I'm new to Kubernetes and Helm, I took time to read the docs to understand the concepts to move on with my task which I mentioned in the question's title.
I looked for the examples and based on what I see in the docs & values example, I can add pg_bouncer to create the connection pool.
So, the commands that I run with the values.yaml file is :
- minikube start
helm install comp-db timescale/timescaledb-single --version 0.13.1 -f ./values.yml- wait for the pods (3 replicas) to be ready
- minikube tunnel ( to expose the LoadBalancer, so that I can connect to it )
The problem is that the Helm Release gets created successfully, I can see the Statefulset,Pods,Svcs and I can connect and exec statements through pgAdmin GUI, but I keep getting the following error on node app, where i intend to connect and run the migrations.
error:migrate eaa24d98 migrations error: pg_hba.conf rejects connection for host "172.17.0.1", user "superuser", database "postgres", no encryption
at Parser.parseErrorMessage (/Users/jafar/Desktop/dev/wave/wave_stores/node_modules/pg-protocol/dist/parser.js:287:98)
at Parser.handlePacket (/Users/jafar/Desktop/dev/wave/wave_stores/node_modules/pg-protocol/dist/parser.js:126:29)
at Parser.parse (/Users/jafar/Desktop/dev/wave/wave_stores/node_modules/pg-protocol/dist/parser.js:39:38)
at Socket.<anonymous> (/Users/jafar/Desktop/dev/wave/wave_stores/node_modules/pg-protocol/dist/index.js:11:42)
at Socket.emit (node:events:394:28)
at addChunk (node:internal/streams/readable:312:12)
at readableAddChunk (node:internal/streams/readable:287:9)
at Socket.Readable.push (node:internal/streams/readable:226:10)
at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {
length: 169,
severity: 'FATAL',
code: '28000',
detail: undefined,
hint: undefined,
position: undefined,
internalPosition: undefined,
internalQuery: undefined,
where: undefined,
schema: undefined,
table: undefined,
column: undefined,
dataType: undefined,
constraint: undefined,
file: 'auth.c',
line: '477',
routine: 'ClientAuthentication'
} +0ms
I don't know why this ip address gets applied, although I provide the ip address that I get from the tunnel.
the values that I'm providing is as follows:
image:
pullPolicy: IfNotPresent
tag: pg13.6-ts2.6.1-latest
timescaledbTune:
enabled: true
loadBalancer:
enabled: false
replicaLoadbalancer:
enabled: false
secrets:
credentialsSecretName: "comp-db-credentials"
patroni:
bootstrap:
dcs:
postgresql:
parameters:
ssl: 'off' # disable all ssl connections to not require Patroni certificate
shared_buffers: '8028MB'
effective_cache_size: '24084MB'
maintenance_work_mem: '2047MB'
work_mem: '10275kB'
timescaledb:
max_background_workers: 8
max_worker_processes: 19
max_parallel_workers_per_gather: 4
max_parallel_workers: 8
wal_buffers: '16MB'
min_wal_size: '512MB'
max_wal_size: '1GB'
max_connections: 150
autovacuum_max_workers: 10
autovacuum_naptime: '5s'
default_statistics_target: 500
random_page_cost: 1.1
checkpoint_completion_target: 0.9
max_connections: 150
max_locks_per_transaction: 1000
autovacuum_max_workers: 10
autovacuum_naptime: 10
effective_io_concurrency: 256
postgresql:
pg_hba:
- local all postgres peer
# pgBouncer connections will come through local
- local all all all md5
- hostnossl all,replication all all md5
- host replication replicator 127.0.0.1/32 md5
pgBouncer:
enabled: true
config:
max_client_conn: 1000
default_pool_size: 36
client_tls_sslmode: allow
server_tls_sslmode: allow
pg_hba:
- local all postgres peer
- host all postgres,standby 0.0.0.0/0 reject
- host all postgres,standby ::0/0 reject
- hostssl all all 0.0.0.0/0 md5
- hostssl all all ::0/0 md5
- hostnossl all all 0.0.0.0/0 md5
- hostnossl all all ::0/0 md5
I also tried to update the pg_hba for Postgresql to the following to allow connections but the error still exists.
pg_hba:
- local all postgres peer
- local all all md5
- hostnossl all,replication all all md5
- hostssl all all 127.0.0.1/32 md5
- hostssl all all ::1/128 md5
- hostssl replication standby all md5
- hostssl all all all md5
I have searched for this error and similar questions and answers here, but didn't find any that can help me to resolve the issue. Thoughts?
