From 8c5641e8ebb1e339cd0780095d991e0029ff2b26 Mon Sep 17 00:00:00 2001 From: William P Date: Wed, 8 Apr 2026 10:40:16 -0400 Subject: [PATCH] use more sane k8s manifest management --- kubernetes/manifests/cnpg.nix | 109 +----------------- kubernetes/manifests/cnpg/objectstore.yaml | 16 +++ kubernetes/manifests/cnpg/pg-cluster.yaml | 57 +++++++++ kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml | 8 ++ kubernetes/manifests/test-color/deploy.yaml | 17 +++ kubernetes/manifests/test-color/ingress.yaml | 17 +++ kubernetes/manifests/test-color/ns.yaml | 4 + kubernetes/manifests/test-color/svc.yaml | 11 ++ kubernetes/manifests/test.nix | 82 ++----------- 9 files changed, 141 insertions(+), 180 deletions(-) create mode 100644 kubernetes/manifests/cnpg/objectstore.yaml create mode 100644 kubernetes/manifests/cnpg/pg-cluster.yaml create mode 100644 kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml create mode 100644 kubernetes/manifests/test-color/deploy.yaml create mode 100644 kubernetes/manifests/test-color/ingress.yaml create mode 100644 kubernetes/manifests/test-color/ns.yaml create mode 100644 kubernetes/manifests/test-color/svc.yaml diff --git a/kubernetes/manifests/cnpg.nix b/kubernetes/manifests/cnpg.nix index ddff45d..9a92648 100644 --- a/kubernetes/manifests/cnpg.nix +++ b/kubernetes/manifests/cnpg.nix @@ -1,108 +1,7 @@ { services.k3s.manifests = { - "objectstore.yaml".content = { - apiVersion = "barmancloud.cnpg.io/v1"; - kind = "ObjectStore"; - metadata.name = "truenas-s3"; - metadata.namespace = "cloudnativepg"; - spec = { - configuration = { - destinationPath = "s3://weyma-talos-shared-pgsql-new/"; - endpointURL = "http://10.105.15.20:9000"; - s3Credentials = { - accessKeyId = { - key = "s3AccessKey"; - name = "s3-backup-creds"; - }; - secretAccessKey = { - key = "s3SecretKey"; - name = "s3-backup-creds"; - }; - }; - }; - }; - }; - "pg-cluster.yaml".content = { - apiVersion = "postgresql.cnpg.io/v1"; - kind = "Cluster"; - metadata.name = "weyma-bs-pgsql"; - metadata.namespace = "cloudnativepg"; - spec = { - instances = 1; - imageName = "ghcr.io/cloudnative-pg/postgresql:16.9-5-bullseye"; - storage = { - size = "50Gi"; - storageClass = "local-path"; - }; - plugins = [ - { - name = "barman-cloud.cloudnative-pg.io"; - parameters.barmanObjectName = "truenas-s3"; - } - ]; - bootstrap.recovery.source = "weyma-pgsql"; - externalClusters = [ - { - name = "weyma-bs-pgsql"; - plugin = { - name = "barman-cloud.cloudnative-pg.io"; - parameters = { - barmanObjectName = "truenas-s3"; - serverName = "weyma-bs-pgsql"; - }; - }; - } - { - name = "weyma-pgsql"; - connectionParameters = { - host = "10.105.10.24"; - user = "streaming_replica"; - dbname = "postgres"; - sslmode = "require"; - }; - plugin = { - name = "barman-cloud.cloudnative-pg.io"; - parameters = { - barmanObjectName = "truenas-s3"; - serverName = "weyma-pgsql"; - }; - }; - sslKey = { - name = "weyma-pgsql-replication"; - key = "tls.key"; - }; - sslCert = { - name = "weyma-pgsql-replication"; - key = "tls.crt"; - }; - sslRootCert = { - name = "weyma-pgsql-ca"; - key = "ca.crt"; - }; - } - ]; - replica = { - primary = "weyma-pgsql"; - source = "weyma-pgsql"; - }; - managed.services.additional = [ - { - selectorType = "rw"; - serviceTemplate = { - metadata.name = "weyma-bs-pgsql-ext"; - spec.type = "LoadBalancer"; - }; - } - ]; - }; - }; - "weyma-pgsql-ca.yaml".content = { - apiVersion = "v1"; - kind = "Secret"; - metadata.name = "weyma-pgsql-ca"; - metadata.namespace = "cloudnativepg"; - # this is fine to be in plaintext since it's just a cert and contains no key - data."ca.crt" = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJtekNDQVVLZ0F3SUJBZ0lRUjMzT3F3OTJKbDlmeXFzMkZyREd0akFLQmdncWhrak9QUVFEQWpBdU1SWXcKRkFZRFZRUUxFdzFqYkc5MVpHNWhkR2wyWlhCbk1SUXdFZ1lEVlFRREV3dDNaWGx0WVMxd1ozTnhiREFlRncweQpOVEV5TWpnd01URTROVEZhRncweU5qQXpNamd3TVRFNE5URmFNQzR4RmpBVUJnTlZCQXNURFdOc2IzVmtibUYwCmFYWmxjR2N4RkRBU0JnTlZCQU1UQzNkbGVXMWhMWEJuYzNGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUU5c1R4R0tLNWdRVnhmZzNkZWtlbHpFSGlMbG5GaHBZa1hTMzJSYlphV0llZ3ZWWk11cC9TRmU4YQoyai92TWdETldpZVJWcHBTVElBeml0YUxQYXdvSktOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRysxclg2aUgwaG50bE0yaEpXdnpGaW9peTZGTUFvR0NDcUcKU000OUJBTUNBMGNBTUVRQ0lBeXhPS3VGVFhhQUJwaGhJZDI0VXZkU0FLTytPanpIZStvbVJYeDdqbTJOQWlCbAo1TVc0MDZzU3haTDgydTFtL2J3V0JXQWZPTWhLNXVlYmIyemR3QzE0Vmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="; - }; + "objectstore.yaml".source = ./cnpg/objectstore.yaml; + "pg-cluster.yaml".source = ./cnpg/pg-cluster.yaml; + "weyma-pgsql-ca.yaml".source = ./cnpg/weyma-pgsql-ca.yaml; }; -} \ No newline at end of file +} diff --git a/kubernetes/manifests/cnpg/objectstore.yaml b/kubernetes/manifests/cnpg/objectstore.yaml new file mode 100644 index 0000000..c323ec6 --- /dev/null +++ b/kubernetes/manifests/cnpg/objectstore.yaml @@ -0,0 +1,16 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: truenas-s3 + namespace: cloudnativepg +spec: + configuration: + destinationPath: s3://weyma-talos-shared-pgsql-new/ + endpointURL: http://10.105.15.20:9000 + s3Credentials: + accessKeyId: + key: s3AccessKey + name: s3-backup-creds + secretAccessKey: + key: s3SecretKey + name: s3-backup-creds diff --git a/kubernetes/manifests/cnpg/pg-cluster.yaml b/kubernetes/manifests/cnpg/pg-cluster.yaml new file mode 100644 index 0000000..9d2959d --- /dev/null +++ b/kubernetes/manifests/cnpg/pg-cluster.yaml @@ -0,0 +1,57 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: weyma-bs-pgsql + namespace: cloudnativepg +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:16.9-5-bullseye + storage: + size: 50Gi + storageClass: local-path + plugins: + - name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: truenas-s3 + bootstrap: + recovery: + source: weyma-pgsql + externalClusters: + - name: weyma-bs-pgsql + plugin: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: truenas-s3 + serverName: weyma-bs-pgsql + - name: weyma-pgsql + connectionParameters: + host: "10.105.10.24" + user: streaming_replica + dbname: postgres + sslmode: require + plugin: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: truenas-s3 + serverName: weyma-pgsql + sslKey: + name: weyma-pgsql-replication + key: tls.key + sslCert: + name: weyma-pgsql-replication + key: tls.crt + sslRootCert: + name: weyma-pgsql-ca + key: ca.crt + replica: + primary: weyma-pgsql + source: weyma-pgsql + managed: + services: + additional: + - selectorType: rw + serviceTemplate: + metadata: + name: weyma-bs-pgsql-ext + spec: + type: LoadBalancer diff --git a/kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml b/kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml new file mode 100644 index 0000000..68a8972 --- /dev/null +++ b/kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: weyma-pgsql-ca + namespace: cloudnativepg +# This is fine to be in plaintext since it's just a cert and contains no key +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJtekNDQVVLZ0F3SUJBZ0lRUjMzT3F3OTJKbDlmeXFzMkZyREd0akFLQmdncWhrak9QUVFEQWpBdU1SWXcKRkFZRFZRUUxFdzFqYkc5MVpHNWhkR2wyWlhCbk1SUXdFZ1lEVlFRREV3dDNaWGx0WVMxd1ozTnhiREFlRncweQpOVEV5TWpnd01URTROVEZhRncweU5qQXpNamd3TVRFNE5URmFNQzR4RmpBVUJnTlZCQXNURFdOc2IzVmtibUYwCmFYWmxjR2N4RkRBU0JnTlZCQU1UQzNkbGVXMWhMWEJuYzNGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUU5c1R4R0tLNWdRVnhmZzNkZWtlbHpFSGlMbG5GaHBZa1hTMzJSYlphV0llZ3ZWWk11cC9TRmU4YQoyai92TWdETldpZVJWcHBTVElBeml0YUxQYXdvSktOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRysxclg2aUgwaG50bE0yaEpXdnpGaW9peTZGTUFvR0NDcUcKU000OUJBTUNBMGNBTUVRQ0lBeXhPS3VGVFhhQUJwaGhJZDI0VXZkU0FLTytPanpIZStvbVJYeDdqbTJOQWlCbAo1TVc0MDZzU3haTDgydTFtL2J3V0JXQWZPTWhLNXVlYmIyemR3QzE0Vmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== diff --git a/kubernetes/manifests/test-color/deploy.yaml b/kubernetes/manifests/test-color/deploy.yaml new file mode 100644 index 0000000..96e6189 --- /dev/null +++ b/kubernetes/manifests/test-color/deploy.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-color + namespace: test-color +spec: + selector: + matchLabels: + app: test-color + template: + metadata: + labels: + app: test-color + spec: + containers: + - name: test-color + image: kodekloud/webapp-color:latest diff --git a/kubernetes/manifests/test-color/ingress.yaml b/kubernetes/manifests/test-color/ingress.yaml new file mode 100644 index 0000000..635789f --- /dev/null +++ b/kubernetes/manifests/test-color/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: test-color-ingress + namespace: test-color +spec: + rules: + - host: test-color.weyma-bs.infra.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: test-color + port: + number: 8080 diff --git a/kubernetes/manifests/test-color/ns.yaml b/kubernetes/manifests/test-color/ns.yaml new file mode 100644 index 0000000..159c463 --- /dev/null +++ b/kubernetes/manifests/test-color/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-color diff --git a/kubernetes/manifests/test-color/svc.yaml b/kubernetes/manifests/test-color/svc.yaml new file mode 100644 index 0000000..435aa0a --- /dev/null +++ b/kubernetes/manifests/test-color/svc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: test-color + namespace: test-color +spec: + selector: + app: test-color + ports: + - port: 8080 + targetPort: 8080 diff --git a/kubernetes/manifests/test.nix b/kubernetes/manifests/test.nix index 8163367..22b72e6 100644 --- a/kubernetes/manifests/test.nix +++ b/kubernetes/manifests/test.nix @@ -1,76 +1,8 @@ { - services.k3s.manifests = { - test-color-ns.content = { - apiVersion = "v1"; - kind = "Namespace"; - metadata = { - name = "test-color"; - }; - }; - test-color-deploy.content = { - apiVersion = "apps/v1"; - kind = "Deployment"; - metadata = { - name = "test-color"; - namespace = "test-color"; - }; - spec = { - selector = { - matchLabels = { - app = "test-color"; - }; - }; - template = { - metadata = { - labels = { - app = "test-color"; - }; - }; - spec = { - containers = [ - { - name = "test-color"; - image = "kodekloud/webapp-color:latest"; - } - ]; - }; - }; - }; - }; - test-color-svc.content = { - apiVersion = "v1"; - kind = "Service"; - metadata = { - name = "test-color"; - namespace = "test-color"; - }; - spec = { - selector.app = "test-color"; - ports = [{port = 8080; targetPort = 8080;}]; - }; - }; - test-color-ingress.content = { - apiVersion = "networking.k8s.io/v1"; - kind = "Ingress"; - metadata = { - name = "test-color-ingress"; - namespace = "test-color"; - }; - spec = { - rules = [ - { - host = "test-color.weyma-bs.infra.dubyatp.xyz"; - http.paths = [{ - pathType = "Prefix"; - path = "/"; - backend.service = { - name = "test-color"; - port.number = 8080; - }; - }]; - } - ]; - }; - }; - }; -} \ No newline at end of file + services.k3s.manifests = { + "test-color-ns.yaml".source = ./test-color/ns.yaml; + "test-color-deploy.yaml".source = ./test-color/deploy.yaml; + "test-color-svc.yaml".source = ./test-color/svc.yaml; + "test-color-ingress.yaml".source = ./test-color/ingress.yaml; + }; +}