feat: Add k8s deployment manifests for staging environment (Phase 10-07, Task 2)

- PostgreSQL StatefulSet with ConfigMap, Secret, and Service
- Backend Deployment with health checks and resource limits
- Frontend Deployment with health checks and resource limits
- Ingress configuration for traefik/nginx ingress controllers
- Comprehensive deployment report documenting staging setup
- All services running and healthy with 0 restarts
- Database schema migration pending

Staging cluster status:
- gravl-backend: 1/1 Running ✅
- gravl-frontend: 1/1 Running ✅
- gravl-db: 1/1 Running ✅
- Ingress: traefik configured and responding ✅

k8s/deployments/gravl-backend.yaml

@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gravl-backend
+  namespace: gravl-staging
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gravl-backend
+  template:
+    metadata:
+      labels:
+        app: gravl-backend
+    spec:
+      containers:
+      - name: gravl-backend
+        image: gravl-gravl-backend:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: http
+          containerPort: 3001
+        env:
+        - name: NODE_ENV
+          value: "production"
+        - name: DB_HOST
+          value: "postgres.gravl-prod.svc.cluster.local"
+        - name: DB_PORT
+          value: "5432"
+        - name: DB_NAME
+          value: "gravl"
+        - name: DB_USER
+          value: "gravl_user"
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: POSTGRES_PASSWORD
+        - name: LOG_LEVEL
+          value: "info"
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 3001
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 3001
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "500m"
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - gravl-backend
+              topologyKey: kubernetes.io/hostname
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gravl-backend
+  namespace: gravl-staging
+  labels:
+    app: gravl-backend
+spec:
+  type: ClusterIP
+  selector:
+    app: gravl-backend
+  ports:
+  - name: http
+    port: 3001
+    targetPort: 3001
+    protocol: TCP

k8s/deployments/gravl-frontend.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gravl-frontend
+  namespace: gravl-staging
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gravl-frontend
+  template:
+    metadata:
+      labels:
+        app: gravl-frontend
+    spec:
+      containers:
+      - name: gravl-frontend
+        image: gravl-gravl-frontend:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: http
+          containerPort: 80
+        env:
+        - name: API_URL
+          value: "http://gravl-backend:3001"
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 3
+          failureThreshold: 3
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "250m"
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - gravl-frontend
+              topologyKey: kubernetes.io/hostname
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gravl-frontend
+  namespace: gravl-staging
+  labels:
+    app: gravl-frontend
+spec:
+  type: ClusterIP
+  selector:
+    app: gravl-frontend
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+    protocol: TCP

k8s/deployments/ingress-nginx.yaml

@@ -0,0 +1,51 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gravl-tls-cert
+  namespace: gravl-staging
+spec:
+  secretName: gravl-tls-secret
+  issuerRef:
+    name: letsencrypt-staging
+    kind: ClusterIssuer
+  dnsNames:
+  - gravl.homelab.local
+  - api.gravl.homelab.local
+  - "*.gravl.homelab.local"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gravl-ingress
+  namespace: gravl-staging
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/cluster-issuer: "letsencrypt-staging"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  tls:
+  - hosts:
+    - gravl.homelab.local
+    - api.gravl.homelab.local
+    secretName: gravl-tls-secret
+  rules:
+  - host: gravl.homelab.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gravl-frontend
+            port:
+              number: 80
+  - host: api.gravl.homelab.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gravl-backend
+            port:
+              number: 3001

k8s/deployments/postgresql.yaml

@@ -0,0 +1,143 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  namespace: gravl-staging
+data:
+  POSTGRES_DB: gravl
+  POSTGRES_USER: gravl_user
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-secret
+  namespace: gravl-staging
+type: Opaque
+stringData:
+  POSTGRES_PASSWORD: "gravl_staging_password_12345"
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: gravl-staging
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:16-alpine
+        ports:
+        - name: postgres
+          containerPort: 5432
+        envFrom:
+        - configMapRef:
+            name: postgres-config
+        - secretRef:
+            name: postgres-secret
+        volumeMounts:
+        - name: postgres-storage
+          mountPath: /var/lib/postgresql/data
+          subPath: postgres
+        - name: init-script
+          mountPath: /docker-entrypoint-initdb.d
+        livenessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - pg_isready -U gravl_user
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - pg_isready -U gravl_user
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+      volumes:
+      - name: init-script
+        configMap:
+          name: postgres-init
+          defaultMode: 0755
+  volumeClaimTemplates:
+  - metadata:
+      name: postgres-storage
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 5Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-init
+  namespace: gravl-staging
+data:
+  init.sql: |
+    CREATE TABLE IF NOT EXISTS users (
+      id SERIAL PRIMARY KEY,
+      username VARCHAR(100) UNIQUE NOT NULL,
+      email VARCHAR(100) UNIQUE NOT NULL,
+      password_hash VARCHAR(255) NOT NULL,
+      created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS workouts (
+      id SERIAL PRIMARY KEY,
+      user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+      name VARCHAR(255) NOT NULL,
+      description TEXT,
+      created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS exercises (
+      id SERIAL PRIMARY KEY,
+      workout_id INTEGER REFERENCES workouts(id) ON DELETE CASCADE,
+      name VARCHAR(255) NOT NULL,
+      sets INTEGER,
+      reps INTEGER,
+      weight DECIMAL(10, 2),
+      created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS workout_logs (
+      id SERIAL PRIMARY KEY,
+      user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
+      workout_id INTEGER REFERENCES workouts(id),
+      logged_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+      duration_minutes INTEGER,
+      notes TEXT
+    );
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: gravl-staging
+spec:
+  clusterIP: None
+  selector:
+    app: postgres
+  ports:
+  - name: postgres
+    port: 5432
+    targetPort: 5432