GitHub user dosubot[bot] added a comment to the discussion: Production deployment issue in
<!-- Answer --> The error means PostgreSQL is rejecting your connection because of either a bad password or missing access rules. First, double-check that your username and password in values.yaml (or your Kubernetes Secret) exactly match what’s set in Azure PostgreSQL. If your password has special characters (like @, $, %, etc.), you must percent-encode it before putting it in your config—Superset and its Helm chart do not do this for you. For example, @ becomes %40, $ becomes %24. You can use an online tool like [urlencoder.org](https://www.urlencoder.org/) to encode your password before storing it in your Secret or values.yaml. If you don’t, the connection string will be malformed and authentication will fail ([reference](https://github.com/apache/superset/blob/8d2c51c945a87dbc6e18c16702074444acb4aa77/docs/docs/configuration/databases.mdx)). The “no pg_hba.conf entry” error means Azure PostgreSQL is blocking your pod’s IP. In Azure, you must add your Kubernetes cluster’s outbound IP range to the PostgreSQL server’s firewall rules in the Azure portal. You can’t edit pg_hba.conf directly on Azure Database for PostgreSQL. Azure PostgreSQL usually requires SSL. Make sure your connection string includes `?sslmode=require` ([reference](https://github.com/apache/superset/blob/8d2c51c945a87dbc6e18c16702074444acb4aa77/helm/superset/templates/_helpers.tpl)). For production, inject your (encoded) password using a Kubernetes Secret and reference it in values.yaml with extraSecretEnv or envFromSecrets. Example: ```yaml apiVersion: v1 kind: Secret metadata: name: superset-db-secret type: Opaque stringData: db_pass: "your%24encoded%40password" ``` And in values.yaml: ```yaml supersetNode: connections: db_pass: {{ .Values.db_pass | quote }} envFromSecrets: - superset-db-secret ``` For the CSP warning, add this to your superset_config.py: ```python TALISMAN_ENABLED = True TALISMAN_CONFIG = { "content_security_policy": { "default-src": ["'self'"], "img-src": ["'self'", "data:", "blob:"], } } ``` Or to suppress the warning: `CONTENT_SECURITY_POLICY_WARNING = False`. For the cache warnings, explicitly set FILTER_STATE_CACHE_CONFIG and EXPLORE_FORM_DATA_CACHE_CONFIG to use Redis in superset_config.py: ```python FILTER_STATE_CACHE_CONFIG = { "CACHE_TYPE": "RedisCache", "CACHE_DEFAULT_TIMEOUT": 300, "CACHE_KEY_PREFIX": "superset_filter_state", "CACHE_REDIS_URL": "redis://superset-redis-master:6379/0" } EXPLORE_FORM_DATA_CACHE_CONFIG = { "CACHE_TYPE": "RedisCache", "CACHE_DEFAULT_TIMEOUT": 300, "CACHE_KEY_PREFIX": "superset_explore_form", "CACHE_REDIS_URL": "redis://superset-redis-master:6379/0" } ``` Checklist: - Use the correct custom image with all dependencies. - URI-encode DB credentials. - Use Kubernetes Secrets for sensitive values. - Allow your cluster’s IP in Azure PostgreSQL firewall. - Set `?sslmode=require` in the connection string. - Configure CSP and Redis cache as above. After these changes, redeploy and check logs for any remaining errors. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/719218b8-a9f9-4cc7-8480-8bd092da5df1?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/33957) GitHub link: https://github.com/apache/superset/discussions/33957#discussioncomment-13600777 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
