<div dir="ltr"><div class="gmail_default"><font face="arial, sans-serif">Hi,</font></div><div class="gmail_default"><font face="arial, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, sans-serif">I am looking to deploy pgpool and postgres cluster with SSL onto a Kubernetes Cluster.</font></div><div class="gmail_default"><font face="arial, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, sans-serif"><b>Reference for SSL Setup: </b><a href="https://www.highgo.ca/2020/02/25/setting-up-ssl-certificate-authentication-with-pgpool-ii/" rel="noopener noreferrer" style="font-size:12px;font-variant-ligatures:none;white-space:pre-wrap;box-sizing:inherit;color:inherit;text-decoration-line:none" target="_blank">https://www.highgo.ca/2020/02/25/setting-up-ssl-certificate-authentication-with-pgpool-ii/</a></font></div><div class="gmail_default"><font face="arial, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, sans-serif">I was able to set up the Certificates for both pgpool and postgres.</font></div><div class="gmail_default"><font face="arial, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, sans-serif">But after setup, I am not able to connect through pgpool. However, I am able to connect to postgres directly using the hostnames attached to the postgres database or a headless service or just localhost for the <b>postgres</b> user. </font></div><div class="gmail_default"><font face="arial, sans-serif"><font color="#1d1c1d"><span style="font-size:12px;font-variant-ligatures:none;white-space:pre-wrap"><br></span></font></font></div><div class="gmail_default"><font face="arial, sans-serif"><font color="#1d1c1d"><span style="font-size:12px;font-variant-ligatures:none;white-space:pre-wrap">Following is the error from pgpool logs,</span></font></font></div><div class="gmail_default"><font face="arial, sans-serif"><br></font></div><div class="gmail_default"><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><i><font face="arial, sans-serif">2021-11-04 21:57:26: pid 131: LOG:  SSL certificate authentication for user "<b>postgres</b>" with Pgpool-II is <b>successful</b>
2021-11-04 21:57:26: pid 131: ERROR:  <b>backend authentication failed</b>
2021-11-04 21:57:26: pid 131: DETAIL:  backend response with kind 'E' when expecting 'R'
2021-11-04 21:57:26: pid 131: HINT:  This issue can be caused by version mismatch (current version 3)
2021-11-04 21:57:26: pid 130: LOG:  SSL certificate authentication for user "postgres" with Pgpool-II is successful
2021-11-04 21:57:26: pid 130: ERROR:  backend authentication failed
2021-11-04 21:57:26: pid 130: DETAIL:  backend response with kind 'E' when expecting 'R'
2021-11-04 21:57:26: pid 130: HINT:  This issue can be caused by version mismatch (current version 2)</font></i></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)">Test: psql "sslmode=require port=5432 host=localhost dbname=postgres sslcert=./client.crt sslkey=./client.key sslrootcert=./ca.pem" --username postgres</pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-variant-ligatures:normal;white-space:normal">Original Source Code for Kubernetes Manifests:</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-variant-ligatures:normal;white-space:normal"> <a href="https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha" target="_blank">https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha</a></span></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;word-break:normal;border-radius:4px"><font face="arial, sans-serif"><span style="white-space:normal">Please see additional PRs talking about enabling both TLS at the same time,<br></span></font><font color="#1d1c1d"><span style="font-variant-ligatures:none;white-space:pre-wrap"><a href="https://github.com/bitnami/bitnami-docker-pgpool/issues/18" target="_blank">https://github.com/bitnami/bitnami-docker-pgpool/issues/18</a></span></font></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif">Additionally, in the pgpool documentation I noticed some conflicting <a href="https://www.pgpool.net/docs/42/en/html/auth-methods.html" target="_blank">notes</a> like,</font></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;white-space:pre-wrap;word-break:normal;border-radius:4px"><i><font face="arial, sans-serif">Note: The certificate authentication works between only client and Pgpool-II. The certificate authentication does not work between Pgpool-II and PostgreSQL. For backend authentication you can use any other authentication method.</font></i></pre></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif">If you could please help me understand the whether this is a configuration or design flaw?</font></pre><pre style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif">Thanks,
Jerry</font></pre></div></div>