Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-11 12:32:43

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

.gitea/workflows/authentik-apps.yaml

@@ -13,6 +13,7 @@ permissions:
 jobs:
   terraform:
     name: 'Terraform'
+    if: false
     runs-on: ubuntu-latest
     environment: production
 

README.md

@@ -13,10 +13,13 @@ ArgoCD homelab project
 | Application | Status |
 | :--- | :---: |
 | **argocd** | [![argocd](https://ag.hexor.cy/api/badge?name=argocd&revision=true)](https://ag.hexor.cy/applications/argocd/argocd) |
+| **auth-proxy** | [![auth-proxy](https://ag.hexor.cy/api/badge?name=auth-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/auth-proxy) |
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
 | **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
+| **kanidm** | [![kanidm](https://ag.hexor.cy/api/badge?name=kanidm&revision=true)](https://ag.hexor.cy/applications/argocd/kanidm) |
+| **keycloak** | [![keycloak](https://ag.hexor.cy/api/badge?name=keycloak&revision=true)](https://ag.hexor.cy/applications/argocd/keycloak) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -62,9 +65,12 @@ ArgoCD homelab project
 | **sonarr-stack** | [![sonarr-stack](https://ag.hexor.cy/api/badge?name=sonarr-stack&revision=true)](https://ag.hexor.cy/applications/argocd/sonarr-stack) |
 | **stirling-pdf** | [![stirling-pdf](https://ag.hexor.cy/api/badge?name=stirling-pdf&revision=true)](https://ag.hexor.cy/applications/argocd/stirling-pdf) |
 | **syncthing** | [![syncthing](https://ag.hexor.cy/api/badge?name=syncthing&revision=true)](https://ag.hexor.cy/applications/argocd/syncthing) |
+| **teamspeak** | [![teamspeak](https://ag.hexor.cy/api/badge?name=teamspeak&revision=true)](https://ag.hexor.cy/applications/argocd/teamspeak) |
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
+| **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
+| **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 
 </td>

k8s/apps/web-petting/deployment.yaml

@@ -22,7 +22,7 @@ spec:
             claimName: web-petting-data
       containers:
       - name: web-petting
-        image: ultradesu/web-petting:0.1.0
+        image: ultradesu/web-petting:v0.1.3
         imagePullPolicy: Always
         args:
 #         - "tail"

k8s/core/prom-stack/prom-values.yaml

@@ -1,5 +1,4 @@
 
-
 alertmanager:
   config:
     global:
@@ -109,18 +108,27 @@ grafana:
 
   grafana.ini:
     auth:
-      signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
+      signout_redirect_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgf.hexor.cy%2Flogin&client_id=Grafana
+      oauth_allow_insecure_email_lookup: true
     auth.generic_oauth:
-      name: authentik
+      name: Keycloak
       enabled: true
       scopes: "openid profile email"
-      auth_url: https://idm.hexor.cy/application/o/authorize/
+      allow_sign_up: true
-      token_url: https://idm.hexor.cy/application/o/token/
+      auth_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/auth
-      api_url: https://idm.hexor.cy/application/o/userinfo/
+      token_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/token
+      api_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/userinfo
+      email_attribute_path: email
+      login_attribute_path: preferred_username
+      name_attribute_path: name
       role_attribute_path: >-
-        contains(groups, 'Grafana Admin') && 'Admin' ||
+        contains(groups[*], 'hexor-admin') && 'Admin' ||
-        contains(groups, 'Grafana Editors') && 'Editor' ||
+        contains(groups[*], 'hexor-guest') && 'Viewer' ||
-        contains(groups, 'Grafana Viewer') && 'Viewer'
+        'Viewer'
+      role_attribute_strict: false
+    log:
+      level: debug
+      filters: "oauth.generic_oauth:debug"
     database:
       type: postgres
       host: psql.psql.svc:5432

terraform/authentik/proxy-apps.auto.tfvars

@@ -43,23 +43,6 @@ proxy_applications = {
     access_groups                = ["admins"]
   }
 
-  "kubernetes-secrets" = {
-    name                         = "kubernetes-secrets"
-    slug                         = "k8s-secret"
-    group                        = "Core"
-    external_host                = "https://pass.hexor.cy"
-    internal_host                = "http://secret-reader.k8s-secret.svc:80"
-    internal_host_ssl_validation = false
-    meta_description             = ""
-    skip_path_regex              = <<-EOT
-/webhook
-EOT
-    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
-    mode                         = "proxy"
-    outpost                      = "kubernetes-outpost"
-    create_group                 = true
-    access_groups                = ["admins"]
-  }
   "mtproxy-links" = {
     name                         = "mtproxy-links"
     slug                         = "mtproxy-links"