apiVersion: v1
kind: Service
metadata: { name: redis, namespace: db }
spec:
  ports: [{ port: 6379, targetPort: 6379 }]
  selector: { app: redis }
---
apiVersion: apps/v1
kind: StatefulSet
metadata: { name: redis, namespace: db }
spec:
  serviceName: redis
  replicas: 1
  selector: { matchLabels: { app: redis } }
  template:
    metadata: { labels: { app: redis } }
    spec:
      nodeSelector: { node: hetzner-2 }
      containers:
      - name: redis
        image: redis:7
        args: ["--requirepass", "$(REDIS_PASSWORD)"]
        env:
          - name: REDIS_PASSWORD
            valueFrom: { secretKeyRef: { name: redis-auth, key: REDIS_PASSWORD } }
        ports: [{ containerPort: 6379 }]
        volumeMounts:
          - { name: data, mountPath: /data }
  volumeClaimTemplates:
  - metadata: { name: data }
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: local-ssd-hetzner
      resources: { requests: { storage: 10Gi } }
---
apiVersion: v1
kind: Secret
metadata: { name: redis-auth, namespace: db }
type: Opaque
stringData: { REDIS_PASSWORD: "RED1S" }