Merge "Add default reject rule at the end in Postgres pg_hba.conf to ensure all connections must be explicitly allowed."

2020-09-10 02:52:09 +00:00 · 2020-09-10 02:52:09 +00:00 · eab20578ef
commit eab20578ef
parent c336d93530 982e3754a5
1 changed files with 4 additions and 1 deletions
--- a/postgresql/values.yaml
+++ b/postgresql/values.yaml
@ -256,8 +256,11 @@ conf:
  debug: false
  pg_hba: |
    host all all 127.0.0.1/32 trust
-    host all all 0.0.0.0/0 md5
+    host all postgresql-admin 0.0.0.0/0 md5
+    host all postgres 0.0.0.0/0 md5
+    host all psql_exporter 0.0.0.0/0 md5
    local all all trust
+    host all all 0.0.0.0/0 reject

  postgresql:
    archive_mode: 'off'