Search code examples
azurephpmyadminmariadbazure-aks

phpMyAdmin on AKS (Kubernetes) to connect azure MariaDb failed with "No such file or directory"

I run a MariaDB PaaS on azure with SSL and run phpMyAdmin on AKS. By trying to connect I get a very unclear message: Cannot log in to the MySQL server and mysqli::real_connect(): (HY000/2002): No such file or directory

At this point ssl is not the issue. I've tried the same without enforcing ssl on the DB side and configured phpmyadmin without those ssl settings.

I also tested the connectivity from the phpmyadmin pod using curl -v telnet://my-database-12345.mariadb.database.azure.com:3306 successfully.

This is how I tried to get phpmyadmin working with azure mariadb:

apiVersion: v1
kind: Namespace
metadata:
  name: pma
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pma-cfg
  namespace: pma
  labels:
    app: phpmyadmin
data:
  config-user-inc: |
    <?php
      $i = 0;
      $i++;
      $cfg['Servers'][$i]['auth_type'] = 'cookie';
      $cfg['Servers'][$i]['host'] = 'my-database-12345.mariadb.database.azure.com';
      $cfg['Servers'][$i]['port'] = '3306';
      $cfg['Servers'][$i]['ssl'] = true;
      $cfg['Servers'][$i]['ssl_ca'] = 'ssl/BaltimoreCyberTrustRoot.crt.pem';
      $cfg['Servers'][$i]['ssl_verify'] = false;
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ssl-cert
  namespace: oneup
  labels:
    app: phpmyadmin
data:
  ssl-cert: |
    -----BEGIN CERTIFICATE-----
    # truncated BaltimoreCyberTrustRoot.crt
    -----END CERTIFICATE-----
---
apiVersion: v1
kind: Service
metadata:
  name: internal-pma
  namespace: pma
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  type: LoadBalancer
  loadBalancerIP: 10.xxx.xxx.xxx
  ports:
    - port: 80
      targetPort: pma
  selector:
    app: pma
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pma
  namespace: pma
  labels:
    app: pma
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pma
  template:
    metadata:
      labels:
        app: pma
    spec:
      containers:
        - name: pma
          image: phpmyadmin/phpmyadmin
          ports:
            - containerPort: 80
              name: pma
          volumeMounts:
            - name: pma-cfg
              mountPath: /etc/phpmyadmin/
            - name: ssl-cert
              mountPath: /etc/phpmyadmin/ssl/
      volumes:
        - name: pma-cfg
          configMap:
            name: pma-cfg
            items:
              - key: config-user-inc
                path: config.user.inc.php
        - name: ssl-cert
          configMap:
            name: ssl-cert
            items:
              - key: ssl-cert
                path: BaltimoreCyberTrustRoot.crt.pem

Many thanks!

Solution

  • When mounting an custom configuration for phpmyadmin without using any environment variables (which is required if you use ssl), there's no default config file generated by the image.

    Eg: if you start the pod like:

    apiVersion: apps/v1
...
    spec:
      containers:
        - name: pma
          image: phpmyadmin/phpmyadmin
          env:
            name: PMA_HOST
            value: myhost.local
          ports:
            - containerPort: 80
              name: pma

    A config.inc.php file will be generated in /etc/phpmyadmin

    By mounting an config.user.inc.php, no config.inc.php will be generated.

    What I did

    is copying the content from /var/www/html/config.sample.inc.php in my configMap and do the needful changes for my azure mariadb:

    ConfigMap:

    apiVersion: v1
kind: ConfigMap
metadata:
  name: pma-cfg
  namespace: pma
  labels:
    app: pma
data:
  config-inc: |
    <?php
    declare(strict_types=1);
    $cfg['blowfish_secret'] = '*****'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
    $i = 0;
    $i++;

    /* Authentication type */
    $cfg['Servers'][$i]['auth_type'] = 'cookie';
    /* Server parameters */
    $cfg['Servers'][$i]['host'] =  'mydb123456.mariadb.database.azure.com';
    $cfg['Servers'][$i]['compress'] = false;
    $cfg['Servers'][$i]['AllowNoPassword'] = false;

    /* SSL */
    $cfg['Servers'][$i]['ssl'] = true;
    $cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ssl/BaltimoreCyberTrustRoot.crt.pem';
    $cfg['Servers'][$i]['ssl_verify'] = true;

    /* Directories for saving/loading files from server */
    $cfg['UploadDir'] = '';
    $cfg['SaveDir'] = '';

  ssl-cert: |
    -----BEGIN CERTIFICATE-----
    # Trunkated BaltimoreCyberTrustRoot.crt
    -----END CERTIFICATE-----

    Finally mount the config map to the deployment:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: pma
  namespace: pma
  labels:
    app: pma
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pma
  template:
    metadata:
      labels:
        app: pma
    spec:
      containers:
        - name: pma
          image: phpmyadmin/phpmyadmin
          ports:
            - containerPort: 80
              name: pma
          volumeMounts:
            - name: pma-cfg
              mountPath: /etc/phpmyadmin/
      volumes:
         - name: pma-cfg
           configMap:
             name: pma-cfg
             items:
               - key: config-inc
                 path: config.inc.php
               - key: ssl-cert
                 path: ssl/BaltimoreCyberTrustRoot.crt.pem

    Maybe it will help others too.

    Cheers!