Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-04 17:20:35

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/gitea/deployment.yaml

@@ -70,7 +70,7 @@ kind: Deployment
 metadata:
   name: gitea-runner
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app: gitea-runner
@@ -79,10 +79,6 @@ spec:
       labels:
         app: gitea-runner
     spec:
-      dnsConfig:
-        options:
-          - name: ndots
-            value: "2"
       tolerations:
         - key: workload
           operator: Equal
@@ -106,13 +102,6 @@ spec:
                 operator: In
                 values:
                 - uk-desktop.tail2fe2d.ts.net
-          - weight: 100
-            preference:
-              matchExpressions:
-              - key: kubernetes.io/hostname
-                operator: In
-                values:
-                - ai.tail2fe2d.ts.net
           - weight: 50
             preference:
               matchExpressions:
@@ -155,18 +144,13 @@ spec:
               mountPath: /data
           env:
             - name: GITEA_INSTANCE_URL
-              #value: "http://gitea.gitea.svc.cluster.local"
               value: "https://gt.hexor.cy"
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: gitea-runner-act-runner-secrets
                   key: token
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
             - name: GITEA_RUNNER_NAME
-              value: "$(NODE_NAME)"
+              value: "k8s-runner"
             - name: GITEA_RUNNER_LABELS
               value: "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04,ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04"

k8s/apps/mtproxy/secret-reader-ingress.yaml

@@ -1,18 +1,5 @@
 ---
 apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: keycloak-auth
-spec:
-  forwardAuth:
-    address: http://oauth2-proxy.oauth2-proxy.svc:80
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-Auth-Request-User
-      - X-Auth-Request-Email
-      - X-Auth-Request-Groups
----
-apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: secret-reader
@@ -26,6 +13,7 @@ spec:
       kind: Rule
       middlewares:
         - name: keycloak-auth
+          namespace: kube-system
       services:
         - name: secret-reader
           port: 80

k8s/core/oauth2-proxy/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - app.yaml
   - external-secrets.yaml
+  - middleware.yaml
 
 helmCharts:
   - name: oauth2-proxy

k8s/core/oauth2-proxy/middleware.yaml

@@ -1,3 +1,14 @@
-# Middleware is deployed per-namespace alongside each IngressRoute
-# because Traefik does not allow cross-namespace middleware references.
-# See k8s/apps/mtproxy/secret-reader-ingress.yaml for example.
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: keycloak-auth
+  namespace: kube-system
+spec:
+  forwardAuth:
+    address: http://oauth2-proxy.oauth2-proxy.svc:80/oauth2/auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
+      - X-Auth-Request-Groups