refactor(stacks): 🚚 migrate sizer-receiver from garm to ci-sizer namespace

Move sizer-receiver ArgoCD app and manifests from stacks/garm/ to
stacks/ci-sizer/. The sizer is provider-agnostic and no longer
belongs in the GARM-specific stack.

- destination namespace: garm → ci-sizer
- ArgoCD source path: stacks/garm/ → stacks/ci-sizer/
- ingress namespace: garm → ci-sizer
- GARM_URL unchanged (garm.garm.svc.cluster.local) — GARM server stays in its namespace
- Secrets (sizer-tokens, sizer-oidc-client, garm-fixed-credentials) must exist in ci-sizer namespace

template/stacks/ci-sizer/sizer-receiver.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sizer-receiver
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: -1
+  destination:
+    name: in-cluster
+    namespace: ci-sizer
+  source:
+    repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
+    targetRevision: HEAD
+    path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/ci-sizer/sizer-receiver"

template/stacks/ci-sizer/sizer-receiver/deployment.yaml

@@ -0,0 +1,126 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sizer-receiver
+  labels:
+    app: sizer-receiver
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sizer-receiver
+  template:
+    metadata:
+      labels:
+        app: sizer-receiver
+    spec:
+      securityContext:
+        fsGroup: 65534
+      containers:
+        - name: receiver
+          image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:latest
+          imagePullPolicy: Always
+          args:
+            - --db=/data/metrics.db
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: RECEIVER_READ_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: sizer-tokens
+                  key: read-token
+            - name: RECEIVER_HMAC_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: sizer-tokens
+                  key: hmac-key
+            - name: GARM_URL
+              value: "http://garm.garm.svc.cluster.local:80"
+            - name: GARM_USER
+              value: "admin"
+            - name: GARM_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: garm-fixed-credentials
+                  key: admin_password
+            - name: RECEIVER_OIDC_ISSUER
+              value: "https://dex.{{{ .Env.DOMAIN }}}"
+            - name: RECEIVER_OIDC_CLIENT_ID
+              value: "ci-sizer"
+            - name: RECEIVER_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: sizer-oidc-client
+                  key: client-secret
+            - name: RECEIVER_OIDC_REDIRECT_URI
+              value: "https://sizer.{{{ .Env.DOMAIN }}}/ui/callback"
+            - name: RECEIVER_SESSION_TTL
+              value: "12h"
+            - name: RECEIVER_ALLOWED_ORG
+              value: "{{{ .Env.SIZER_ALLOWED_ORG }}}"
+            - name: RECEIVER_CPU_SIZING_MODE
+              value: "observe"
+            - name: RECEIVER_MEMORY_QOS
+              value: "guaranteed"
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 2
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 50m
+              memory: 64Mi
+            limits:
+              cpu: 200m
+              memory: 128Mi
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: sizer-receiver-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sizer-receiver
+  labels:
+    app: sizer-receiver
+spec:
+  selector:
+    app: sizer-receiver
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sizer-receiver-data
+  labels:
+    app: sizer-receiver
+  annotations:
+    everest.io/disk-volume-type: GPSSD
+spec:
+  storageClassName: csi-disk
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

template/stacks/ci-sizer/sizer-receiver/ingress.yaml

@@ -0,0 +1,40 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: main
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+    dns.gardener.cloud/class: garden
+    dns.gardener.cloud/dnsnames: sizer.{{{ .Env.DOMAIN }}}
+    dns.gardener.cloud/ttl: "600"
+{{{ end }}}
+  name: sizer-receiver
+  namespace: ci-sizer
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: sizer.{{{ .Env.DOMAIN }}}
+      http:
+        paths:
+          - backend:
+              service:
+                name: sizer-receiver
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
+    - host: ci-sizer.{{{ .Env.DOMAIN }}}
+      http:
+        paths:
+          - backend:
+              service:
+                name: sizer-receiver
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - sizer.{{{ .Env.DOMAIN }}}
+      secretName: sizer-receiver-tls