Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-19 17:46:04 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
2026-06-19 17:46:04 +00:00
6 changed files with 2 additions and 112 deletions
@@ -5,6 +5,6 @@ resources:
  - app.yaml
  - external-secrets.yaml
  - deployment.yaml
  - user-unban-cronjob.yaml
  - service.yaml
  - ingress.yaml
@@ -1,60 +0,0 @@
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: gitea-user-unban
  labels:
    app: gitea-user-unban
 spec:
  schedule: "*/10 * * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        metadata:
          labels:
            app: gitea-user-unban
        spec:
          restartPolicy: OnFailure
          nodeSelector:
            kubernetes.io/hostname: master.tail2fe2d.ts.net
          volumes:
            - name: storage
              hostPath:
                path: /k8s/gitea
                type: Directory
          containers:
            - name: sqlite-unban
              image: 'gitea/gitea:latest'
              imagePullPolicy: IfNotPresent
              resources:
                requests:
                  memory: "32Mi"
                  cpu: "10m"
                limits:
                  memory: "128Mi"
                  cpu: "100m"
              command:
                - /bin/sh
                - -ec
                - |
                  sqlite3 -cmd ".timeout 30000" /data/gitea/gitea.db "
                    UPDATE \"user\"
                       SET is_active = 1,
                           prohibit_login = 0,
                           updated_unix = unixepoch()
                     WHERE lower(email) = lower('ab@hexor.cy')
                       AND (is_active <> 1 OR prohibit_login <> 0);
                    SELECT printf(
                      'gitea user watchdog: id=%d login=%s email=%s is_active=%d prohibit_login=%d updated_unix=%d',
                      id, lower_name, email, is_active, prohibit_login, updated_unix
                    )
                      FROM \"user\"
                     WHERE lower(email) = lower('ab@hexor.cy');
                  "
              volumeMounts:
                - name: storage
                  mountPath: /data
@@ -1,45 +0,0 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: auth-proxy
 spec:
  forwardAuth:
    address: http://auth-proxy.auth-proxy.svc:80/auth
    trustForwardHeader: true
    authResponseHeaders:
      - X-Auth-Request-User
      - X-Auth-Request-Email
      - X-Auth-Request-Groups
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: prometheus
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`prom.hexor.cy`)
      kind: Rule
      middlewares:
        - name: auth-proxy
      services:
        - name: prometheus-kube-prometheus-prometheus
          port: 9090
  tls:
    secretName: prometheus-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: prometheus-tls
 spec:
  secretName: prometheus-tls
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
    - prom.hexor.cy
@@ -4,7 +4,6 @@ kind: Kustomization
 resources:
  - persistentVolume.yaml
  - external-secrets.yaml
  - ingress.yaml
  - grafana-alerting-configmap.yaml
  - alertmanager-config.yaml
  - dashboards/telemt-dashboard-cm.yaml
@@ -45,7 +45,7 @@ alertmanager:
 prometheus:
  ingress:
-    enabled: false
+    enabled: true
    ingressClassName: traefik
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt
@@ -16,10 +16,6 @@ proxy_applications = {
    domain         = "pass.hexor.cy"
    allowed_groups = ["hexor-admin", "app-pass"]
  }
  Prometheus = {
    domain         = "prom.hexor.cy"
    allowed_groups = ["hexor-admin"]
  }
 }
 oauth2_applications = {