingSecret: oauth2-proxy-creds
  configFile: |-
    provider = "keycloak-oidc"
    provider_display_name = "Keycloak"
    oidc_issuer_url = "https://auth.hexor.cy/auth/realms/hexor"
    redirect_url = "https://oauth.hexor.cy/oauth2/callback"
    email_domains = ["*"]
    cookie_domains = [".hexor.cy"]
    whitelist_domains = [".hexor.cy"]
    cookie_secure = true
    cookie_samesite = "lax"
    upstreams = ["static://200"]
    reverse_proxy = true
    set_xauthrequest = true
    set_authorization_header = true
    pass_access_token = true
    pass_authorization_header = true
    skip_provider_button = true
    code_challenge_method = "S256"
    scope = "openid profile email"
 ingress:
  enabled: true
  className: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
  hosts:
    - oauth.hexor.cy
  tls:
    - secretName: oauth2-proxy-tls
      hosts:
        - oauth.hexor.cy
 resources:
  requests:
    cpu: 50m
    memory: 64Mi
  limits:
    cpu: 200m
    memory: 128Mi
 nodeSelector:
  kubernetes.io/hostname: master.tail2fe2d.ts.net
 tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule
Author	SHA1	Message	Date
Gitea Actions Bot	82ed1c6078	Auto-update README with current k8s applications Terraform / Terraform (pull_request) Failing after 4s Details Generated by CI/CD workflow on 2026-05-04 17:24:32 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-05-04 17:24:32 +00:00
Ultradesu	0df274c0b2	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 14s Details Check with kubeconform / lint (push) Successful in 14s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-05-04 18:24:04 +01:00
Ultradesu	658ec19ff1	Added oauth2 proxy Check with kubeconform / lint (push) Successful in 14s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 19s Details Auto-update README / Generate README and Create MR (push) Successful in 19s Details	2026-05-04 18:21:44 +01:00
Ultradesu	eb27dcf65b	Added oauth2 proxy Check with kubeconform / lint (push) Successful in 15s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 24s Details Auto-update README / Generate README and Create MR (push) Successful in 35s Details	2026-05-04 18:19:41 +01:00
Ultradesu	e44cf95bb2	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Check with kubeconform / lint (push) Successful in 21s Details Auto-update README / Generate README and Create MR (push) Successful in 32s Details	2026-05-04 18:15:48 +01:00
Ultradesu	df6ab28165	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 15s Details Check with kubeconform / lint (push) Successful in 16s Details Auto-update README / Generate README and Create MR (push) Successful in 11s Details	2026-05-04 18:12:52 +01:00
Ultradesu	72cbcc3952	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 1m3s Details Check with kubeconform / lint (push) Successful in 1m7s Details Auto-update README / Generate README and Create MR (push) Successful in 28s Details	2026-05-04 18:06:37 +01:00