gongme: k8s Manifeste fuer initialen Cluster-Deploy

Namespace, StorageClass (Longhorn), Postgres, API, Web,
OAuth2-Proxy (Zitadel OIDC) und Traefik-Ingress fuer
https://gongme.expertfab.de.

Images: git.expertfab.de/expertfab/ef-gongme-{api,web}:latest
Auth: Zitadel hinter OAuth2-Proxy v7.7.1
TLS: cert-manager letsencrypt-ClusterIssuer

secret-oauth2.yaml enthaelt Platzhalter — CLIENT_ID/SECRET
muessen nach Zitadel-App-Anlage eingetragen werden.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

k8s/gongme/api.yaml

@@ -0,0 +1,65 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gongme-api
+  namespace: gongme
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: gongme-api
+  template:
+    metadata:
+      labels:
+        app: gongme-api
+    spec:
+      imagePullSecrets:
+        - name: gitea-registry
+      containers:
+        - name: api
+          image: git.expertfab.de/expertfab/ef-gongme-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 3001
+          envFrom:
+            - secretRef:
+                name: gongme-env
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 3001
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 3001
+            initialDelaySeconds: 60
+            periodSeconds: 30
+            failureThreshold: 5
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 768Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gongme-api
+  namespace: gongme
+spec:
+  selector:
+    app: gongme-api
+  ports:
+    - port: 3001
+      targetPort: 3001