Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-04 17:24:32 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added oauth2 proxy
2026-05-04 17:24:32 +00:00 · 2026-05-04 18:24:04 +01:00 · 2026-05-04 18:21:44 +01:00 · 2026-05-04 18:19:41 +01:00 · 2026-05-04 18:15:48 +01:00
6 changed files with 55 additions and 36 deletions
@@ -17,9 +17,12 @@ ArgoCD homelab project
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
 | **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kanidm** | [![kanidm](https://ag.hexor.cy/api/badge?name=kanidm&revision=true)](https://ag.hexor.cy/applications/argocd/kanidm) |
 | **keycloak** | [![keycloak](https://ag.hexor.cy/api/badge?name=keycloak&revision=true)](https://ag.hexor.cy/applications/argocd/keycloak) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
 | **oauth2-proxy** | [![oauth2-proxy](https://ag.hexor.cy/api/badge?name=oauth2-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/oauth2-proxy) |
 | **postgresql** | [![postgresql](https://ag.hexor.cy/api/badge?name=postgresql&revision=true)](https://ag.hexor.cy/applications/argocd/postgresql) |
 | **prom-stack** | [![prom-stack](https://ag.hexor.cy/api/badge?name=prom-stack&revision=true)](https://ag.hexor.cy/applications/argocd/prom-stack) |
 | **system-upgrade** | [![system-upgrade](https://ag.hexor.cy/api/badge?name=system-upgrade&revision=true)](https://ag.hexor.cy/applications/argocd/system-upgrade) |
@@ -62,9 +65,12 @@ ArgoCD homelab project
 | **sonarr-stack** | [![sonarr-stack](https://ag.hexor.cy/api/badge?name=sonarr-stack&revision=true)](https://ag.hexor.cy/applications/argocd/sonarr-stack) |
 | **stirling-pdf** | [![stirling-pdf](https://ag.hexor.cy/api/badge?name=stirling-pdf&revision=true)](https://ag.hexor.cy/applications/argocd/stirling-pdf) |
 | **syncthing** | [![syncthing](https://ag.hexor.cy/api/badge?name=syncthing&revision=true)](https://ag.hexor.cy/applications/argocd/syncthing) |
 | **teamspeak** | [![teamspeak](https://ag.hexor.cy/api/badge?name=teamspeak&revision=true)](https://ag.hexor.cy/applications/argocd/teamspeak) |
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
 | **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
 | **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 </td>
@@ -1,5 +1,41 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: keycloak-auth
 spec:
  forwardAuth:
    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
    trustForwardHeader: true
    authResponseHeaders:
      - X-Auth-Request-User
      - X-Auth-Request-Email
      - X-Auth-Request-Groups
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: keycloak-auth-redirect
 spec:
  errors:
    status:
      - "401"
    service:
      name: oauth2-proxy-redirect
      port: 80
    query: /oauth2/sign_in?rd={url}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: oauth2-proxy-redirect
 spec:
  type: ExternalName
  externalName: oauth2-proxy.oauth2-proxy.svc.cluster.local
  ports:
    - port: 80
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: secret-reader
@@ -9,11 +45,16 @@ spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`secret-reader.hexor.cy`) && PathPrefix(`/oauth2/`)
      kind: Rule
      services:
        - name: oauth2-proxy-redirect
          port: 80
    - match: Host(`secret-reader.hexor.cy`)
      kind: Rule
      middlewares:
        - name: keycloak-auth
-          namespace: oauth2-proxy
+        - name: keycloak-auth-redirect
      services:
        - name: secret-reader
          port: 80
@@ -10,10 +10,10 @@ spec:
    template:
      type: Opaque
      data:
-        client_id: oauth2-proxy
+        client-id: oauth2-proxy
-        client_secret: |-
+        client-secret: |-
          {{ .client_secret }}
-        cookie_secret: |-
+        cookie-secret: |-
          {{ .cookie_secret }}
  data:
    - secretKey: client_secret
@@ -4,7 +4,6 @@ kind: Kustomization
 resources:
  - app.yaml
  - external-secrets.yaml
  - middleware.yaml
 helmCharts:
  - name: oauth2-proxy
@@ -1,14 +1,3 @@
---
+# Middleware is deployed per-namespace alongside each IngressRoute
-apiVersion: traefik.io/v1alpha1
+# because Traefik does not allow cross-namespace middleware references.
-kind: Middleware
+# See k8s/apps/mtproxy/secret-reader-ingress.yaml for example.
 metadata:
  name: keycloak-auth
 spec:
  forwardAuth:
    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
    trustForwardHeader: true
    authResponseHeaders:
      - X-Auth-Request-User
      - X-Auth-Request-Email
      - X-Auth-Request-Groups
      - Authorization
@@ -1,6 +1,7 @@
 replicaCount: 1
 config:
  existingSecret: oauth2-proxy-creds
  configFile: |-
    provider = "keycloak-oidc"
    provider_display_name = "Keycloak"
@@ -21,23 +22,6 @@ config:
    code_challenge_method = "S256"
    scope = "openid profile email"
 extraEnv:
  - name: OAUTH2_PROXY_CLIENT_ID
    valueFrom:
      secretKeyRef:
        name: oauth2-proxy-creds
        key: client_id
  - name: OAUTH2_PROXY_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: oauth2-proxy-creds
        key: client_secret
  - name: OAUTH2_PROXY_COOKIE_SECRET
    valueFrom:
      secretKeyRef:
        name: oauth2-proxy-creds
        key: cookie_secret
 ingress:
  enabled: true
  className: traefik
Author	SHA1	Message	Date
Gitea Actions Bot	82ed1c6078	Auto-update README with current k8s applications Terraform / Terraform (pull_request) Failing after 4s Details Generated by CI/CD workflow on 2026-05-04 17:24:32 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-05-04 17:24:32 +00:00
Ultradesu	0df274c0b2	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 14s Details Check with kubeconform / lint (push) Successful in 14s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-05-04 18:24:04 +01:00
Ultradesu	658ec19ff1	Added oauth2 proxy Check with kubeconform / lint (push) Successful in 14s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 19s Details Auto-update README / Generate README and Create MR (push) Successful in 19s Details	2026-05-04 18:21:44 +01:00
Ultradesu	eb27dcf65b	Added oauth2 proxy Check with kubeconform / lint (push) Successful in 15s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 24s Details Auto-update README / Generate README and Create MR (push) Successful in 35s Details	2026-05-04 18:19:41 +01:00
Ultradesu	e44cf95bb2	Added oauth2 proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Check with kubeconform / lint (push) Successful in 21s Details Auto-update README / Generate README and Create MR (push) Successful in 32s Details	2026-05-04 18:15:48 +01:00