Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-04 17:16:38 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added oauth2 proxy
2026-05-04 17:16:38 +00:00 · 2026-05-04 18:15:48 +01:00 · 2026-05-04 18:12:52 +01:00 · 2026-05-04 18:06:37 +01:00
8 changed files with 176 additions and 0 deletions
@@ -22,6 +22,7 @@ ArgoCD homelab project
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
+| **oauth2-proxy** | [![oauth2-proxy](https://ag.hexor.cy/api/badge?name=oauth2-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/oauth2-proxy) |
 | **postgresql** | [![postgresql](https://ag.hexor.cy/api/badge?name=postgresql&revision=true)](https://ag.hexor.cy/applications/argocd/postgresql) |
 | **prom-stack** | [![prom-stack](https://ag.hexor.cy/api/badge?name=prom-stack&revision=true)](https://ag.hexor.cy/applications/argocd/prom-stack) |
 | **system-upgrade** | [![system-upgrade](https://ag.hexor.cy/api/badge?name=system-upgrade&revision=true)](https://ag.hexor.cy/applications/argocd/system-upgrade) |
@@ -12,4 +12,5 @@ resources:
  - ./telemt-servicemonitor.yaml
  - ./service.yaml
  - ./secret-reader.yaml
+  - ./secret-reader-ingress.yaml
 # - ./storage.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: secret-reader
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`secret-reader.hexor.cy`)
+      kind: Rule
+      middlewares:
+        - name: keycloak-auth
+          namespace: oauth2-proxy
+      services:
+        - name: secret-reader
+          port: 80
+  tls:
+    secretName: secret-reader-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: secret-reader-tls
+spec:
+  secretName: secret-reader-tls
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - secret-reader.hexor.cy
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+spec:
+  project: core
+  destination:
+    namespace: oauth2-proxy
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/core/oauth2-proxy
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
@@ -0,0 +1,40 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: oauth2-proxy-creds
+spec:
+  target:
+    name: oauth2-proxy-creds
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        client-id: oauth2-proxy
+        client-secret: |-
+          {{ .client_secret }}
+        cookie-secret: |-
+          {{ .cookie_secret }}
+  data:
+    - secretKey: client_secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: e62e8c4d-d538-43b2-a682-9cdf2a5a1165
+        property: login.password
+    - secretKey: cookie_secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: e62e8c4d-d538-43b2-a682-9cdf2a5a1165
+        property: fields[0].value
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - external-secrets.yaml
+  - middleware.yaml
+
+helmCharts:
+  - name: oauth2-proxy
+    repo: https://oauth2-proxy.github.io/manifests
+    version: 10.4.3
+    releaseName: oauth2-proxy
+    namespace: oauth2-proxy
+    valuesFile: values.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: keycloak-auth
+spec:
+  forwardAuth:
+    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
+      - X-Auth-Request-Groups
+      - Authorization
@@ -0,0 +1,51 @@
+replicaCount: 1
+
+config:
+  existingSecret: oauth2-proxy-creds
+  configFile: |-
+    provider = "keycloak-oidc"
+    provider_display_name = "Keycloak"
+    oidc_issuer_url = "https://auth.hexor.cy/auth/realms/hexor"
+    redirect_url = "https://oauth.hexor.cy/oauth2/callback"
+    email_domains = ["*"]
+    cookie_domains = [".hexor.cy"]
+    whitelist_domains = [".hexor.cy"]
+    cookie_secure = true
+    cookie_samesite = "lax"
+    upstreams = ["static://200"]
+    reverse_proxy = true
+    set_xauthrequest = true
+    set_authorization_header = true
+    pass_access_token = true
+    pass_authorization_header = true
+    skip_provider_button = true
+    code_challenge_method = "S256"
+    scope = "openid profile email"
+
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+  hosts:
+    - oauth.hexor.cy
+  tls:
+    - secretName: oauth2-proxy-tls
+      hosts:
+        - oauth.hexor.cy
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 128Mi
+
+nodeSelector:
+  kubernetes.io/hostname: master.tail2fe2d.ts.net
+
+tolerations:
+  - key: node-role.kubernetes.io/master
+    effect: NoSchedule
Author	SHA1	Message	Date
Gitea Actions Bot	ea12ec0807	Auto-update README with current k8s applications Terraform / Terraform (pull_request) Failing after 5s Details Generated by CI/CD workflow on 2026-05-04 17:16:38 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-05-04 17:16:38 +00:00
Ultradesu	e44cf95bb2	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Check with kubeconform / lint (push) Successful in 21s Details Auto-update README / Generate README and Create MR (push) Successful in 32s Details	2026-05-04 18:15:48 +01:00
Ultradesu	df6ab28165	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 15s Details Check with kubeconform / lint (push) Successful in 16s Details Auto-update README / Generate README and Create MR (push) Successful in 11s Details	2026-05-04 18:12:52 +01:00
Ultradesu	72cbcc3952	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 1m3s Details Check with kubeconform / lint (push) Successful in 1m7s Details Auto-update README / Generate README and Create MR (push) Successful in 28s Details	2026-05-04 18:06:37 +01:00