pq语句准备返回无加密恐慌。

Question

我正在测试一个数据库insert语句，类似于下面的语句，它在本地工作，但部署到一个连接到托管数据库主机的kubernetes集群之后就不行了：

func Insert(w http.ResponseWriter, r *http.Request) {
    db := dbConn()
    //If it's a post request, assign a variable to the value returned in each field of the New page.
    if r.Method == "POST" {
        email := r.FormValue("email")
        socialNetwork := r.FormValue("social_network")
        socialHandle := r.FormValue("social_handle")
        createdOn := time.Now().UTC()

        //prepare a query to insert the data into the database
        insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
        //check for  and handle any errors
        CheckError(err)
        //execute the query using the form data
        _, err = insForm.Exec(email, socialNetwork, socialHandle)
        CheckError(err)
        //print out added data in terminal
        log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
        sendThanks(socialHandle, email)
    }
    defer db.Close()

    //redirect to the index page
    http.Redirect(w, r, "/thanks", 301)
}

我使用相应的机密对象配置了一个部署，如下所示：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: novvsworld
  namespace: novvsworld
spec:
  replicas: 1
  selector:
    matchLabels:
      app: novvsworld
  template:
    metadata:
      labels:
        app: novvsworld
    spec:
      containers:
        - name: novvsworld
          image: my.registry.com/registry/novvsworld:latest
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
          ports:
            - containerPort: 3000
          env:
            - name: DBHOST
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBHOST
            - name: DBPORT
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBPORT
            - name: DBUSER
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBUSER
            - name: DBPASS
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBPASS
            - name: DBSSLMODE
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: DBSSLMODE
            - name: SENDGRID_API_KEY
              valueFrom:
                secretKeyRef:
                  name: novvworld-secrets
                  key: SENDGRID_API_KEY

“DBSSLMODE”的值目前在机密文件中设置为“禁用”。

当通过通过前端输入数据来测试insert语句时，将返回以下恐慌：

022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption

我是否遗漏了加密的附加配置，而不应该设置and模式以禁用此模式？

Answer 1

：我是不是缺少了加密的附加配置，不应该设置and模式来禁用它？

是的，这就是问题所在。客户端拒绝使用SSL。虽然服务器(配置未显示，但可以从错误推断)拒绝在不使用SSL的情况下继续工作。

只要双方提出不相容的要求，拒绝妥协，什么也做不了。