英文:
pq statement preparation returns a no encryption panic
问题
我正在测试一个类似于以下代码的数据库插入语句,在本地工作正常,但在连接到托管数据库主机的 Kubernetes 集群部署后不起作用:
func Insert(w http.ResponseWriter, r *http.Request) {
db := dbConn()
//如果是 POST 请求,将每个字段的返回值分配给变量
if r.Method == "POST" {
email := r.FormValue("email")
socialNetwork := r.FormValue("social_network")
socialHandle := r.FormValue("social_handle")
createdOn := time.Now().UTC()
//准备插入数据的查询语句
insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
//检查并处理任何错误
CheckError(err)
//使用表单数据执行查询
_, err = insForm.Exec(email, socialNetwork, socialHandle)
CheckError(err)
//在终端打印添加的数据
log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
sendThanks(socialHandle, email)
}
defer db.Close()
//重定向到首页
http.Redirect(w, r, "/thanks", 301)
}
我已经配置了以下部署,并有相应的 secrets 对象:
apiVersion: apps/v1
kind: Deployment
metadata:
name: novvsworld
namespace: novvsworld
spec:
replicas: 1
selector:
matchLabels:
app: novvsworld
template:
metadata:
labels:
app: novvsworld
spec:
containers:
- name: novvsworld
image: my.registry.com/registry/novvsworld:latest
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 3000
env:
- name: DBHOST
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBHOST
- name: DBPORT
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBPORT
- name: DBUSER
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBUSER
- name: DBPASS
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBPASS
- name: DBSSLMODE
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBSSLMODE
- name: SENDGRID_API_KEY
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: SENDGRID_API_KEY
在 secrets 文件中,'DBSSLMODE' 的值当前设置为 "disabled"。
当通过前端输入数据测试插入语句时,会返回以下 panic 错误:
022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption
我是否遗漏了加密的其他配置?将 sslmode 设置为 disabled 是否应该绕过此问题?
英文:
I'm testing a database insert statement similar to the following which works locally but not after deployment to a kubernetes cluster connected to a managed database host:
func Insert(w http.ResponseWriter, r *http.Request) {
db := dbConn()
//If it's a post request, assign a variable to the value returned in each field of the New page.
if r.Method == "POST" {
email := r.FormValue("email")
socialNetwork := r.FormValue("social_network")
socialHandle := r.FormValue("social_handle")
createdOn := time.Now().UTC()
//prepare a query to insert the data into the database
insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
//check for and handle any errors
CheckError(err)
//execute the query using the form data
_, err = insForm.Exec(email, socialNetwork, socialHandle)
CheckError(err)
//print out added data in terminal
log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
sendThanks(socialHandle, email)
}
defer db.Close()
//redirect to the index page
http.Redirect(w, r, "/thanks", 301)
}
I've configured a deployment as follows with a corresponding secrets object:
apiVersion: apps/v1
kind: Deployment
metadata:
name: novvsworld
namespace: novvsworld
spec:
replicas: 1
selector:
matchLabels:
app: novvsworld
template:
metadata:
labels:
app: novvsworld
spec:
containers:
- name: novvsworld
image: my.registry.com/registry/novvsworld:latest
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 3000
env:
- name: DBHOST
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBHOST
- name: DBPORT
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBPORT
- name: DBUSER
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBUSER
- name: DBPASS
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBPASS
- name: DBSSLMODE
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: DBSSLMODE
- name: SENDGRID_API_KEY
valueFrom:
secretKeyRef:
name: novvworld-secrets
key: SENDGRID_API_KEY
The value of 'DBSSLMODE' is currently set to "disabled" in the secrets file.
When testing the insert statement by inputting data through the front end, the following panic is returned:
022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption
Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?
答案1
得分: 2
是的,这就是问题所在。客户端拒绝使用SSL。而服务器(配置未显示,但可以从错误中推断)拒绝在没有SSL的情况下继续进行。
只要双方都提出不兼容的要求并拒绝妥协,就无法完成任何工作。
英文:
> Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?
Yes, and that is the problem. The client refuses to use SSL. While the server (configuration not shown, but can be inferred from the error) refuses to proceed without SSL.
As long as both sides make incompatible demands and refuse to compromise, nothing can get done.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论