Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-04 17:20:35

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/mtproxy/secret-reader-ingress.yaml

@@ -1,18 +1,5 @@
 ---
 apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: keycloak-auth
-spec:
-  forwardAuth:
-    address: http://oauth2-proxy.oauth2-proxy.svc:80
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-Auth-Request-User
-      - X-Auth-Request-Email
-      - X-Auth-Request-Groups
----
-apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: secret-reader
@@ -26,6 +13,7 @@ spec:
       kind: Rule
       middlewares:
         - name: keycloak-auth
+          namespace: kube-system
       services:
         - name: secret-reader
           port: 80

k8s/core/oauth2-proxy/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - app.yaml
   - external-secrets.yaml
+  - middleware.yaml
 
 helmCharts:
   - name: oauth2-proxy

k8s/core/oauth2-proxy/middleware.yaml

@@ -1,3 +1,14 @@
-# Middleware is deployed per-namespace alongside each IngressRoute
-# because Traefik does not allow cross-namespace middleware references.
-# See k8s/apps/mtproxy/secret-reader-ingress.yaml for example.
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: keycloak-auth
+  namespace: kube-system
+spec:
+  forwardAuth:
+    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
+      - X-Auth-Request-Groups