Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-05 18:13:54 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
2026-05-05 18:13:54 +00:00
10 changed files with 35 additions and 52 deletions
@@ -13,7 +13,6 @@ permissions:
 jobs:
  terraform:
    name: 'Terraform'
    if: false
    runs-on: ubuntu-latest
    environment: production
@@ -1,5 +1,5 @@
 ---
-image: &image 'pasarguard/panel:v4.0.2'
+image: &image 'pasarguard/panel:v3.1.0'
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -6,8 +6,6 @@ metadata:
    app: web-petting
 spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: web-petting
@@ -18,14 +16,13 @@ spec:
    spec:
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/hostname: master.tail2fe2d.ts.net
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: web-petting-data
      containers:
      - name: web-petting
-        image: ultradesu/web-petting:latest
+        image: ultradesu/web-petting:0.1.0
        imagePullPolicy: Always
        args:
 #         - "tail"
@@ -20,21 +20,8 @@ spec:
                name: web-petting
                port:
                  number: 80
    - host: xn--l1acako8eb.xn--p1ai
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-petting
                port:
                  number: 80
  tls:
    - secretName: web-petting-tls
      hosts:
        - pet.hexor.cy
    - secretName: web-petting-murnyanya-tls
      hosts:
        - xn--l1acako8eb.xn--p1ai
@@ -23,22 +23,14 @@ configs:
    admin.enabled: false
    statusbadge.enabled: true
    timeout.reconciliation: 60s
-    dex.config: |
+    oidc.config: |
-      connectors:
+      name: Keycloak
-      - type: oidc
+      issuer: https://auth.hexor.cy/auth/realms/hexor
-        id: keycloak
+      clientID: $oidc-creds:id
-        name: Keycloak
+      clientSecret: $oidc-creds:secret
-        config:
+      requestedScopes: ["openid", "profile", "email", "offline_access"]
-          issuer: https://auth.hexor.cy/auth/realms/hexor
+      requestedIDTokenClaims: {"groups": {"essential": true}}
-          clientID: $oidc-creds:id
+      refreshTokenThreshold: 2m
          clientSecret: $oidc-creds:secret
          insecureEnableGroups: true
          scopes:
            - openid
            - profile
            - email
            - offline_access
          getUserInfo: true
  rbac:
    create: true
    policy.default: ""
@@ -72,7 +64,7 @@ dex:
  replicas: 1
  nodeSelector:
    <<: *nodeSelector
-  enabled: true
+  enabled: false
 # Standard Redis disabled because Redis HA is enabled
 redis:
@@ -35,6 +35,4 @@ spec:
          dnsZones:
            - "*.hexor.cy"
            - "hexor.cy"
            - "*.xn--l1acako8eb.xn--p1ai"
            - "xn--l1acako8eb.xn--p1ai"
@@ -109,26 +109,17 @@ grafana:
  grafana.ini:
    auth:
      signout_redirect_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgf.hexor.cy%2Flogin&client_id=Grafana
      oauth_allow_insecure_email_lookup: true
    auth.generic_oauth:
      name: Keycloak
      enabled: true
      scopes: "openid profile email"
      allow_sign_up: true
      auth_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/auth
      token_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/token
      api_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/userinfo
-      email_attribute_path: email
+      #         #contains(groups, 'Grafana Editors') && 'Editor' ||
      login_attribute_path: preferred_username
      name_attribute_path: name
      role_attribute_path: >-
-        contains(groups[*], 'hexor-admin') && 'Admin' ||
+        contains(groups, 'hexor-admin') && 'Admin' ||
-        contains(groups[*], 'hexor-guest') && 'Viewer' ||
+        contains(groups, 'hexor-guest') && 'Viewer'
        'Viewer'
      role_attribute_strict: false
    log:
      level: debug
      filters: "oauth.generic_oauth:debug"
    database:
      type: postgres
      host: psql.psql.svc:5432
@@ -43,6 +43,23 @@ proxy_applications = {
    access_groups                = ["admins"]
  }
  "kubernetes-secrets" = {
    name                         = "kubernetes-secrets"
    slug                         = "k8s-secret"
    group                        = "Core"
    external_host                = "https://pass.hexor.cy"
    internal_host                = "http://secret-reader.k8s-secret.svc:80"
    internal_host_ssl_validation = false
    meta_description             = ""
    skip_path_regex              = <<-EOT
 /webhook
 EOT
    meta_icon                    = "https://img.icons8.com/ios-filled/50/password.png"
    mode                         = "proxy"
    outpost                      = "kubernetes-outpost"
    create_group                 = true
    access_groups                = ["admins"]
  }
  "mtproxy-links" = {
    name                         = "mtproxy-links"
    slug                         = "mtproxy-links"
@@ -167,7 +167,9 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
 }
 resource "keycloak_group" "oauth2_app" {
-  for_each = var.oauth2_applications
+  for_each = {
    for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
  }
  realm_id = keycloak_realm.hexor.id
  name     = "app-${each.key}"
@@ -23,7 +23,7 @@ oauth2_applications = {
    post_logout_redirect_uris = ["https://gt.hexor.cy/*"]
  }
  ArgoCD = {
-    redirect_uris             = ["https://ag.hexor.cy/api/dex/callback"]
+    redirect_uris             = ["https://ag.hexor.cy/auth/callback"]
    web_origins               = ["https://ag.hexor.cy"]
    post_logout_redirect_uris = ["https://ag.hexor.cy/*"]
    extra_optional_scopes     = ["offline_access"]