Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-04 13:06:54

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

k8s/apps/mtproxy/secret-reader-ingress.yaml

@@ -22,7 +22,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`secret-reader.hexor.cy`)
+    - match: Host(`proxy.hexor.cy`)
       kind: Rule
       middlewares:
         - name: auth-proxy
@@ -30,16 +30,16 @@ spec:
         - name: secret-reader
           port: 80
   tls:
-    secretName: secret-reader-tls
+    secretName: proxy-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: secret-reader-tls
+  name: proxy-tls
 spec:
-  secretName: secret-reader-tls
+  secretName: proxy-tls
   issuerRef:
     name: letsencrypt
     kind: ClusterIssuer
   dnsNames:
-    - secret-reader.hexor.cy
+    - proxy.hexor.cy

k8s/apps/ollama/kustomization.yaml

@@ -9,18 +9,18 @@ resources:
 helmCharts:
   - name: ollama
     repo: https://otwld.github.io/ollama-helm/
-    version: 1.49.0
+    version: 1.58.0
     releaseName: ollama
     namespace: ollama
     valuesFile: ollama-values.yaml
     includeCRDs: true
   - name: open-webui
     repo: https://helm.openwebui.com/
-    version: 12.10.0
+    version: 14.8.0
     releaseName: openweb-ui
     namespace: ollama
     valuesFile: openweb-ui-values.yaml
     includeCRDs: true
 
 patches:
-  - path: patch-runtimeclass.yaml
+  - path: patch-runtimeclass.yaml

k8s/apps/ollama/openweb-ui-values.yaml

@@ -2,8 +2,8 @@ clusterDomain: cluster.local
 
 extraEnvVars:
   GLOBAL_LOG_LEVEL: debug
-  OAUTH_PROVIDER_NAME: authentik
+  OAUTH_PROVIDER_NAME: keycloak
-  OPENID_PROVIDER_URL: https://idm.hexor.cy/application/o/openwebui/.well-known/openid-configuration
+  OPENID_PROVIDER_URL: https://auth.hexor.cy/auth/realms/hexor/.well-known/openid-configuration
   OPENID_REDIRECT_URI: https://ai.hexor.cy/oauth/oidc/callback
   WEBUI_URL: https://ai.hexor.cy
   # Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
@@ -31,7 +31,7 @@ ollama:
         - qwen3-vl:8b
         
 pipelines:
-  enabled: true
+  enabled: false
   nodeSelector:
     kubernetes.io/hostname: master.tail2fe2d.ts.net
   
@@ -57,4 +57,4 @@ ingress:
       traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
     host: "ai.hexor.cy"
     tls: true
-    existingSecret: ollama-tls
+    existingSecret: ollama-tls

terraform/keycloak/terraform.tfvars

@@ -9,12 +9,12 @@ groups = [
 
 proxy_applications = {
   secret-reader = {
-    domain         = "secret-reader.hexor.cy"
+    domain         = "proxy.hexor.cy"
-    allowed_groups = ["hexor-guest", "hexor-admin"]
+    allowed_groups = ["hexor-admin", "app-pass"]
   }
   pass = {
     domain         = "pass.hexor.cy"
-    allowed_groups = ["hexor-guest", "hexor-admin"]
+    allowed_groups = ["hexor-admin", "app-pass"]
   }
 }
 
@@ -40,6 +40,11 @@ oauth2_applications = {
     web_origins               = ["https://gf.hexor.cy"]
     post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
   }
+  openwebui = {
+    redirect_uris             = ["https://ai.hexor.cy/oauth/oidc/callback"]
+    web_origins               = ["https://ai.hexor.cy"]
+    post_logout_redirect_uris = ["https://ai.hexor.cy/*"]
+  }
   FuruMusic = {
     redirect_uris             = ["https://music.hexor.cy/auth/oidc/callback"]
     web_origins               = ["https://music.hexor.cy"]
@@ -56,4 +61,3 @@ oauth2_applications = {
     post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
   }
 }
-