docs: add Kubernetes deployment section to README

README.md

@@ -321,6 +321,112 @@ Example OpenClaw workflow:
 8. OpenClaw calls `POST /api/v1/portfolio/analyze` with user's holdings
 9. OpenClaw's LLM synthesizes all structured data into a personalized recommendation
 
+## Kubernetes Deployment
+
+### Prerequisites
+
+- Kubernetes cluster with ingress-nginx
+- Docker Registry at `192.168.68.11:30500`
+- Drone CI connected to Gitea
+- ArgoCD installed
+
+### Architecture
+
+```
+git push → Gitea → Drone CI (kaniko) → Docker Registry → ArgoCD → K8s
+```
+
+### Cluster Info
+
+| Component | Value |
+|-----------|-------|
+| API URL | `https://invest-api.k8s.home` |
+| Namespace | `invest-api` |
+| Image | `192.168.68.11:30500/invest-api:latest` |
+| Resources | 100m-500m CPU, 256Mi-512Mi memory |
+| Health check | `GET /health` on port 8000 |
+
+### K8s Manifests
+
+Located in `k8s/base/` (Kustomize):
+
+| File | Description |
+|------|-------------|
+| `namespace.yaml` | `invest-api` namespace |
+| `deployment.yaml` | App deployment with health probes |
+| `service.yaml` | ClusterIP service on port 8000 |
+| `ingress.yaml` | Ingress for `invest-api.k8s.home` |
+| `secret.yaml` | Template for API keys |
+| `kustomization.yaml` | Kustomize resource list |
+
+ArgoCD Application defined in `k8s/argocd-app.yaml`.
+
+### CI/CD Pipeline
+
+`.drone.yml` uses kaniko to build and push:
+
+```yaml
+kind: pipeline
+type: kubernetes
+name: build-and-push
+
+trigger:
+  branch: [main, develop]
+  event: [push, custom]
+
+steps:
+  - name: build-and-push
+    image: gcr.io/kaniko-project/executor:debug
+    commands:
+      - /kaniko/executor
+        --context=/drone/src
+        --dockerfile=Dockerfile
+        --destination=192.168.68.11:30500/invest-api:${DRONE_COMMIT_SHA:0:8}
+        --destination=192.168.68.11:30500/invest-api:latest
+        --insecure --skip-tls-verify
+```
+
+### Deploy from Scratch
+
+1. Deploy Docker Registry:
+   ```bash
+   kubectl apply -k k8s-infra/registry/
+   ```
+
+2. Configure containerd on worker nodes to trust insecure registry (see `HomeLab Infrastructure` doc)
+
+3. Push code to Gitea -- Drone builds and pushes image automatically
+
+4. Apply ArgoCD Application:
+   ```bash
+   kubectl apply -f k8s/argocd-app.yaml
+   ```
+
+5. Create API key secrets (optional):
+   ```bash
+   kubectl -n invest-api create secret generic invest-api-secrets \
+     --from-literal=INVEST_API_FINNHUB_API_KEY=your_key \
+     --from-literal=INVEST_API_FRED_API_KEY=your_key \
+     --from-literal=INVEST_API_ALPHAVANTAGE_API_KEY=your_key
+   ```
+
+6. Add DNS: `invest-api.k8s.home → 192.168.68.22`
+
+7. Verify:
+   ```bash
+   curl -k https://invest-api.k8s.home/health
+   curl -k https://invest-api.k8s.home/api/v1/stock/AAPL/quote
+   ```
+
+### Docker
+
+Build and run locally:
+
+```bash
+docker build -t invest-api .
+docker run -p 8000:8000 invest-api
+```
+
 ## Data Sources
 
 | Source | Cost | Key Required | Data Provided |