Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-05 17:51:13 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added monitoring for auth-proxy
2026-05-05 17:51:13 +00:00 · 2026-05-05 18:50:43 +01:00 · 2026-05-05 18:49:58 +01:00 · 2026-05-05 17:43:25 +00:00 · 2026-05-05 17:37:20 +00:00 · 2026-05-05 16:57:26 +00:00
5 changed files with 86 additions and 19 deletions
@@ -0,0 +1,46 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: auth-proxy
+spec:
+  forwardAuth:
+    address: http://auth-proxy.auth-proxy.svc:80/auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
+      - X-Auth-Request-Groups
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: secret-reader
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`pass.hexor.cy`)
+      kind: Rule
+      middlewares:
+        - name: auth-proxy
+      services:
+        - name: secret-reader
+          port: 80
+  tls:
+    secretName: secret-reader-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: secret-reader-tls
+spec:
+  secretName: secret-reader-tls
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - pass.hexor.cy
+
@@ -24,31 +24,30 @@ configs:
    statusbadge.enabled: true
    timeout.reconciliation: 60s
    oidc.config: |
-      name: Authentik
-      issuer: https://idm.hexor.cy/application/o/argocd/
+      name: Keycloak
+      issuer: https://auth.hexor.cy/auth/realms/hexor
      clientID: $oidc-creds:id
      clientSecret: $oidc-creds:secret
-      requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
+      requestedScopes: ["openid", "profile", "email", "offline_access"]
      requestedIDTokenClaims: {"groups": {"essential": true}}
      refreshTokenThreshold: 2m
  rbac:
    create: true
    policy.default: ""
    policy.csv: |
-      # Bound OIDC Group and internal role
-      g, Game Servers Managers, GameServersManagersRole
-      # Role permissions
-      p, GameServersManagersRole, applications, get, games/*, allow
-      p, GameServersManagersRole, applications, update, games/*, allow
-      p, GameServersManagersRole, applications, sync, games/*, allow
-      p, GameServersManagersRole, applications, override, games/*, allow
-      p, GameServersManagersRole, applications, action/*, games/*, allow
-      p, GameServersManagersRole, exec, create, games/*, allow
-      p, GameServersManagersRole, logs, get, games/*, allow
-      p, GameServersManagersRole, applications, delete, games/*, deny
-
-      # Admin policy
-      g, ArgoCD Admins, role:admin
+        g, game-servers-managers, GameServersManagersRole
+        # Role permissions
+        p, GameServersManagersRole, applications, get, games/*, allow
+        p, GameServersManagersRole, applications, update, games/*, allow
+        p, GameServersManagersRole, applications, sync, games/*, allow
+        p, GameServersManagersRole, applications, override, games/*, allow
+        p, GameServersManagersRole, applications, action/*, games/*, allow
+        p, GameServersManagersRole, exec, create, games/*, allow
+        p, GameServersManagersRole, logs, get, games/*, allow
+        p, GameServersManagersRole, applications, delete, games/*, deny
+    
+        # Admin policy
+        g, argocd-admins, role:admin

  secret:
    createSecret: true
@@ -17,7 +17,7 @@ spec:
    spec:
      containers:
        - name: auth-proxy
-          image: ultradesu/rsauth2-proxy:0.1.0
+          image: ultradesu/rsauth2-proxy:latest
          ports:
            - containerPort: 8080
              name: http
@@ -35,7 +35,7 @@ spec:
            - name: AUTH_PROXY_ROUTES_FILE
              value: "/config/routes.yaml"
            - name: AUTH_PROXY_LOG_LEVEL
-              value: "info"
+              value: "debug"
          volumeMounts:
            - name: routes
              mountPath: /config
@@ -7,4 +7,5 @@ resources:
  - deployment.yaml
  - service.yaml
  - ingress.yaml
+  - servicemonitor.yaml
 # routes.yaml ConfigMap is managed by Terraform (kubernetes_config_map)
@@ -0,0 +1,21 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: auth-proxy-metrics
+  labels:
+    app: auth-proxy
+    release: prometheus
+spec:
+  selector:
+    matchLabels:
+      app: auth-proxy
+  endpoints:
+    - port: http
+      path: /metrics
+      interval: 30s
+      scrapeTimeout: 10s
+      honorLabels: true
+  namespaceSelector:
+    matchNames:
+      - auth-proxy
Author	SHA1	Message	Date
Gitea Actions Bot	efe7f574cb	Auto-update README with current k8s applications Terraform / Terraform (pull_request) Failing after 13s Details Generated by CI/CD workflow on 2026-05-05 17:51:13 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-05-05 17:51:13 +00:00
Ultradesu	26a42717c9	Added monitoring for auth-proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-05-05 18:50:43 +01:00
Ultradesu	b75036b756	Added monitoring for auth-proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 7s Details	2026-05-05 18:49:58 +01:00
ab	15abaac453	Update k8s/core/argocd/values.yaml Check with kubeconform / lint (push) Successful in 8s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-05-05 17:43:25 +00:00
ab	24218d4d50	Update k8s/core/argocd/values.yaml Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 10s Details Check with kubeconform / lint (push) Successful in 10s Details Auto-update README / Generate README and Create MR (push) Successful in 14s Details	2026-05-05 17:37:20 +00:00
ab	70b652b079	Update k8s/core/auth-proxy/deployment.yaml Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 9s Details Auto-update README / Generate README and Create MR (push) Successful in 14s Details	2026-05-05 16:57:26 +00:00
Ultradesu	f6ad2edde4	Moved pass to keycloak Check with kubeconform / lint (push) Successful in 6s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Auto-update README / Generate README and Create MR (push) Successful in 13s Details	2026-05-05 15:49:45 +01:00
Ultradesu	1fb779255f	Moved pass to keycloak Check with kubeconform / lint (push) Successful in 8s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Auto-update README / Generate README and Create MR (push) Successful in 15s Details	2026-05-05 15:48:47 +01:00
Ultradesu	93856cc30e	deployed auth-proxy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 11s Details	2026-05-05 15:28:25 +01:00