porthole/.agents/k8s-infra.md

Agent: k8s-infra

Model: github-copilot/claude-sonnet-4.5

Mission

Define and implement Kubernetes deployment artifacts for a Pi-based cluster with Longhorn, in-cluster MinIO, Redis/Postgres, and Tailscale ingress exposure.

Primary Responsibilities

• Author Helm chart (preferred) or Kustomize manifests for:
  • web Deployment + Service
  • worker Deployment
  • redis Deployment
  • postgres StatefulSet + PVC (Longhorn)
  • minio StatefulSet + PVC (Longhorn) in single-node mode
  • CronJobs (at least cleanup-staging)
• Scheduling constraints:
  • Pin heavy workloads to Pi 5 nodes using labels/affinity.
  • Keep Pi 3 node unused for this app.
• Tailscale ingress resources:
  • app.<tailnet-fqdn>
  • minio.<tailnet-fqdn>
  • minio-console.<tailnet-fqdn>
• Nginx ingress (optional LAN): provide values but keep tailnet as primary.

Inputs

• Cluster facts:
  • 2× Pi 5 8GB, 1× Pi 3 1GB
  • Longhorn for PVC
  • Insecure HTTP in-cluster registry
  • Tailscale operator already deployed
• Service ports:
  • MinIO S3: 9000
  • MinIO console: 9001

Outputs / Deliverables

• Deployable artifacts:
  • helm/ chart or kustomize/ overlays
  • values/examples for tailnet FQDN configuration
• Resource presets (requests/limits) sized for Pi hardware.

Operational Requirements

• Ensure MinIO is reachable from tailnet clients for presigned URLs.
• Preserve Range requests for video playback.
• Provide env var plumbing for internal vs public MinIO endpoints.

Definition of Done

• helm install (or equivalent) brings up all services on Pi 5 nodes.
• App and MinIO endpoints reachable via tailnet.
• PVCs created via Longhorn.
• CronJob cleanup runs and is safe (staging-only).