From f93e70b3c1ebcd20591817d32fd4a9636e830ed6 Mon Sep 17 00:00:00 2001 From: William P Date: Sun, 22 Feb 2026 12:16:05 -0500 Subject: [PATCH] postgres: set up external hot replication --- postgres/config/clusters/main.yaml | 20 ++++++++++++++++- postgres/config/streaming-replica_auth.yaml | 25 +++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 postgres/config/streaming-replica_auth.yaml diff --git a/postgres/config/clusters/main.yaml b/postgres/config/clusters/main.yaml index c52e445..6fff4ae 100644 --- a/postgres/config/clusters/main.yaml +++ b/postgres/config/clusters/main.yaml @@ -66,4 +66,22 @@ spec: login: true superuser: true passwordSecret: - name: pgbouncer-auth-query \ No newline at end of file + name: pgbouncer-auth-query + - name: streaming_replica + ensure: present + comment: weyma-pgsql02 replica + login: true + replication: true + passwordSecret: + name: streaming-replica-auth + + replicationSlots: + highAvailability: + enabled: true + additionalSlots: + - name: external_replica + type: physical + + postgresql: + pg_hba: + - host replication streaming_replica 10.105.6.199/32 scram-sha-256 \ No newline at end of file diff --git a/postgres/config/streaming-replica_auth.yaml b/postgres/config/streaming-replica_auth.yaml new file mode 100644 index 0000000..2fee6fd --- /dev/null +++ b/postgres/config/streaming-replica_auth.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: streaming-replica-auth +spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: cloudnativepg + metadataPolicy: None + property: weyma-pgsql02_replicapw + secretKey: password + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + template: + data: + username: streaming_replica + password: "{{ .password }}" + creationPolicy: Owner + deletionPolicy: Retain + name: streaming-replica-auth