Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-13 14:21:50

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

.gitea/workflows/authentik-apps.yaml

@@ -13,6 +13,7 @@ permissions:
 jobs:
   terraform:
     name: 'Terraform'
+    if: false
     runs-on: ubuntu-latest
     environment: production
 

k8s/apps/web-petting/deployment.yaml

@@ -22,7 +22,7 @@ spec:
             claimName: web-petting-data
       containers:
       - name: web-petting
-        image: ultradesu/web-petting:0.1.0
+        image: ultradesu/web-petting:v0.1.6
         imagePullPolicy: Always
         args:
 #         - "tail"

k8s/apps/web-petting/ingress.yaml

@@ -20,8 +20,21 @@ spec:
                 name: web-petting
                 port:
                   number: 80
+    - host: xn--l1acako8eb.xn--p1ai
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web-petting
+                port:
+                  number: 80
   tls:
     - secretName: web-petting-tls
       hosts:
         - pet.hexor.cy
+    - secretName: web-petting-murnyanya-tls
+      hosts:
+        - xn--l1acako8eb.xn--p1ai
 

k8s/core/argocd/values.yaml

@@ -23,14 +23,22 @@ configs:
     admin.enabled: false
     statusbadge.enabled: true
     timeout.reconciliation: 60s
-    oidc.config: |
-      name: Keycloak
-      issuer: https://auth.hexor.cy/auth/realms/hexor
-      clientID: $oidc-creds:id
-      clientSecret: $oidc-creds:secret
-      requestedScopes: ["openid", "profile", "email", "offline_access"]
-      requestedIDTokenClaims: {"groups": {"essential": true}}
-      refreshTokenThreshold: 2m
+    dex.config: |
+      connectors:
+      - type: oidc
+        id: keycloak
+        name: Keycloak
+        config:
+          issuer: https://auth.hexor.cy/auth/realms/hexor
+          clientID: $oidc-creds:id
+          clientSecret: $oidc-creds:secret
+          insecureEnableGroups: true
+          scopes:
+            - openid
+            - profile
+            - email
+            - offline_access
+          getUserInfo: true
   rbac:
     create: true
     policy.default: ""
@@ -64,7 +72,7 @@ dex:
   replicas: 1
   nodeSelector:
     <<: *nodeSelector
-  enabled: false
+  enabled: true
 
 # Standard Redis disabled because Redis HA is enabled
 redis:

k8s/core/cert-manager/issuer.yaml

@@ -35,4 +35,6 @@ spec:
           dnsZones:
             - "*.hexor.cy"
             - "hexor.cy"
+            - "*.xn--l1acako8eb.xn--p1ai"
+            - "xn--l1acako8eb.xn--p1ai"
 

terraform/authentik/proxy-apps.auto.tfvars

@@ -43,23 +43,6 @@ proxy_applications = {
     access_groups                = ["admins"]
   }
 
-  "kubernetes-secrets" = {
-    name                         = "kubernetes-secrets"
-    slug                         = "k8s-secret"
-    group                        = "Core"
-    external_host                = "https://pass.hexor.cy"
-    internal_host                = "http://secret-reader.k8s-secret.svc:80"
-    internal_host_ssl_validation = false
-    meta_description             = ""
-    skip_path_regex              = <<-EOT
-/webhook
-EOT
-    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
-    mode                         = "proxy"
-    outpost                      = "kubernetes-outpost"
-    create_group                 = true
-    access_groups                = ["admins"]
-  }
   "mtproxy-links" = {
     name                         = "mtproxy-links"
     slug                         = "mtproxy-links"

terraform/keycloak/main.tf

@@ -167,9 +167,7 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
 }
 
 resource "keycloak_group" "oauth2_app" {
-  for_each = {
-    for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
-  }
+  for_each = var.oauth2_applications
 
   realm_id = keycloak_realm.hexor.id
   name     = "app-${each.key}"