search

phpmyadmin / docker

Docker container for phpMyAdmin
https://hub.docker.com/_/phpmyadmin
GNU General Public License v3.0
655 stars 451 forks source link

working with read only root file system issue #424

Closed atilsensalduz closed 10 months ago

atilsensalduz commented 11 months ago

I'm interested in using the phpMyAdmin image within my Kubernetes environment with heightened security context. However, when attempting to include the readOnlyRootFilesystem: true option, I encounter the error message: "session_start(): failed to read session data: files (path: /sessions)."

I'm curious about the volumes that should be utilized before configuring the root file system as read-only. Could you kindly guide me on the appropriate volumes to use in this scenario?

Thank you for your assistance!

My configuration is like below:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pma
  labels:
    app: phpmyadmin
  namespace: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      automountServiceAccountToken: false
      serviceAccountName: pma-sa
      initContainers:
        - command:
          - /bin/sh
          - -c
          - cp -r /etc/* /config/etc
          image: phpmyadmin/phpmyadmin
          imagePullPolicy: Always
          name: copy
          volumeMounts:
          - mountPath: /config/etc/
            name: etc-config
      containers:
        - name: phpmyadmin
          image: phpmyadmin/phpmyadmin
          ports:
            - containerPort: 80
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          volumeMounts:
            - mountPath: /etc
              name: etc-config
            - mountPath: /tmp
              name: tmpfs
            - mountPath: /var/run
              name: var-run
          env:
            - name: PMA_PORT
              value: "3306"
          resources:
            limits:
              cpu: "500m"
              memory: "512Mi"
            requests:
              cpu: "500m"
              memory: "512Mi"
      volumes:
        - emptyDir: {}
          name: etc-config
        - emptyDir: {}
          name: tmpfs
        - emptyDir: {}
          name: var-run
williamdes commented 10 months ago

Hi !

Thank you for reporting this, you need to add another volume for the PHP sessions to work: /sessions Does it work fine afterwards?

atilsensalduz commented 10 months ago

Thanks @williamdes. I'm really appreciated