Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-05 14:49:12

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/k8s-secrets/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./app.yaml
+  - ./deployment.yaml
+  - ./external-secret.yaml
+  - ./ingress.yaml
+  - ./kustomization.yaml
+  - ./rbac.yaml
+  - ./service-account.yaml
+  - ./service.yaml

k8s/core/argocd/values.yaml

@@ -24,30 +24,31 @@ configs:
     statusbadge.enabled: true
     timeout.reconciliation: 60s
     oidc.config: |
-      name: Keycloak
+      name: Authentik
-      issuer: https://auth.hexor.cy/auth/realms/hexor
+      issuer: https://idm.hexor.cy/application/o/argocd/
       clientID: $oidc-creds:id
       clientSecret: $oidc-creds:secret
-      requestedScopes: ["openid", "profile", "email", "offline_access"]
+      requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
       requestedIDTokenClaims: {"groups": {"essential": true}}
       refreshTokenThreshold: 2m
   rbac:
     create: true
     policy.default: ""
     policy.csv: |
-        g, game-servers-managers, GameServersManagersRole
+      # Bound OIDC Group and internal role
-        # Role permissions
+      g, Game Servers Managers, GameServersManagersRole
-        p, GameServersManagersRole, applications, get, games/*, allow
+      # Role permissions
-        p, GameServersManagersRole, applications, update, games/*, allow
+      p, GameServersManagersRole, applications, get, games/*, allow
-        p, GameServersManagersRole, applications, sync, games/*, allow
+      p, GameServersManagersRole, applications, update, games/*, allow
-        p, GameServersManagersRole, applications, override, games/*, allow
+      p, GameServersManagersRole, applications, sync, games/*, allow
-        p, GameServersManagersRole, applications, action/*, games/*, allow
+      p, GameServersManagersRole, applications, override, games/*, allow
-        p, GameServersManagersRole, exec, create, games/*, allow
+      p, GameServersManagersRole, applications, action/*, games/*, allow
-        p, GameServersManagersRole, logs, get, games/*, allow
+      p, GameServersManagersRole, exec, create, games/*, allow
-        p, GameServersManagersRole, applications, delete, games/*, deny
+      p, GameServersManagersRole, logs, get, games/*, allow
-    
+      p, GameServersManagersRole, applications, delete, games/*, deny
-        # Admin policy
+
-        g, argocd-admins, role:admin
+      # Admin policy
+      g, ArgoCD Admins, role:admin
 
   secret:
     createSecret: true

k8s/core/auth-proxy/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: auth-proxy
-          image: ultradesu/rsauth2-proxy:latest
+          image: ultradesu/rsauth2-proxy:0.1.0
           ports:
             - containerPort: 8080
               name: http

k8s/core/auth-proxy/kustomization.yaml

@@ -7,5 +7,4 @@ resources:
   - deployment.yaml
   - service.yaml
   - ingress.yaml
-  - servicemonitor.yaml
 # routes.yaml ConfigMap is managed by Terraform (kubernetes_config_map)

k8s/core/auth-proxy/servicemonitor.yaml

@@ -1,21 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: auth-proxy-metrics
-  labels:
-    app: auth-proxy
-    release: prometheus
-spec:
-  selector:
-    matchLabels:
-      app: auth-proxy
-  endpoints:
-    - port: http
-      path: /metrics
-      interval: 30s
-      scrapeTimeout: 10s
-      honorLabels: true
-  namespaceSelector:
-    matchNames:
-      - auth-proxy