apiVersion: v1
kind: Namespace
metadata: { name: storage }
---
# k8s/storage/minio/secret.yaml
apiVersion: v1
kind: Secret
metadata: { name: minio-root, namespace: storage }
type: Opaque
stringData:
  MINIO_ROOT_USER: "minioadmin"
  MINIO_ROOT_PASSWORD: "minioadmin"

---
# k8s/storage/minio/pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata: { name: minio-data, namespace: storage }
spec:
  accessModes: ["ReadWriteOnce"]
  storageClassName: local-ssd-hetzner
  resources: { requests: { storage: 20Gi } }

---
# k8s/storage/minio/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata: { name: minio, namespace: storage }
spec:
  replicas: 1
  selector: { matchLabels: { app: minio } }
  template:
    metadata: { labels: { app: minio } }
    spec:
      containers:
      - name: minio
        image: minio/minio:latest
        args: ["server","/data","--console-address",":9001"]
        envFrom: [{ secretRef: { name: minio-root } }]
        ports:
          - { containerPort: 9000 } # S3
          - { containerPort: 9001 } # Console
        volumeMounts:
          - { name: data, mountPath: /data }
      volumes:
        - name: data
          persistentVolumeClaim: { claimName: minio-data }
---
apiVersion: v1
kind: Service
metadata: { name: minio, namespace: storage }
spec:
  selector: { app: minio }
  ports:
    - { name: s3,      port: 9000, targetPort: 9000 }
    - { name: console, port: 9001, targetPort: 9001 }
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minio
  namespace: storage
  annotations: { cert-manager.io/cluster-issuer: letsencrypt-prod }
spec:
  ingressClassName: nginx
  tls: [{ hosts: ["minio.betelgeusebytes.io"], secretName: minio-tls }]
  rules:
  - host: minio.betelgeusebytes.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend: { service: { name: minio, port: { number: 9001 } } }
---
# PV
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-minio
spec:
  capacity:
    storage: 20Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-ssd-hetzner
  local:
    path: /mnt/local-ssd/minio
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - hetzner-2