feat(infra): add all Kubernetes manifests

- namespace, temporal server, workspaces PVC
- API server deployment, service, serviceaccount, RBAC
- Dev overlay

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

apps/api/infra/base/deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: shannon-api
+  namespace: shannon
+  labels:
+    app: shannon-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: shannon-api
+  template:
+    metadata:
+      labels:
+        app: shannon-api
+    spec:
+      serviceAccountName: shannon-api
+      containers:
+        - name: api
+          image: keygraph/shannon-api:latest
+          ports:
+            - containerPort: 3000
+              name: http
+          env:
+            - name: TEMPORAL_ADDRESS
+              value: shannon-temporal:7233
+            - name: WORKER_IMAGE
+              value: keygraph/shannon:latest
+            - name: K8S_NAMESPACE
+              value: shannon
+          envFrom:
+            - secretRef:
+                name: shannon-credentials
+          volumeMounts:
+            - name: workspaces
+              mountPath: /app/workspaces
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 3000
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 3000
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          resources:
+            requests:
+              memory: 128Mi
+              cpu: 100m
+            limits:
+              memory: 256Mi
+      volumes:
+        - name: workspaces
+          persistentVolumeClaim:
+            claimName: shannon-workspaces

apps/api/infra/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - serviceaccount.yaml
+  - rbac.yaml

apps/api/infra/base/rbac.yaml

@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: shannon-api
+  namespace: shannon
+rules:
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["create", "get", "list", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: shannon-api
+  namespace: shannon
+subjects:
+  - kind: ServiceAccount
+    name: shannon-api
+    namespace: shannon
+roleRef:
+  kind: Role
+  name: shannon-api
+  apiGroup: rbac.authorization.k8s.io

apps/api/infra/base/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: shannon-api
+  namespace: shannon
+spec:
+  selector:
+    app: shannon-api
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000

apps/api/infra/base/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: shannon-api
+  namespace: shannon

apps/api/infra/overlays/dev/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+patches:
+  - patch: |-
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: shannon-api
+      spec:
+        template:
+          spec:
+            containers:
+              - name: api
+                imagePullPolicy: Never