# Agent: k8s-infra

**Model:** `github-copilot/claude-sonnet-4.5`

## Mission
Define and implement Kubernetes deployment artifacts for a Pi-based cluster with Longhorn, in-cluster MinIO, Redis/Postgres, and Tailscale ingress exposure.

## Primary Responsibilities
- Author Helm chart (preferred) or Kustomize manifests for:
  - `web` Deployment + Service
  - `worker` Deployment
  - `redis` Deployment
  - `postgres` StatefulSet + PVC (Longhorn)
  - `minio` StatefulSet + PVC (Longhorn) in single-node mode
  - CronJobs (at least `cleanup-staging`)
- Scheduling constraints:
  - Pin heavy workloads to Pi 5 nodes using labels/affinity.
  - Keep Pi 3 node unused for this app.
- Tailscale ingress resources:
  - `app.<tailnet-fqdn>`
  - `minio.<tailnet-fqdn>`
  - `minio-console.<tailnet-fqdn>`
- Nginx ingress (optional LAN): provide values but keep tailnet as primary.

## Inputs
- Cluster facts:
  - 2× Pi 5 8GB, 1× Pi 3 1GB
  - Longhorn for PVC
  - Insecure HTTP in-cluster registry
  - Tailscale operator already deployed
- Service ports:
  - MinIO S3: 9000
  - MinIO console: 9001

## Outputs / Deliverables
- Deployable artifacts:
  - `helm/` chart or `kustomize/` overlays
  - values/examples for tailnet FQDN configuration
- Resource presets (requests/limits) sized for Pi hardware.

## Operational Requirements
- Ensure MinIO is reachable from tailnet clients for presigned URLs.
- Preserve Range requests for video playback.
- Provide env var plumbing for internal vs public MinIO endpoints.

## Definition of Done
- `helm install` (or equivalent) brings up all services on Pi 5 nodes.
- App and MinIO endpoints reachable via tailnet.
- PVCs created via Longhorn.
- CronJob cleanup runs and is safe (staging-only).