use more sane k8s manifest management

kubernetes/manifests/cnpg/objectstore.yaml

@@ -0,0 +1,16 @@
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: truenas-s3
+  namespace: cloudnativepg
+spec:
+  configuration:
+    destinationPath: s3://weyma-talos-shared-pgsql-new/
+    endpointURL: http://10.105.15.20:9000
+    s3Credentials:
+      accessKeyId:
+        key: s3AccessKey
+        name: s3-backup-creds
+      secretAccessKey:
+        key: s3SecretKey
+        name: s3-backup-creds

kubernetes/manifests/cnpg/pg-cluster.yaml

@@ -0,0 +1,57 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: weyma-bs-pgsql
+  namespace: cloudnativepg
+spec:
+  instances: 1
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.9-5-bullseye
+  storage:
+    size: 50Gi
+    storageClass: local-path
+  plugins:
+    - name: barman-cloud.cloudnative-pg.io
+      parameters:
+        barmanObjectName: truenas-s3
+  bootstrap:
+    recovery:
+      source: weyma-pgsql
+  externalClusters:
+    - name: weyma-bs-pgsql
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: truenas-s3
+          serverName: weyma-bs-pgsql
+    - name: weyma-pgsql
+      connectionParameters:
+        host: "10.105.10.24"
+        user: streaming_replica
+        dbname: postgres
+        sslmode: require
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: truenas-s3
+          serverName: weyma-pgsql
+      sslKey:
+        name: weyma-pgsql-replication
+        key: tls.key
+      sslCert:
+        name: weyma-pgsql-replication
+        key: tls.crt
+      sslRootCert:
+        name: weyma-pgsql-ca
+        key: ca.crt
+  replica:
+    primary: weyma-pgsql
+    source: weyma-pgsql
+  managed:
+    services:
+      additional:
+        - selectorType: rw
+          serviceTemplate:
+            metadata:
+              name: weyma-bs-pgsql-ext
+            spec:
+              type: LoadBalancer

kubernetes/manifests/cnpg/weyma-pgsql-ca.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: weyma-pgsql-ca
+  namespace: cloudnativepg
+# This is fine to be in plaintext since it's just a cert and contains no key
+data:
+  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJtekNDQVVLZ0F3SUJBZ0lRUjMzT3F3OTJKbDlmeXFzMkZyREd0akFLQmdncWhrak9QUVFEQWpBdU1SWXcKRkFZRFZRUUxFdzFqYkc5MVpHNWhkR2wyWlhCbk1SUXdFZ1lEVlFRREV3dDNaWGx0WVMxd1ozTnhiREFlRncweQpOVEV5TWpnd01URTROVEZhRncweU5qQXpNamd3TVRFNE5URmFNQzR4RmpBVUJnTlZCQXNURFdOc2IzVmtibUYwCmFYWmxjR2N4RkRBU0JnTlZCQU1UQzNkbGVXMWhMWEJuYzNGc01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUU5c1R4R0tLNWdRVnhmZzNkZWtlbHpFSGlMbG5GaHBZa1hTMzJSYlphV0llZ3ZWWk11cC9TRmU4YQoyai92TWdETldpZVJWcHBTVElBeml0YUxQYXdvSktOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRysxclg2aUgwaG50bE0yaEpXdnpGaW9peTZGTUFvR0NDcUcKU000OUJBTUNBMGNBTUVRQ0lBeXhPS3VGVFhhQUJwaGhJZDI0VXZkU0FLTytPanpIZStvbVJYeDdqbTJOQWlCbAo1TVc0MDZzU3haTDgydTFtL2J3V0JXQWZPTWhLNXVlYmIyemR3QzE0Vmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==