Closed regel closed 2 years ago
Hi,
Could you take a look to PGPOOL_USER_HBA_FILE
environment variable in the image ?
I think you use it in this case.
@rafariossaa, not quite sure how to apply your suggestion. Could you please provide an example of how to set both the PGPOOL_USER_HBA_FILE
environment variable as well as the contents of the file pointed to both the env var, and pass both of those to the helm install/upgrade? Thx!
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
This issue was closed long time back but @mimperatore were you able to resolve this issue , without restarting the pods manually ?
@rafariossaa, not quite sure how to apply your suggestion. Could you please provide an example of how to set both the
PGPOOL_USER_HBA_FILE
environment variable as well as the contents of the file pointed to both the env var, and pass both of those to the helm install/upgrade? Thx!
Hi, just got same issue wanting the Postgres backend to process auth without having to sync users into PGpool. Just add in the values file :
...
pgpool:
extraEnvVars:
- name: PGPOOL_ENABLE_POOL_HBA
value: "no"
...
This will bypass entirely the pool_hba.conf file and is equivalent to trust for every connection.
You have all docker ENV settings here : https://hub.docker.com/r/bitnami/pgpool
Name and Version
bitnami/postgresql-ha-9.3.2 app version=14.4.0
What is the problem this feature will solve?
AS-IS:
Trying to leverage Hashicorp Vault dynamic secrets fails since the file
/opt/bitnami/pgpool/conf/pool_passwd
in pgpool pod is static and does not know about dynamic (ephemeral) secrets that Vault injects directly inside the database.Example of this behavior:
What is the feature you are proposing to solve the problem?
either: Less restrictive validation. Allow 'trust' authentication method in pgpool, and let the postgres database pod verify credentials. or: the ability to replace the file
pool_hba.conf
with custom content during helm install for this Chart.What alternatives have you considered?
I considered editing the file
/opt/bitnami/pgpool/conf/pool_hba.conf
in pgpool pod, however it cannot be modified via the Helm Chart and still contains default values (scram-sha-256 for all users):Finally, as a second alternative I try to set
pgpool.authenticationMethod=trust
in Helm install values results in the following validation error and the pgpool pod fails to start: