I run a MariaDB PaaS on azure with SSL and run phpMyAdmin on AKS. By trying to connect I get a very unclear message: Cannot log in to the MySQL server
and mysqli::real_connect(): (HY000/2002): No such file or directory
At this point ssl
is not the issue. I've tried the same without enforcing ssl on the DB side and configured phpmyadmin without those ssl settings.
I also tested the connectivity from the phpmyadmin pod using curl -v telnet://my-database-12345.mariadb.database.azure.com:3306
successfully.
This is how I tried to get phpmyadmin working with azure mariadb:
apiVersion: v1
kind: Namespace
metadata:
name: pma
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pma-cfg
namespace: pma
labels:
app: phpmyadmin
data:
config-user-inc: |
<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = 'my-database-12345.mariadb.database.azure.com';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['ssl_ca'] = 'ssl/BaltimoreCyberTrustRoot.crt.pem';
$cfg['Servers'][$i]['ssl_verify'] = false;
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ssl-cert
namespace: oneup
labels:
app: phpmyadmin
data:
ssl-cert: |
-----BEGIN CERTIFICATE-----
# truncated BaltimoreCyberTrustRoot.crt
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Service
metadata:
name: internal-pma
namespace: pma
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
loadBalancerIP: 10.xxx.xxx.xxx
ports:
- port: 80
targetPort: pma
selector:
app: pma
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pma
namespace: pma
labels:
app: pma
spec:
replicas: 1
selector:
matchLabels:
app: pma
template:
metadata:
labels:
app: pma
spec:
containers:
- name: pma
image: phpmyadmin/phpmyadmin
ports:
- containerPort: 80
name: pma
volumeMounts:
- name: pma-cfg
mountPath: /etc/phpmyadmin/
- name: ssl-cert
mountPath: /etc/phpmyadmin/ssl/
volumes:
- name: pma-cfg
configMap:
name: pma-cfg
items:
- key: config-user-inc
path: config.user.inc.php
- name: ssl-cert
configMap:
name: ssl-cert
items:
- key: ssl-cert
path: BaltimoreCyberTrustRoot.crt.pem
Many thanks!
When mounting an custom configuration for phpmyadmin without using any environment variables (which is required if you use ssl), there's no default config file generated by the image.
Eg: if you start the pod like:
apiVersion: apps/v1
...
spec:
containers:
- name: pma
image: phpmyadmin/phpmyadmin
env:
name: PMA_HOST
value: myhost.local
ports:
- containerPort: 80
name: pma
A config.inc.php
file will be generated in /etc/phpmyadmin
By mounting an config.user.inc.php
, no config.inc.php
will be generated.
is copying the content from /var/www/html/config.sample.inc.php
in my configMap and do the needful changes for my azure mariadb:
ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: pma-cfg
namespace: pma
labels:
app: pma
data:
config-inc: |
<?php
declare(strict_types=1);
$cfg['blowfish_secret'] = '*****'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$i = 0;
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'mydb123456.mariadb.database.azure.com';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
/* SSL */
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ssl/BaltimoreCyberTrustRoot.crt.pem';
$cfg['Servers'][$i]['ssl_verify'] = true;
/* Directories for saving/loading files from server */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
ssl-cert: |
-----BEGIN CERTIFICATE-----
# Trunkated BaltimoreCyberTrustRoot.crt
-----END CERTIFICATE-----
apiVersion: apps/v1
kind: Deployment
metadata:
name: pma
namespace: pma
labels:
app: pma
spec:
replicas: 1
selector:
matchLabels:
app: pma
template:
metadata:
labels:
app: pma
spec:
containers:
- name: pma
image: phpmyadmin/phpmyadmin
ports:
- containerPort: 80
name: pma
volumeMounts:
- name: pma-cfg
mountPath: /etc/phpmyadmin/
volumes:
- name: pma-cfg
configMap:
name: pma-cfg
items:
- key: config-inc
path: config.inc.php
- key: ssl-cert
path: ssl/BaltimoreCyberTrustRoot.crt.pem
Maybe it will help others too.
Cheers!