Add ArgoCD and Gitea for GitOps workflow implementation

- Deploy ArgoCD with Helm for GitOps continuous delivery
  * Configure LoadBalancer and Ingress access on LAN
  * Enable ArgoCD Image Updater for automatic "latest" tag updates
  * Simplified RBAC for single-user homelab environment

- Deploy Gitea as self-hosted Git server for local repositories
  * PostgreSQL backend with NFS persistent storage
  * SSH and HTTP access via MetalLB LoadBalancer
  * Integration guides for ArgoCD GitOps workflows

- Add example ArgoCD Application with auto-image updates
- Include comprehensive migration guides from Helm to GitOps
- Maintain compatibility with existing Helm-based deployments

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

gitea_values.yaml

@@ -0,0 +1,117 @@
+# Gitea configuration for TuringPi K3s cluster
+# Self-hosted Git server for ArgoCD integration
+
+# Single replica for homelab
+replicaCount: 1
+
+# Service configuration - LoadBalancer for direct access
+service:
+  http:
+    type: LoadBalancer
+    port: 3000
+    # MetalLB will assign an IP
+  ssh:
+    type: LoadBalancer
+    port: 22
+    # For git SSH access
+
+# Ingress for web access  
+ingress:
+  enabled: true
+  className: nginx
+  pathType: Prefix
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    # Restrict to LAN access (matching your existing pattern)
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+  hosts:
+    - host: gitea.turing.lan
+      paths:
+        - path: /
+          pathType: Prefix
+
+# Storage using your NFS setup
+persistence:
+  enabled: true
+  create: true
+  storageClass: "nfs-client"  # Your existing NFS storage class
+  size: 20Gi
+  accessModes:
+    - ReadWriteOnce
+
+# Database - use PostgreSQL for production-ready setup
+postgresql:
+  enabled: true
+  auth:
+    username: gitea
+    database: gitea
+    # Password will be auto-generated
+  primary:
+    persistence:
+      enabled: true
+      storageClass: "nfs-client"
+      size: 10Gi
+
+# Disable PostgreSQL HA (since we're enabling regular postgresql)
+postgresql-ha:
+  enabled: false
+
+# Disable Valkey cluster (Redis alternative) - not needed for homelab
+valkey-cluster:
+  enabled: false
+
+# Gitea configuration
+gitea:
+  cache:
+    enabled: false
+  admin:
+    username: admin
+    password: "gitea-admin-pass"  # Change this!
+    email: "admin@turing.lan"
+
+  config:
+    APP_NAME: "TuringPi Gitea"
+    RUN_MODE: prod
+    
+    server:
+      DOMAIN: gitea.turing.lan
+      SSH_DOMAIN: gitea.turing.lan
+      ROOT_URL: http://gitea.turing.lan
+      DISABLE_SSH: false
+      SSH_PORT: 22
+      LFS_START_SERVER: true
+    
+    database:
+      DB_TYPE: postgres
+    
+    security:
+      INSTALL_LOCK: true
+    
+    service:
+      DISABLE_REGISTRATION: false  # Allow user registration
+      REQUIRE_SIGNIN_VIEW: false   # Allow anonymous viewing of public repos
+    
+    ui:
+      DEFAULT_THEME: auto
+    
+    repository:
+      DEFAULT_PRIVATE: false       # Public repos by default for easier ArgoCD access
+
+# Resource limits (adjust based on your node capacity)
+resources:
+  limits:
+    cpu: 1000m
+    memory: 1Gi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+# Node affinity (prefer worker nodes, avoid control plane)
+affinity:
+  nodeAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - weight: 100
+      preference:
+        matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: DoesNotExist