# Longhorn backup target credentials → Hetzner Object Storage (S3-compatible).
# Template — fill + apply OUT-OF-BAND, never commit real keys. Store the keys
# in Bitwarden.
#
#   1. Create a bucket (e.g. dezky-longhorn) + an S3 key pair in Hetzner Cloud
#      Console → Object Storage. Note the endpoint, e.g.:
#        Falkenstein  https://fsn1.your-objectstorage.com
#        Nuremberg    https://nbg1.your-objectstorage.com
#        Helsinki     https://hel1.your-objectstorage.com
#   2. Fill this and apply:
#        kubectl apply -f /tmp/longhorn-backup-secret.yaml
#   3. Set the backup target (UI: Settings → General, or in values.yaml):
#        Backup Target:            s3://dezky-longhorn@fsn1/
#        Backup Target Credential: longhorn-backup-secret
#      (The "@fsn1" region tag is just a label for non-AWS S3; the real endpoint
#       comes from AWS_ENDPOINTS below.)
apiVersion: v1
kind: Secret
metadata:
  name: longhorn-backup-secret
  namespace: longhorn-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: REPLACE_hetzner_s3_access_key
  AWS_SECRET_ACCESS_KEY: REPLACE_hetzner_s3_secret_key
  AWS_ENDPOINTS: https://fsn1.your-objectstorage.com
  # Hetzner Object Storage uses virtual-hosted-style addressing.
  VIRTUAL_HOSTED_STYLE: "true"