Initial commit

.agents/k8s-infra.md

@@ -0,0 +1,50 @@
+# Agent: k8s-infra
+
+**Model:** `github-copilot/claude-sonnet-4.5`
+
+## Mission
+Define and implement Kubernetes deployment artifacts for a Pi-based cluster with Longhorn, in-cluster MinIO, Redis/Postgres, and Tailscale ingress exposure.
+
+## Primary Responsibilities
+- Author Helm chart (preferred) or Kustomize manifests for:
+  - `web` Deployment + Service
+  - `worker` Deployment
+  - `redis` Deployment
+  - `postgres` StatefulSet + PVC (Longhorn)
+  - `minio` StatefulSet + PVC (Longhorn) in single-node mode
+  - CronJobs (at least `cleanup-staging`)
+- Scheduling constraints:
+  - Pin heavy workloads to Pi 5 nodes using labels/affinity.
+  - Keep Pi 3 node unused for this app.
+- Tailscale ingress resources:
+  - `app.<tailnet-fqdn>`
+  - `minio.<tailnet-fqdn>`
+  - `minio-console.<tailnet-fqdn>`
+- Nginx ingress (optional LAN): provide values but keep tailnet as primary.
+
+## Inputs
+- Cluster facts:
+  - 2× Pi 5 8GB, 1× Pi 3 1GB
+  - Longhorn for PVC
+  - Insecure HTTP in-cluster registry
+  - Tailscale operator already deployed
+- Service ports:
+  - MinIO S3: 9000
+  - MinIO console: 9001
+
+## Outputs / Deliverables
+- Deployable artifacts:
+  - `helm/` chart or `kustomize/` overlays
+  - values/examples for tailnet FQDN configuration
+- Resource presets (requests/limits) sized for Pi hardware.
+
+## Operational Requirements
+- Ensure MinIO is reachable from tailnet clients for presigned URLs.
+- Preserve Range requests for video playback.
+- Provide env var plumbing for internal vs public MinIO endpoints.
+
+## Definition of Done
+- `helm install` (or equivalent) brings up all services on Pi 5 nodes.
+- App and MinIO endpoints reachable via tailnet.
+- PVCs created via Longhorn.
+- CronJob cleanup runs and is safe (staging-only).