use more sane k8s manifest management

kubernetes/manifests/cnpg.nix

@@ -1,108 +1,7 @@
 {
   services.k3s.manifests = {
-    "objectstore.yaml".content = {
+    "objectstore.yaml".source = ./cnpg/objectstore.yaml;
-      apiVersion = "barmancloud.cnpg.io/v1";
+    "pg-cluster.yaml".source = ./cnpg/pg-cluster.yaml;
-      kind = "ObjectStore";
+    "weyma-pgsql-ca.yaml".source = ./cnpg/weyma-pgsql-ca.yaml;
-      metadata.name = "truenas-s3";
-      metadata.namespace = "cloudnativepg";
-      spec = {
-        configuration = {
-          destinationPath = "s3://weyma-talos-shared-pgsql-new/";
-          endpointURL = "http://10.105.15.20:9000";
-          s3Credentials = {
-            accessKeyId = {
-              key = "s3AccessKey";
-              name = "s3-backup-creds";
-            };
-            secretAccessKey = {
-              key = "s3SecretKey";
-              name = "s3-backup-creds";
-            };
-          };
-        };
-      };
-    };
-    "pg-cluster.yaml".content = {
-      apiVersion = "postgresql.cnpg.io/v1";
-      kind = "Cluster";
-      metadata.name = "weyma-bs-pgsql";
-      metadata.namespace = "cloudnativepg";
-      spec = {
-        instances = 1;
-        imageName = "ghcr.io/cloudnative-pg/postgresql:16.9-5-bullseye";
-        storage = {
-          size = "50Gi";
-          storageClass = "local-path";
-        };
-        plugins = [
-          {
-            name = "barman-cloud.cloudnative-pg.io";
-            parameters.barmanObjectName = "truenas-s3";
-          }
-        ];
-        bootstrap.recovery.source = "weyma-pgsql";
-        externalClusters = [
-          {
-            name = "weyma-bs-pgsql";
-            plugin = {
-              name = "barman-cloud.cloudnative-pg.io";
-              parameters = {
-                barmanObjectName = "truenas-s3";
-                serverName = "weyma-bs-pgsql";
-              };
-            };
-          }
-          {
-            name = "weyma-pgsql";
-            connectionParameters = {
-              host = "10.105.10.24";
-              user = "streaming_replica";
-              dbname = "postgres";
-              sslmode = "require";
-            };
-            plugin = {
-              name = "barman-cloud.cloudnative-pg.io";
-              parameters = {
-                barmanObjectName = "truenas-s3";
-                serverName = "weyma-pgsql";
-              };
-            };
-            sslKey = {
-              name = "weyma-pgsql-replication";
-              key = "tls.key";
-            };
-            sslCert = {
-              name = "weyma-pgsql-replication";
-              key = "tls.crt";
-            };
-            sslRootCert = {
-              name = "weyma-pgsql-ca";
-              key = "ca.crt";
-            };
-          }
-        ];
-        replica = {
-          primary = "weyma-pgsql";
-          source = "weyma-pgsql";
-        };
-        managed.services.additional = [
-          {
-            selectorType = "rw";
-            serviceTemplate = {
-              metadata.name = "weyma-bs-pgsql-ext";
-              spec.type = "LoadBalancer";
-            };
-          }
-        ];
-      };
-    };
-    "weyma-pgsql-ca.yaml".content = {
-      apiVersion = "v1";
-      kind = "Secret";
-      metadata.name = "weyma-pgsql-ca";
-      metadata.namespace = "cloudnativepg";
-      # this is fine to be in plaintext since it's just a cert and contains no key
-      data."ca.crt" = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJtekNDQVVLZ0F3SUJBZ0lRUjMzT3F3OTJKbDlmeXFzMkZyREd0akFLQmdncWhrak9QUVFEQWpBdU1SWXcKRkFZRFZRUUxFdzFqYkc5MVpHNWhkR2wyWlhCbk1SUXdFZ1lEVlFRREV3dDNaWGx0WVMxd1ozTnhiREFlRncweQpOVEV5TWpnd01URTROVEZhRncweU5qQXpNamd3TVRFNE5URmFNQzR4RmpBVUJnTlZCQXNURFdOc2IzVmtibUYwCmFYWmxjR2N4RkRBU0JnTlZCQU1UQzNkbGVXMWhMWEJuYzNGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUU5c1R4R0tLNWdRVnhmZzNkZWtlbHpFSGlMbG5GaHBZa1hTMzJSYlphV0llZ3ZWWk11cC9TRmU4YQoyai92TWdETldpZVJWcHBTVElBeml0YUxQYXdvSktOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRysxclg2aUgwaG50bE0yaEpXdnpGaW9peTZGTUFvR0NDcUcKU000OUJBTUNBMGNBTUVRQ0lBeXhPS3VGVFhhQUJwaGhJZDI0VXZkU0FLTytPanpIZStvbVJYeDdqbTJOQWlCbAo1TVc0MDZzU3haTDgydTFtL2J3V0JXQWZPTWhLNXVlYmIyemR3QzE0Vmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==";
-    };
   };
-}
+}

kubernetes/manifests/cnpg/objectstore.yaml

@@ -0,0 +1,16 @@
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: truenas-s3
+  namespace: cloudnativepg
+spec:
+  configuration:
+    destinationPath: s3://weyma-talos-shared-pgsql-new/
+    endpointURL: http://10.105.15.20:9000
+    s3Credentials:
+      accessKeyId:
+        key: s3AccessKey
+        name: s3-backup-creds
+      secretAccessKey:
+        key: s3SecretKey
+        name: s3-backup-creds

kubernetes/manifests/cnpg/pg-cluster.yaml

@@ -0,0 +1,57 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: weyma-bs-pgsql
+  namespace: cloudnativepg
+spec:
+  instances: 1
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.9-5-bullseye
+  storage:
+    size: 50Gi
+    storageClass: local-path
+  plugins:
+    - name: barman-cloud.cloudnative-pg.io
+      parameters:
+        barmanObjectName: truenas-s3
+  bootstrap:
+    recovery:
+      source: weyma-pgsql
+  externalClusters:
+    - name: weyma-bs-pgsql
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: truenas-s3
+          serverName: weyma-bs-pgsql
+    - name: weyma-pgsql
+      connectionParameters:
+        host: "10.105.10.24"
+        user: streaming_replica
+        dbname: postgres
+        sslmode: require
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: truenas-s3
+          serverName: weyma-pgsql
+      sslKey:
+        name: weyma-pgsql-replication
+        key: tls.key
+      sslCert:
+        name: weyma-pgsql-replication
+        key: tls.crt
+      sslRootCert:
+        name: weyma-pgsql-ca
+        key: ca.crt
+  replica:
+    primary: weyma-pgsql
+    source: weyma-pgsql
+  managed:
+    services:
+      additional:
+        - selectorType: rw
+          serviceTemplate:
+            metadata:
+              name: weyma-bs-pgsql-ext
+            spec:
+              type: LoadBalancer

kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: weyma-pgsql-ca
+  namespace: cloudnativepg
+# This is fine to be in plaintext since it's just a cert and contains no key
+data:
+  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJtekNDQVVLZ0F3SUJBZ0lRUjMzT3F3OTJKbDlmeXFzMkZyREd0akFLQmdncWhrak9QUVFEQWpBdU1SWXcKRkFZRFZRUUxFdzFqYkc5MVpHNWhkR2wyWlhCbk1SUXdFZ1lEVlFRREV3dDNaWGx0WVMxd1ozTnhiREFlRncweQpOVEV5TWpnd01URTROVEZhRncweU5qQXpNamd3TVRFNE5URmFNQzR4RmpBVUJnTlZCQXNURFdOc2IzVmtibUYwCmFYWmxjR2N4RkRBU0JnTlZCQU1UQzNkbGVXMWhMWEJuYzNGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUU5c1R4R0tLNWdRVnhmZzNkZWtlbHpFSGlMbG5GaHBZa1hTMzJSYlphV0llZ3ZWWk11cC9TRmU4YQoyai92TWdETldpZVJWcHBTVElBeml0YUxQYXdvSktOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRysxclg2aUgwaG50bE0yaEpXdnpGaW9peTZGTUFvR0NDcUcKU000OUJBTUNBMGNBTUVRQ0lBeXhPS3VGVFhhQUJwaGhJZDI0VXZkU0FLTytPanpIZStvbVJYeDdqbTJOQWlCbAo1TVc0MDZzU3haTDgydTFtL2J3V0JXQWZPTWhLNXVlYmIyemR3QzE0Vmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==

kubernetes/manifests/test-color/deploy.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-color
+  namespace: test-color
+spec:
+  selector:
+    matchLabels:
+      app: test-color
+  template:
+    metadata:
+      labels:
+        app: test-color
+    spec:
+      containers:
+        - name: test-color
+          image: kodekloud/webapp-color:latest

kubernetes/manifests/test-color/ingress.yaml

@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: test-color-ingress
+  namespace: test-color
+spec:
+  rules:
+    - host: test-color.weyma-bs.infra.dubyatp.xyz
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: test-color
+                port:
+                  number: 8080

kubernetes/manifests/test-color/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-color

kubernetes/manifests/test-color/svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-color
+  namespace: test-color
+spec:
+  selector:
+    app: test-color
+  ports:
+    - port: 8080
+      targetPort: 8080

kubernetes/manifests/test.nix

@@ -1,76 +1,8 @@
 {
-    services.k3s.manifests = {
+  services.k3s.manifests = {
-        test-color-ns.content = {
+    "test-color-ns.yaml".source = ./test-color/ns.yaml;
-            apiVersion = "v1";
+    "test-color-deploy.yaml".source = ./test-color/deploy.yaml;
-            kind = "Namespace";
+    "test-color-svc.yaml".source = ./test-color/svc.yaml;
-            metadata = {
+    "test-color-ingress.yaml".source = ./test-color/ingress.yaml;
-                name = "test-color";
+  };
-            };
+}
-        };
-        test-color-deploy.content = {
-            apiVersion = "apps/v1";
-            kind = "Deployment";
-            metadata = {
-                name = "test-color";
-                namespace = "test-color";
-            };
-            spec = {
-                selector = {
-                    matchLabels = {
-                        app = "test-color";
-                    };
-                };
-                template = {
-                    metadata = {
-                        labels = {
-                            app = "test-color";
-                        };
-                    };
-                    spec = {
-                        containers = [
-                            {
-                                name = "test-color";
-                                image = "kodekloud/webapp-color:latest";
-                            }
-                        ];
-                    };
-                };
-            };
-        };
-        test-color-svc.content = {
-            apiVersion = "v1";
-            kind = "Service";
-            metadata = {
-                name = "test-color";
-                namespace = "test-color";
-            };
-            spec = {
-                selector.app = "test-color";
-                ports = [{port = 8080; targetPort = 8080;}];
-            };
-        };
-        test-color-ingress.content = {
-            apiVersion = "networking.k8s.io/v1";
-            kind = "Ingress";
-            metadata = {
-                name = "test-color-ingress";
-                namespace = "test-color";
-            };
-            spec = {
-                rules = [
-                    {
-                        host = "test-color.weyma-bs.infra.dubyatp.xyz";
-                        http.paths = [{
-                            pathType = "Prefix";
-                            path = "/";
-                            backend.service = {
-                                name = "test-color";
-                                port.number = 8080;
-                            };
-                        }];
-                    }
-                ];
-            };
-        };
-    };
-}