Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-18 11:56:43

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/pasarguard/deployment.yaml

@@ -1,5 +1,5 @@
 ---
-image: &image 'pasarguard/panel:v3.1.0'
+image: &image 'pasarguard/panel:v4.0.2'
 apiVersion: apps/v1
 kind: Deployment
 metadata:

k8s/apps/web-petting/deployment.yaml

@@ -6,6 +6,8 @@ metadata:
     app: web-petting
 spec:
   replicas: 1
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: web-petting
@@ -16,13 +18,14 @@ spec:
     spec:
       nodeSelector:
         kubernetes.io/os: linux
+        kubernetes.io/hostname: spb.tail2fe2d.ts.net
       volumes:
         - name: data
           persistentVolumeClaim:
             claimName: web-petting-data
       containers:
       - name: web-petting
-        image: ultradesu/web-petting:v0.1.5
+        image: ultradesu/web-petting:latest
         imagePullPolicy: Always
         args:
 #         - "tail"

k8s/apps/web-petting/ingress.yaml

@@ -20,8 +20,21 @@ spec:
                 name: web-petting
                 port:
                   number: 80
+    - host: xn--l1acako8eb.xn--p1ai
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web-petting
+                port:
+                  number: 80
   tls:
     - secretName: web-petting-tls
       hosts:
         - pet.hexor.cy
+    - secretName: web-petting-murnyanya-tls
+      hosts:
+        - xn--l1acako8eb.xn--p1ai
 

k8s/core/argocd/values.yaml

@@ -23,14 +23,22 @@ configs:
     admin.enabled: false
     statusbadge.enabled: true
     timeout.reconciliation: 60s
-    oidc.config: |
+    dex.config: |
-      name: Keycloak
+      connectors:
-      issuer: https://auth.hexor.cy/auth/realms/hexor
+      - type: oidc
-      clientID: $oidc-creds:id
+        id: keycloak
-      clientSecret: $oidc-creds:secret
+        name: Keycloak
-      requestedScopes: ["openid", "profile", "email", "offline_access"]
+        config:
-      requestedIDTokenClaims: {"groups": {"essential": true}}
+          issuer: https://auth.hexor.cy/auth/realms/hexor
-      refreshTokenThreshold: 2m
+          clientID: $oidc-creds:id
+          clientSecret: $oidc-creds:secret
+          insecureEnableGroups: true
+          scopes:
+            - openid
+            - profile
+            - email
+            - offline_access
+          getUserInfo: true
   rbac:
     create: true
     policy.default: ""
@@ -64,7 +72,7 @@ dex:
   replicas: 1
   nodeSelector:
     <<: *nodeSelector
-  enabled: false
+  enabled: true
 
 # Standard Redis disabled because Redis HA is enabled
 redis:

k8s/core/cert-manager/issuer.yaml

@@ -35,4 +35,6 @@ spec:
           dnsZones:
             - "*.hexor.cy"
             - "hexor.cy"
+            - "*.xn--l1acako8eb.xn--p1ai"
+            - "xn--l1acako8eb.xn--p1ai"
 

terraform/keycloak/main.tf

@@ -167,9 +167,7 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
 }
 
 resource "keycloak_group" "oauth2_app" {
-  for_each = {
+  for_each = var.oauth2_applications
-    for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
-  }
 
   realm_id = keycloak_realm.hexor.id
   name     = "app-${each.key}"

terraform/keycloak/terraform.tfvars

@@ -23,7 +23,7 @@ oauth2_applications = {
     post_logout_redirect_uris = ["https://gt.hexor.cy/*"]
   }
   ArgoCD = {
-    redirect_uris             = ["https://ag.hexor.cy/auth/callback"]
+    redirect_uris             = ["https://ag.hexor.cy/api/dex/callback"]
     web_origins               = ["https://ag.hexor.cy"]
     post_logout_redirect_uris = ["https://ag.hexor.cy/*"]
     extra_optional_scopes     = ["offline_access"]