diff --git a/doc/administration/geo/setup/database.md b/doc/administration/geo/setup/database.md
index bc4128deb4a06c3cbe34f9a16fc1e155fb6f564e..706d13829006733a1fe872feebb20e69e35ae32a 100644
--- a/doc/administration/geo/setup/database.md
+++ b/doc/administration/geo/setup/database.md
@@ -571,6 +571,13 @@ Leader instance**:
patroni['password'] = 'PATRONI_API_PASSWORD'
patroni['replication_password'] = 'PLAIN_TEXT_POSTGRESQL_REPLICATION_PASSWORD'
+ # Add all patroni nodes to the allowlist
+ patroni['allowlist'] = %w[
+ 127.0.0.1/32
+ PATRONI_PRIMARY1_IP/32 PATRONI_PRIMARY2_IP/32 PATRONI_PRIMARY3_IP/32
+ PATRONI_SECONDARY1_IP/32 PATRONI_SECONDARY2_IP/32 PATRONI_SECONDARY3_IP/32
+ ]
+
# We list all secondary instances as they can all become a Standby Leader
postgresql['md5_auth_cidr_addresses'] = %w[
PATRONI_PRIMARY1_IP/32 PATRONI_PRIMARY2_IP/32 PATRONI_PRIMARY3_IP/32 PATRONI_PRIMARY_PGBOUNCER/32
@@ -725,6 +732,13 @@ For each Patroni instance on the secondary site:
# Any other instance that needs access to the database as per documentation
]
+
+ # Add patroni nodes to the allowlist
+ patroni['allowlist'] = %w[
+ 127.0.0.1/32
+ PATRONI_SECONDARY1_IP/32 PATRONI_SECONDARY2_IP/32 PATRONI_SECONDARY3_IP/32
+ ]
+
patroni['standby_cluster']['enable'] = true
patroni['standby_cluster']['host'] = 'INTERNAL_LOAD_BALANCER_PRIMARY_IP'
patroni['standby_cluster']['port'] = INTERNAL_LOAD_BALANCER_PRIMARY_PORT
@@ -903,6 +917,12 @@ For each Patroni instance on the secondary site for the tracking database:
# Any other instance that needs access to the database as per documentation
]
+ # Add patroni nodes to the allowlist
+ patroni['allowlist'] = %w[
+ 127.0.0.1/32
+ PATRONI_TRACKINGDB1_IP/32 PATRONI_TRACKINGDB2_IP/32 PATRONI_TRACKINGDB3_IP/32
+ ]
+
# Patroni configuration
patroni['username'] = 'PATRONI_API_USERNAME'
patroni['password'] = 'PATRONI_API_PASSWORD'
diff --git a/doc/administration/postgresql/replication_and_failover.md b/doc/administration/postgresql/replication_and_failover.md
index 0647f7db8c51199b044e7a442b3c431fa8e4b5b8..d37d61048e2f04284f6492c1a04705b91af43b1c 100644
--- a/doc/administration/postgresql/replication_and_failover.md
+++ b/doc/administration/postgresql/replication_and_failover.md
@@ -257,6 +257,9 @@ patroni['postgresql']['max_replication_slots'] = X
# available database connections.
patroni['postgresql']['max_wal_senders'] = X+1
+# Replace XXX.XXX.XXX.XXX/YY with Network Addresses for your other patroni nodes
+patroni['allowlist'] = %w(XXX.XXX.XXX.XXX/YY 127.0.0.1/32)
+
# Replace XXX.XXX.XXX.XXX/YY with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(XXX.XXX.XXX.XXX/YY 127.0.0.1/32)
@@ -572,6 +575,7 @@ patroni['password'] = 'PATRONI_API_PASSWORD'
patroni['postgresql']['max_replication_slots'] = 6
patroni['postgresql']['max_wal_senders'] = 7
+patroni['allowlist'] = = %w(10.6.0.0/16 127.0.0.1/32)
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/16 127.0.0.1/32)
# Configure the Consul agent
@@ -664,6 +668,7 @@ patroni['password'] = 'PATRONI_API_PASSWORD'
# available database connections.
patroni['postgresql']['max_wal_senders'] = 7
+patroni['allowlist'] = = %w(10.6.0.0/16 127.0.0.1/32)
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/16 127.0.0.1/32)
consul['configuration'] = {
diff --git a/doc/administration/reference_architectures/10k_users.md b/doc/administration/reference_architectures/10k_users.md
index d34d378acfd7d950c570ea3cb03e6b8bf402676e..de5913cb777c425d48d1dab0f0876a8101b1304d 100644
--- a/doc/administration/reference_architectures/10k_users.md
+++ b/doc/administration/reference_architectures/10k_users.md
@@ -601,7 +601,10 @@ in the second step, do not supply the `EXTERNAL_URL` value.
patroni['username'] = '<patroni_api_username>'
patroni['password'] = '<patroni_api_password>'
- # Replace XXX.XXX.XXX.XXX/YY with Network Address
+ # Replace 10.6.0.0/24 with Network Addresses for your other patroni nodes
+ patroni['allowlist'] = %w(10.6.0.0/24 127.0.0.1/32)
+
+ # Replace 10.6.0.0/24 with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/24 127.0.0.1/32)
# Set the network addresses that the exporters will listen on for monitoring
diff --git a/doc/administration/reference_architectures/25k_users.md b/doc/administration/reference_architectures/25k_users.md
index 2c6351082fe1b21b15211a078101d55b98c823d1..f04acdba94154fff35ad057022efff0730d30a68 100644
--- a/doc/administration/reference_architectures/25k_users.md
+++ b/doc/administration/reference_architectures/25k_users.md
@@ -603,7 +603,10 @@ in the second step, do not supply the `EXTERNAL_URL` value.
patroni['username'] = '<patroni_api_username>'
patroni['password'] = '<patroni_api_password>'
- # Replace XXX.XXX.XXX.XXX/YY with Network Address
+ # Replace 10.6.0.0/24 with Network Addresses for your other patroni nodes
+ patroni['allowlist'] = %w(10.6.0.0/24 127.0.0.1/32)
+
+ # Replace 10.6.0.0/24 with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/24 127.0.0.1/32)
# Set the network addresses that the exporters will listen on for monitoring
diff --git a/doc/administration/reference_architectures/3k_users.md b/doc/administration/reference_architectures/3k_users.md
index 8acf65b676aa9a5e874687c629e38478b518eb90..2bc60473c44a11915aeec7d2e9d5691b58f3cf41 100644
--- a/doc/administration/reference_architectures/3k_users.md
+++ b/doc/administration/reference_architectures/3k_users.md
@@ -883,7 +883,10 @@ in the second step, do not supply the `EXTERNAL_URL` value.
patroni['username'] = '<patroni_api_username>'
patroni['password'] = '<patroni_api_password>'
- # Replace XXX.XXX.XXX.XXX/YY with Network Address
+ # Replace 10.6.0.0/24 with Network Addresses for your other patroni nodes
+ patroni['allowlist'] = %w(10.6.0.0/24 127.0.0.1/32)
+
+ # Replace 10.6.0.0/24 with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/24 127.0.0.1/32)
# Set the network addresses that the exporters will listen on for monitoring
diff --git a/doc/administration/reference_architectures/50k_users.md b/doc/administration/reference_architectures/50k_users.md
index e3e5e71f363b7de104aa5ade9af5c04f0ba562e6..650b49279ea7a9e51f3985b2cca52ec75dbbb15a 100644
--- a/doc/administration/reference_architectures/50k_users.md
+++ b/doc/administration/reference_architectures/50k_users.md
@@ -611,7 +611,10 @@ in the second step, do not supply the `EXTERNAL_URL` value.
patroni['username'] = '<patroni_api_username>'
patroni['password'] = '<patroni_api_password>'
- # Replace XXX.XXX.XXX.XXX/YY with Network Address
+ # Replace 10.6.0.0/24 with Network Addresses for your other patroni nodes
+ patroni['allowlist'] = %w(10.6.0.0/24 127.0.0.1/32)
+
+ # Replace 10.6.0.0/24 with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/24 127.0.0.1/32)
# Set the network addresses that the exporters will listen on for monitoring
diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md
index 0f8162b14856b2de639adc6c7dead7783a1ccdea..c8e91bc110f71718bdae8e9fc138f23a1ff72edb 100644
--- a/doc/administration/reference_architectures/5k_users.md
+++ b/doc/administration/reference_architectures/5k_users.md
@@ -874,7 +874,10 @@ in the second step, do not supply the `EXTERNAL_URL` value.
patroni['username'] = '<patroni_api_username>'
patroni['password'] = '<patroni_api_password>'
- # Replace XXX.XXX.XXX.XXX/YY with Network Address
+ # Replace 10.6.0.0/24 with Network Addresses for your other patroni nodes
+ patroni['allowlist'] = %w(10.6.0.0/24 127.0.0.1/32)
+
+ # Replace 10.6.0.0/24 with Network Address
postgresql['trust_auth_cidr_addresses'] = %w(10.6.0.0/24 127.0.0.1/32)
# Set the network addresses that the exporters will listen on for monitoring