I am trying to run pgAdmin4 in Kubernetes but i always get "Refused to execute script, strict MIME type checking is enabled?" error and other errors.
According to strict MIME type checking is enabled issue with PGAdmin in Azure application gateway and https://github.com/pgadmin-org/pgadmin4/issues/7412 there should be a problem with azure.
The kubernetes is running in AKS so I guess it is als my problem because it is running locally without problems.
Here is the kubernetes statefullset:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: pgadmin
namespace: {{ NAMESPACE_NAME }}
spec:
serviceName: pgadmin-service
podManagementPolicy: Parallel
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: pgadmin
role: database
template:
metadata:
name: my-deployment
labels:
app: pgadmin
role: database
spec:
terminationGracePeriodSeconds: 10
initContainers:
- name: create-readonly-user
image: "{{ POSTGRES_IMAGE }}"
imagePullPolicy: "Always"
env:
- name: CONNECTION_STRING
value: "{{ CONNECTION_STRING}}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: postgres-readonly-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: postgres-readonly-password
command: [ "/bin/bash" ]
args:
- -c
- >
psql "${CONNECTION_STRING:?}" -c "CREATE ROLE ${POSTGRES_USER:?} WITH LOGIN PASSWORD '${POSTGRES_PASSWORD:?}'"
psql "${CONNECTION_STRING:?}" -c "GRANT pg_read_all_data TO ${POSTGRES_USER:?}"
containers:
- name: pgadmin
image: dpage/pgadmin4:8.13.0
imagePullPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
env:
- name: PGADMIN_DEFAULT_EMAIL
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: pgadmin-default-email
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: pgadmin-default-password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: postgres-readonly-username
# https://stackoverflow.com/questions/64394628/csrf-token-is-missing-error-in-docker-pgadmin
- name: PGADMIN_CONFIG_WTF_CSRF_CHECK_DEFAULT
value: "False"
- name: PGADMIN_CONFIG_WTF_CSRF_ENABLED
value: "False"
ports:
- name: http
containerPort: {{ PGADMIN_CONTAINER_PORT }}
protocol: TCP
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
- name: servers-file
mountPath: /conf
- name: cfg-file
mountPath: /cfg
lifecycle:
postStart:
exec:
# sh: envsubst: command not found in container image
command: ["/bin/sh", "-c", "sed \"s/<<<POSTGRES_USER>>>/${POSTGRES_USER}/g\" /conf/servers.json > /pgadmin4/servers.json && cp -v /cfg/config_local.py /pgadmin4/config_local.py && ls -lisah /pgadmin4 && cat /pgadmin4/config_local.py"]
volumes:
- name: servers-file
configMap:
name: pgadmin-configmap-servers-file
items:
- key: "servers.json"
path: "servers.json"
- name: cfg-file
configMap:
name: pgadmin-configmap-cfg-file
items:
- key: "config_local.py"
path: "config_local.py"
volumeClaimTemplates:
- metadata:
name: pgadmin-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
And here is the configmap for the configfile:
apiVersion: v1
kind: ConfigMap
metadata:
name: pgadmin-configmap-cfg-file
namespace: {{ NAMESPACE_NAME }}
labels:
app: postgres
data:
"config_local.py": |
X_CONTENT_TYPE_OPTIONS = ""
ENHANCED_COOKIE_PROTECTION = False
X_XSS_PROTECTION = "0"
The init container is working fine. It creates the user for pgAdmin. Also the servers file which is used is working. I copy the servers file to /pgadmin4/servers.json. I also copy the config_local.py is this directory because I found the the config.py in this directory. The documentation in https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html means this file should maybe moved to /etc/pgadmin/config_system.py but as I understand this is only for the config_system.py and not the config_local.py.
According to strict MIME type checking is enabled issue with PGAdmin in Azure application gateway and https://github.com/pgadmin-org/pgadmin4/issues/7412 I created the config file with the content which is needed to fix the issue in Azure but I still have the error.
I am not sure if the config file is working because I dont have access rights to the kubernetes container to check if the file exists and also if it in the right place so I add an option called CHECK_EMAIL_DELIVERABILITY = True but the boot of the pgAdmin container still says:
│ pgadmin email config is {'CHECK_EMAIL_DELIVERABILITY': False, 'ALLOW_SPECIAL_EMAIL_DOMAINS': []} │
│ pgadmin NOTE: Configuring authentication for SERVER mode. │
│ pgadmin │
│ pgadmin pgAdmin 4 - Application Initialisation │
│ pgadmin ====================================== │
│ pgadmin │
│ pgadmin ---------- │
│ pgadmin Loading servers with:
Am I doing something wrong? I try to print the file and directory content with post start cycle command but I dont see the output. Any tipps or tricks to debug?
