Postgres containers fail from a clean state #42

New Issue

Closed

opened 2021-05-16 02:08:53 +01:00 by tlater · 2 comments

tlater commented

2021-05-16 02:08:53 +01:00

Owner

This is because we're now relying on the trust auth-method for localhost in the pod network namespace. This should be ok because only the container that is supposed to connect to it can network to it; safe for kernel bugs of course.

This means that we can now un-set POSTGRES_PASSWORD, however, doing so results in postgres failing on loop. This is because it wants a password to be defined for the super user, even if it is not actually used (because the default config does allow trust networking on localhost even if a password is set...).

Instead, we should configure the auth methods to only allow logins from localhost at all, and disallow anything else, regardless of password use.

See docs here.

This is because we're now relying on the `trust` auth-method for localhost in the pod network namespace. This should be ok because only the container that is supposed to connect to it can network to it; safe for kernel bugs of course. This means that we can now un-set `POSTGRES_PASSWORD`, however, doing so results in postgres failing on loop. This is because it wants *a* password to be defined for the super user, even if it is not actually used (because the default config does allow trust networking on localhost even if a password is set...). Instead, we should configure the auth methods to only allow logins from localhost at all, and disallow anything else, regardless of password use. See docs [here](https://hub.docker.com/_/postgres).