openstack/openstack-helm-infra
Code Issues Proposed changes

Add default reject rule at the end in Postgres pg_hba.conf to ensure all connections must be explicitly allowed.

Browse Source 
default reject at the end of pg_hba.conf is added to ensure all connections must be explicitly allowed.
List of dependant users are added to allow connections are: 
1. postgresql-admin
2. postgres
3. psql_exporter

Change-Id: Ic7bd19e5eb4745b91d94d5a88851280054459547
This commit is contained in:
Gnana Lakshmi Kilambhi (gk118g) 2020-09-01 13:43:11 +05:30 committed by Gnana Lakshmi
parent 96369491cb
commit 982e3754a5
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
postgresql/values.yaml
View File

@ -256,8 +256,11 @@ conf:
debug: false debug: false
pg_hba: | pg_hba: |
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 md5 host all postgresql-admin 0.0.0.0/0 md5
host all postgres 0.0.0.0/0 md5
host all psql_exporter 0.0.0.0/0 md5
local all all trust local all all trust
host all all 0.0.0.0/0 reject
postgresql: postgresql:
archive_mode: 'off' archive_mode: 'off'