postgres: set up external hot replication

postgres/config/clusters/main.yaml

@@ -67,3 +67,21 @@ spec:
       superuser: true
       passwordSecret:
         name: pgbouncer-auth-query
+    - name: streaming_replica
+      ensure: present
+      comment: weyma-pgsql02 replica
+      login: true
+      replication: true
+      passwordSecret:
+        name: streaming-replica-auth
+
+  replicationSlots:
+    highAvailability:
+      enabled: true
+    additionalSlots:
+      - name: external_replica
+        type: physical
+  
+  postgresql:
+    pg_hba:
+      - host replication streaming_replica 10.105.6.199/32 scram-sha-256

postgres/config/streaming-replica_auth.yaml

@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: streaming-replica-auth
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: weyma-pgsql02_replicapw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        username: streaming_replica
+        password: "{{ .password }}"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: streaming-replica-auth