Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-11 11:57:58

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/web-petting/deployment.yaml

@@ -22,7 +22,7 @@ spec:
             claimName: web-petting-data
       containers:
       - name: web-petting
-        image: ultradesu/web-petting:latest
+        image: ultradesu/web-petting:v0.1.2
         imagePullPolicy: Always
         args:
 #         - "tail"

k8s/apps/web-petting/ingress.yaml

@@ -20,21 +20,8 @@ spec:
                 name: web-petting
                 port:
                   number: 80
-    - host: xn--l1acako8eb.xn--p1ai
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: web-petting
-                port:
-                  number: 80
   tls:
     - secretName: web-petting-tls
       hosts:
         - pet.hexor.cy
-    - secretName: web-petting-murnyanya-tls
-      hosts:
-        - xn--l1acako8eb.xn--p1ai
 

k8s/core/argocd/values.yaml

@@ -23,22 +23,14 @@ configs:
     admin.enabled: false
     statusbadge.enabled: true
     timeout.reconciliation: 60s
-    dex.config: |
-      connectors:
-      - type: oidc
-        id: keycloak
-        name: Keycloak
-        config:
-          issuer: https://auth.hexor.cy/auth/realms/hexor
-          clientID: $oidc-creds:id
-          clientSecret: $oidc-creds:secret
-          insecureEnableGroups: true
-          scopes:
-            - openid
-            - profile
-            - email
-            - offline_access
-          getUserInfo: true
+    oidc.config: |
+      name: Keycloak
+      issuer: https://auth.hexor.cy/auth/realms/hexor
+      clientID: $oidc-creds:id
+      clientSecret: $oidc-creds:secret
+      requestedScopes: ["openid", "profile", "email", "offline_access"]
+      requestedIDTokenClaims: {"groups": {"essential": true}}
+      refreshTokenThreshold: 2m
   rbac:
     create: true
     policy.default: ""
@@ -72,7 +64,7 @@ dex:
   replicas: 1
   nodeSelector:
     <<: *nodeSelector
-  enabled: true
+  enabled: false
 
 # Standard Redis disabled because Redis HA is enabled
 redis:

k8s/core/cert-manager/issuer.yaml

@@ -35,6 +35,4 @@ spec:
           dnsZones:
             - "*.hexor.cy"
             - "hexor.cy"
-            - "*.xn--l1acako8eb.xn--p1ai"
-            - "xn--l1acako8eb.xn--p1ai"
 

terraform/keycloak/main.tf

@@ -167,7 +167,9 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
 }
 
 resource "keycloak_group" "oauth2_app" {
-  for_each = var.oauth2_applications
+  for_each = {
+    for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
+  }
 
   realm_id = keycloak_realm.hexor.id
   name     = "app-${each.key}"