Configure k8s manifests for Argo CD deployment

- Add namespace.yaml for turash namespace
- Add frontend manifests (deployment, service, HPA, ingress)
- Add kustomization.yaml for Argo CD kustomize support
- Update frontend Argo CD application with proper annotations
- Configure ingress with domain turash.bk.glpx.pro for Argo CD link display
- Use registry.bk.glpx.pro for container images

k8s/argocd/frontend-application.yaml

@@ -8,6 +8,9 @@ metadata:
     environment: production
   finalizers:
     - resources-finalizer.argocd.argoproj.io
+  annotations:
+    # Enable ingress link display in Argo CD UI
+    argocd.argoproj.io/refresh: normal
 spec:
   project: default
   source:

k8s/frontend-deployment.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: turash-frontend
+  namespace: turash
+  labels:
+    app: turash-frontend
+    component: frontend
+    version: v1
+spec:
+  replicas: 2
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: turash-frontend
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: turash-frontend
+        component: frontend
+        version: v1
+      annotations:
+        prometheus.io/path: /health
+        prometheus.io/port: "80"
+        prometheus.io/scrape: "true"
+    spec:
+      containers:
+      - name: frontend
+        image: registry.bk.glpx.pro/turash/turash-frontend:latest
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 80
+          protocol: TCP
+        env:
+        - name: VITE_API_BASE_URL
+          value: https://turash-api.bk.glpx.pro
+        - name: VITE_ENVIRONMENT
+          value: production
+        resources:
+          requests:
+            cpu: 50m
+            memory: 128Mi
+          limits:
+            cpu: 200m
+            memory: 256Mi
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: http
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: http
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+          successThreshold: 1
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 101
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+

k8s/frontend-hpa.yaml

@@ -0,0 +1,47 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: turash-frontend-hpa
+  namespace: turash
+  labels:
+    app: turash-frontend
+    component: autoscaling
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: turash-frontend
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 60
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 70
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0
+      policies:
+      - type: Percent
+        value: 100
+        periodSeconds: 60
+      - type: Pods
+        value: 2
+        periodSeconds: 60
+      selectPolicy: Max
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      policies:
+      - type: Percent
+        value: 50
+        periodSeconds: 60
+      selectPolicy: Max
+

k8s/frontend-ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: turash-frontend-ingress
+  namespace: turash
+  labels:
+    app: turash-frontend
+    component: ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/redirect-entrypoint: websecure
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: default-compress@kubernetescrd
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: turash.bk.glpx.pro
+    http:
+      paths:
+      - backend:
+          service:
+            name: turash-frontend
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - turash.bk.glpx.pro
+    secretName: turash-frontend-tls
+

k8s/frontend-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: turash-frontend
+  namespace: turash
+  labels:
+    app: turash-frontend
+    component: frontend
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: http
+  selector:
+    app: turash-frontend
+  sessionAffinity: None
+

k8s/gitea-runners/deployment.yaml

@@ -44,7 +44,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
         - name: GITEA_RUNNER_LABELS
-          value: "ubuntu-latest:docker://node:24-bookworm,ubuntu-22.04:docker://node:24-bookworm,ubuntu-20.04:docker://node:24-bookworm"
+          value: "ubuntu-latest:host,ubuntu-22.04:host,ubuntu-20.04:host"
         - name: DOCKER_HOST
           value: "tcp://localhost:2375"
         - name: ACT_RUNNER_CONFIG

k8s/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: turash
+
+resources:
+  - namespace.yaml
+  - frontend-deployment.yaml
+  - frontend-service.yaml
+  - frontend-hpa.yaml
+  - frontend-ingress.yaml
+
+commonLabels:
+  app.kubernetes.io/managed-by: argocd
+  app.kubernetes.io/part-of: turash
+

k8s/namespace.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: turash
+  labels:
+    app: turash-backend
+    environment: production
+    name: turash
+