pq statement preparation returns a no encryption panic

Question

I'm testing a database insert statement similar to the following which works locally but not after deployment to a kubernetes cluster connected to a managed database host:

func Insert(w http.ResponseWriter, r *http.Request) {
    db := dbConn()
    //If it's a post request, assign a variable to the value returned in each field of the New page.
    if r.Method == "POST" {
        email := r.FormValue("email")
        socialNetwork := r.FormValue("social_network")
        socialHandle := r.FormValue("social_handle")
        createdOn := time.Now().UTC()

        //prepare a query to insert the data into the database
        insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
        //check for  and handle any errors
        CheckError(err)
        //execute the query using the form data
        _, err = insForm.Exec(email, socialNetwork, socialHandle)
        CheckError(err)
        //print out added data in terminal
        log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
        sendThanks(socialHandle, email)
    }
    defer db.Close()

    //redirect to the index page
    http.Redirect(w, r, "/thanks", 301)
}

I've configured a deployment as follows with a corresponding secrets object:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: novvsworld
  namespace: novvsworld
spec:
  replicas: 1
  selector:
    matchLabels:
      app: novvsworld
  template:
    metadata:
      labels:
        app: novvsworld
    spec:
      containers:
        - name: novvsworld
          image: my.registry.com/registry/novvsworld:latest
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
          ports:
            - containerPort: 3000
          env:
            - name: DBHOST
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBHOST
            - name: DBPORT
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBPORT
            - name: DBUSER
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBUSER
            - name: DBPASS
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBPASS
            - name: DBSSLMODE
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBSSLMODE
            - name: SENDGRID_API_KEY
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: SENDGRID_API_KEY

The value of 'DBSSLMODE' is currently set to "disabled" in the secrets file.

When testing the insert statement by inputting data through the front end, the following panic is returned:

022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption

Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?

Answer 1

Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?

Yes, and that is the problem. The client refuses to use SSL. While the server (configuration not shown, but can be inferred from the error) refuses to proceed without SSL.

As long as both sides make incompatible demands and refuse to compromise, nothing can get done.