refactor(deploy): remove gingress controller, switch to nginx ingress

- Delete gingress templates (deployment, rbac, service)
- Remove gingress config block from values.yaml
- Switch ingress class to nginx with full annotations:
  - Unlimited body size for large file uploads
  - WebSocket support with 1h timeouts
  - Cookie-based session affinity
  - Real IP passthrough via X-Forwarded-For

deploy/templates/gingress/deployment.yaml

@@ -1,69 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gingress-controller
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
-  labels:
-    app: gingress
-spec:
-  replicas: {{ .Values.gingress.replicaCount | default 2 }}
-  selector:
-    matchLabels:
-      app: gingress
-  template:
-    metadata:
-      labels:
-        app: gingress
-    spec:
-      serviceAccountName: gingress-controller
-      containers:
-        - name: gingress
-          image: "{{ .Values.imageRegistry }}/{{ .Values.gingress.repository }}:{{ .Values.imageTag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.gingress.imagePullPolicy | default "IfNotPresent" }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          args:
-            - "--ingress-class=gingress"
-            - "--bind-http=0.0.0.0:{{ .Values.gingress.httpPort | default 80 }}"
-            - "--bind-https=0.0.0.0:{{ .Values.gingress.httpsPort | default 443 }}"
-            - "--metrics-bind=0.0.0.0:8080"
-          ports:
-            - name: http
-              containerPort: {{ .Values.gingress.httpPort | default 80 }}
-              protocol: TCP
-            - name: https
-              containerPort: {{ .Values.gingress.httpsPort | default 443 }}
-              protocol: TCP
-            - name: metrics
-              containerPort: 8080
-              protocol: TCP
-          env:
-            - name: RUST_LOG
-              value: {{ .Values.gingress.logLevel | default "info" | quote }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 8080
-            initialDelaySeconds: 10
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: 8080
-            initialDelaySeconds: 5
-            periodSeconds: 5
-          {{- with .Values.gingress.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 100
-              podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app: gingress
-                topologyKey: kubernetes.io/hostname

deploy/templates/gingress/rbac.yaml

@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: gingress-controller
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: gingress-controller
-rules:
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses", "ingressclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: [""]
-    resources: ["services", "endpoints", "endpointslices", "secrets", "nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: gingress-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gingress-controller
-subjects:
-  - kind: ServiceAccount
-    name: gingress-controller
-    namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
----
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  name: gingress
-spec:
-  controller: gingress.io/gingress-controller

deploy/templates/gingress/service.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gingress
-  namespace: {{ .Values.gingress.namespace | default "gingress-system" }}
-  labels:
-    app: gingress
-spec:
-  type: LoadBalancer
-  selector:
-    app: gingress
-  ports:
-    - name: http
-      port: {{ .Values.gingress.httpPort | default 80 }}
-      targetPort: http
-      protocol: TCP
-    - name: https
-      port: {{ .Values.gingress.httpsPort | default 443 }}
-      targetPort: https
-      protocol: TCP

deploy/values.yaml

@@ -137,29 +137,22 @@ services:
         mountPath: /data
         subPath: static
 
-# Gingress controller configuration
-gingress:
-  namespace: "app"
-  repository: gingress
-  replicaCount: 2
-  httpPort: 80
-  httpsPort: 443
-  logLevel: "info"
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 500m
-      memory: 512Mi
-
-# Ingress — handled by gingress controller
+# Ingress
 ingress:
   enabled: true
-  className: "gingress"
+  className: "nginx"
   annotations:
     cert-manager.io/cluster-issuer: "cloudflare-acme-cluster-issuer"
-    gingress.io/git-backend: "deploy-gitserver:8021"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "INGRESSROUTE"
+    nginx.ingress.kubernetes.io/session-cookie-path: "/"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
+    nginx.ingress.kubernetes.io/enable-real-ip: "true"
+    nginx.ingress.kubernetes.io/real-ip-header: "X-Forwarded-For"
+    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
   hosts:
     - host: gitdata.ai
       paths: