feat: add Gitea CI workflows and split deploy manifests

Add build and kubernetes-deploy Gitea Actions workflows, and split deploy/manifests.yaml into individual manifest files.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

deploy/clusterrole_gateway-cert-operator.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gateway-cert-operator
+  labels:
+    app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: operator
+rules:
+  # Watch and read Certificates
+  - apiGroups: ["cert-manager.io"]
+    resources: ["certificates"]
+    verbs: ["get", "list", "watch"]
+  # Read and patch Gateways
+  - apiGroups: ["gateway.networking.k8s.io"]
+    resources: ["gateways"]
+    verbs: ["get", "list", "watch", "patch"]
+  # Emit events
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]

deploy/clusterrolebinding_gateway-cert-operator.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gateway-cert-operator
+  labels:
+    app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gateway-cert-operator
+subjects:
+  - kind: ServiceAccount
+    name: gateway-cert-operator
+    namespace: gateway-cert-operator-system

deploy/deployment_gateway-cert-operator.yaml

@@ -1,46 +1,3 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: gateway-cert-operator-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: gateway-cert-operator
-  namespace: gateway-cert-operator-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: gateway-cert-operator
-rules:
-  # Watch and read Certificates
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates"]
-    verbs: ["get", "list", "watch"]
-  # Read and patch Gateways
-  - apiGroups: ["gateway.networking.k8s.io"]
-    resources: ["gateways"]
-    verbs: ["get", "list", "watch", "patch"]
-  # Emit events
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: gateway-cert-operator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gateway-cert-operator
-subjects:
-  - kind: ServiceAccount
-    name: gateway-cert-operator
-    namespace: gateway-cert-operator-system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -48,6 +5,7 @@ metadata:
   namespace: gateway-cert-operator-system
   labels:
     app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: operator
 spec:
   replicas: 1
   selector:
@@ -57,8 +15,10 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: gateway-cert-operator
+        app.kubernetes.io/component: operator
     spec:
       serviceAccountName: gateway-cert-operator
+      terminationGracePeriodSeconds: 10
       securityContext:
         runAsNonRoot: true
         seccompProfile:

deploy/namespace_gateway-cert-operator-system.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gateway-cert-operator-system
+  labels:
+    app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: operator

deploy/service_gateway-cert-operator-metrics.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gateway-cert-operator-metrics
+  namespace: gateway-cert-operator-system
+  labels:
+    app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: metrics
+spec:
+  selector:
+    app.kubernetes.io/name: gateway-cert-operator
+  ports:
+    - name: metrics
+      port: 8080
+      targetPort: metrics
+      protocol: TCP

deploy/serviceaccount_gateway-cert-operator.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gateway-cert-operator
+  namespace: gateway-cert-operator-system
+  labels:
+    app.kubernetes.io/name: gateway-cert-operator
+    app.kubernetes.io/component: operator