postgres-operator
postgres-operator copied to clipboard
zalando
Default postgres instances don't reject connections without ssl
The documentation states that by default non-SSL connections are rejected. That does not seem to be the case for me, since the pg_hba.conf has line 7 which matches before the rejection.
apiVersion: acid.zalan.do/v1
kind: postgresql
metadata:
name: test-cluster
namespace: test
spec:
numberOfInstances: 1
teamId: test
volume:
size: 2Gi
postgresql:
parameters: {}
version: "17"
Connection:
k port-forward pod/test-cluster-0 5432:5432
psql "host=localhost user=postgres sslmode=disable"
Log Output:
2025-11-04 13:44:51 UTC [281]: [2-1] 690a0353.119 0 postgres postgres [unknown] ::1 LOG: connection authenticated: identity="postgres" method=md5 (/home/postgres/pgdata/pgroot/data/pg_hba.conf:7)
Line 7 in Question:
# Do not edit this file manually!
# It will be overwritten by Patroni!
local all all trust
hostssl all +zalandos 127.0.0.1/32 pam
host all all 127.0.0.1/32 md5
hostssl all +zalandos ::1/128 pam
host all all ::1/128 md5 # Line 7
local replication standby trust
hostssl replication standby all md5
hostnossl all all all reject
hostssl all +zalandos all pam
hostssl all all all md5
- postgres-operator 1.14.0 on OKD 4.19
