Hi everyone 🙌 In my company we are evaluating Flyte 🦜and we want to deploy an MVP to AWS EKS, with s3 and RDS postgres. We are following the guide flyte-the-hard-way but we are stuck in the 05-deploy-with-helm.md. When we try to install flyte the pod throws the following error:

/go/pkg/mod/gorm.io/gorm@v1.24.1-0.20221019064659-5dd2bb482755/gorm.go:206
[error] failed to initialize database, got error failed to connect to `host=***** user=flyteadmin database=flyteadmin`: server error (FATAL: no pg_hba.conf entry for host "172.32.101.12", user "flyteadmin", database "flyteadmin", no encryption (SQLSTATE 28000))

We have run this command to test the database connection:

kubectl run pgsql-postgresql-client --rm --tty -i --restart='Never' --namespace testdb --image <http://docker.io/bitnami/postgresql:11.7.0-debian-10-r9|docker.io/bitnami/postgresql:11.7.0-debian-10-r9> --env='PGPASSWORD=<Password>' --command -- psql testdb --host <RDS-ENDPOINT-NAME> -U flyteadmin -d flyteadmin -p 5432

And works. The only difference is that when we run it asks for the password. Anyone knows what’s happening here?

We ran into this issue too. @Mike Morgan fixed this. We had to add options: sslmode=require to the config map

Hi @Marti Jorda Roca and @Rob Rati Thanks for using the guide and I'm sorry you've had this issue, my goal with the guide is that it works 99% of the time What version of PostgreSQL are you using in RDS?

For our RDS, yes. We have solved our issue with the sslmode option though.

got it, but you had to manually patch the configmap. I'd like to avoid this in the future. I'll try to reproduce and update the guide accordingly

To be clear though, we weren't following your guide I don't think. We followed this: https://docs.flyte.org/en/latest/deployment/deployment/cloud_production.html

oh ok, couple of questions to repro 1. Is your RDS an Aurora engine (postgres-compatible)? or pure PostgreSQL 2. What version of PostgreSQL? Thanks in advance

Ours is an auroa postgres DB, engine version 12.10

Hi thank you for your answers 😻 setting

sslmode=require

worked for me. We are using a RDS postgres 15.2 (no aurora)

so just to confirm, your

datacatalog-config

configmap looks like:

apiVersion: v1
data:
  db.yaml: |
    database:
      dbname: datacatalog
      host: <Postgres host>
      options: sslmode=require
      port: 5432
      username: postgres
...

? Even when I set this, I still see the following in logs:

{
  "json": {},
  "level": "fatal",
  "msg": "failed to connect to `host=<host> user=postgres database=flyteadmin`: server error (FATAL: no pg_hba.conf entry for host \"10.48.3.24\", user \"postgres\", database \"flyteadmin\", SSL off (SQLSTATE 28000))",
  "ts": "2023-08-07T17:22:38Z"
}

which makes me think the SSL key is not being read

@Gopal Vashishtha what chart are you using? Also, is your Postgres instance listening on that address?

1.5.0 and yes, I confirmed I can connect to postgres through sqladmin on that address