feat(deploy): configure ingress with gingress, cert-manager TLS, and SSH LB

- Set primary domain gitdata.ai and static.gitdata.ai with cert-manager TLS
- Add LoadBalancer service for gitserver SSH (port 2222)
- Exclude .server.yaml from Helm packaging

deploy/.helmignore

@@ -21,3 +21,5 @@
 .idea/
 *.tmproj
 .vscode/
+# Secrets
+.server.yaml

deploy/templates/gitserver/ssh-service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "deploy.serviceFullname" (dict "root" . "svcKey" "gitserver") }}-ssh
+  labels:
+    {{- include "deploy.labels" . | nindent 4 }}
+    app.kubernetes.io/component: gitserver
+spec:
+  type: LoadBalancer
+  ports:
+    - port: {{ .Values.services.gitserver.ports.ssh }}
+      targetPort: ssh
+      protocol: TCP
+      name: ssh
+  selector:
+    {{- include "deploy.serviceSelectorLabels" (dict "root" . "svcKey" "gitserver") | nindent 4 }}

deploy/values.yaml

@@ -140,22 +140,30 @@ services:
 # External PVC (managed outside Helm — not deleted on uninstall)
 pvcName: "shared-data"
 
-# Ingress — only for the main app service
+# Ingress — handled by gingress controller
 ingress:
-  enabled: false
-  className: ""
-  annotations: {}
+  enabled: true
+  className: "gingress"
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
   hosts:
-    - host: chart-example.local
+    - host: gitdata.ai
       paths:
         - path: /
           pathType: Prefix
           serviceName: app
           servicePort: 3000
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+    - host: static.gitdata.ai
+      paths:
+        - path: /
+          pathType: Prefix
+          serviceName: static_server
+          servicePort: 8081
+  tls:
+    - secretName: gitdata-ai-tls
+      hosts:
+        - gitdata.ai
+        - static.gitdata.ai
 
 imagePullSecrets: []
 nameOverride: ""