Deploy to production: GitHub Actions + ghcr.io + Kubernetes

- Switch from Gitea to GitHub Container Registry (ghcr.io)
- Add GitHub Actions workflow with Tailscale connectivity
- Update k8s manifests for cloud nodes and Traefik ingress
- Configure for turbo.kazcloud.dev domain
- Test deployment with home page text change

k8s/configmap.yaml

@@ -8,8 +8,7 @@ data:
   RAILS_LOG_TO_STDOUT: "true"
   RAILS_SERVE_STATIC_FILES: "true"
   RAILS_MAX_THREADS: "5"
-  # Update these values for your environment
-  DATABASE_HOST: "db.rbeowfzliacsawrziniv.supabase.co"  # Your PostgreSQL service name or external host
-  DATABASE_PORT: "5432"
+  DATABASE_HOST: "aws-1-us-east-2.pooler.supabase.com"  # Your PostgreSQL service name or external host
+  DATABASE_PORT: "6543"
   DATABASE_NAME: "postgres"
-  DATABASE_USERNAME: "postgres"
+  DATABASE_USERNAME: "postgres.rbeowfzliacsawrziniv"

k8s/deployment.yaml

@@ -20,18 +20,20 @@ spec:
       labels:
         app: turbovault
     spec:
-      # Pull images from container registry
-      # For private registries, uncomment and create secret:
-      # imagePullSecrets:
-      # - name: registry-secret
+      # Deploy to cloud nodes only
+      nodeSelector:
+        node-role: cloud
+      # Pull images from private GitHub Container Registry
+      imagePullSecrets:
+      - name: ghcr-secret
       containers:
       - name: turbovault
         # UPDATE THIS: Replace with your registry path
         # Examples:
-        #   - Gitea: gitea.kazcloud.dev/ryankazokas/turbovault-app:latest
+        #   - Gitea: gitea.kazcloud.dev/ryan/turbovault-app:latest
         #   - GitHub Container Registry: ghcr.io/ryankazokas/turbovault-app:latest
         #   - Docker Hub: docker.io/username/turbovault:latest
-        image: gitea.kazcloud.dev/ryankazokas/turbovault-app:latest
+        image: ghcr.io/ryankazokas/turbovault-app:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 3000

k8s/ingress.yaml

@@ -4,13 +4,13 @@ metadata:
   name: turbovault-ingress
   namespace: turbovault
   annotations:
-    # Update these based on your ingress controller
-    # nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # Use Traefik with Let's Encrypt (same as Gitea)
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
 spec:
-  ingressClassName: nginx  # Or traefik, depending on your setup
+  ingressClassName: traefik
   rules:
-  - host: turbovault.example.com  # Update with your domain
+  - host: turbo.kazcloud.dev
     http:
       paths:
       - path: /
@@ -20,8 +20,3 @@ spec:
             name: turbovault-service
             port:
               number: 80
-  # Uncomment for TLS/HTTPS
-  # tls:
-  # - hosts:
-  #   - turbovault.example.com
-  #   secretName: turbovault-tls

k8s/migrate-job.yaml

@@ -7,6 +7,7 @@ metadata:
     app: turbovault
     job: migrate
 spec:
+  backoffLimit: 3
   template:
     metadata:
       labels:
@@ -14,14 +15,14 @@ spec:
         job: migrate
     spec:
       restartPolicy: OnFailure
-      # For private registries, uncomment and create secret:
-      # imagePullSecrets:
-      # - name: registry-secret
+      # Pull images from private GitHub Container Registry
+      imagePullSecrets:
+      - name: ghcr-secret
       containers:
       - name: migrate
         # UPDATE THIS: Replace with your registry path (same as deployment.yaml)
-        image: gitea.kazcloud.dev/ryankazokas/turbovault-app:latest
-        command: ["bundle", "exec", "rails", "db:migrate"]
+        image: ghcr.io/ryankazokas/turbovault-app:latest
+        command: ["bin/rails", "db:migrate"]
         env:
         # Load from ConfigMap
         - name: RAILS_ENV
@@ -60,4 +61,3 @@ spec:
             secretKeyRef:
               name: turbovault-secrets
               key: SECRET_KEY_BASE
-      backoffLimit: 3