Docker default network subnet compatibility

[kamyarghajar]

On Docker Desktop on macOS, the default docker subnet is set to 192.168.65.0/24, but the pg_hba.conf is configured to allow 172.17.0.0/16 as follows:

host all all 172.17.0.0/16 md5

This is raising the exception "no pg_hba.conf entry for host 192.168.65.1" when trying to connect login to Postgres. Shouldn't it change to be compatible with the default docker subnet mask?

Docker Desktop version: 4.38.0 (the issue is not there on 4.37.2 and earlier)
Postgres: 15

[tianon]

All the changes we make to pg_hba.conf are here:

postgres/docker-entrypoint.sh

Lines 239 to 259 in 3521b2f

	# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
	# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
	pg_setup_hba_conf() {
	# default authentication method is md5 on versions before 14
	# https://www.postgresql.org/about/news/postgresql-14-released-2318/
	if [ "$1" = 'postgres' ]; then
	shift
	fi
	local auth
	# check the default/configured encryption and use that as the auth method
	auth="$(postgres -C password_encryption "$@")"
	: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
	{
	printf '\n'
	if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
	printf '# warning trust is enabled for all connections\n'
	printf '# see https://www.postgresql.org/docs/17/auth-trust.html\n'
	fi
	printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"
	} >> "$PGDATA/pg_hba.conf"
	}

Note that we don't do anything IP-based, so this is probably a rule generated by PostgreSQL's own initdb when it generates the file. 🤔