Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-05 14:28:51

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/k8s-secrets/ingress.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: auth-proxy
-spec:
-  forwardAuth:
-    address: http://auth-proxy.auth-proxy.svc:80/auth
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-Auth-Request-User
-      - X-Auth-Request-Email
-      - X-Auth-Request-Groups
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: secret-reader
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`pass.hexor.cy`)
-      kind: Rule
-      middlewares:
-        - name: auth-proxy
-      services:
-        - name: secret-reader
-          port: 80
-  tls:
-    secretName: secret-reader-tls
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: secret-reader-tls
-spec:
-  secretName: secret-reader-tls
-  issuerRef:
-    name: letsencrypt
-    kind: ClusterIssuer
-  dnsNames:
-    - pass.hexor.cy
-

k8s/core/argocd/values.yaml

@@ -25,7 +25,7 @@ configs:
     timeout.reconciliation: 60s
     oidc.config: |
       name: Authentik
-      issuer: https://auth.hexor.cy/auth/realms/hexor
+      issuer: https://idm.hexor.cy/application/o/argocd/
       clientID: $oidc-creds:id
       clientSecret: $oidc-creds:secret
       requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
@@ -35,19 +35,20 @@ configs:
     create: true
     policy.default: ""
     policy.csv: |
-        g, game-servers-managers, GameServersManagersRole
-        # Role permissions
-        p, GameServersManagersRole, applications, get, games/*, allow
-        p, GameServersManagersRole, applications, update, games/*, allow
-        p, GameServersManagersRole, applications, sync, games/*, allow
-        p, GameServersManagersRole, applications, override, games/*, allow
-        p, GameServersManagersRole, applications, action/*, games/*, allow
-        p, GameServersManagersRole, exec, create, games/*, allow
-        p, GameServersManagersRole, logs, get, games/*, allow
-        p, GameServersManagersRole, applications, delete, games/*, deny
-    
-        # Admin policy
-        g, argocd-admins, role:admin
+      # Bound OIDC Group and internal role
+      g, Game Servers Managers, GameServersManagersRole
+      # Role permissions
+      p, GameServersManagersRole, applications, get, games/*, allow
+      p, GameServersManagersRole, applications, update, games/*, allow
+      p, GameServersManagersRole, applications, sync, games/*, allow
+      p, GameServersManagersRole, applications, override, games/*, allow
+      p, GameServersManagersRole, applications, action/*, games/*, allow
+      p, GameServersManagersRole, exec, create, games/*, allow
+      p, GameServersManagersRole, logs, get, games/*, allow
+      p, GameServersManagersRole, applications, delete, games/*, deny
+
+      # Admin policy
+      g, ArgoCD Admins, role:admin
 
   secret:
     createSecret: true

k8s/core/auth-proxy/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: auth-proxy
-          image: ultradesu/rsauth2-proxy:latest
+          image: ultradesu/rsauth2-proxy:0.1.0
           ports:
             - containerPort: 8080
               name: http