From 9e5684b9abbdc15f4e86f2e9d96a6bc667f5fa70 Mon Sep 17 00:00:00 2001
From: pieter <pieter@noreply.git.cafepieters.com>
Date: Thu, 20 Nov 2025 07:24:49 +0000
Subject: [PATCH] =?UTF-8?q?templates/deployment.yaml=20=E3=82=92=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 templates/deployment.yaml | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index 6533fc9..1bfa2f7 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -30,12 +30,26 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-      - name: init-php-fpm
+      - name: copy-phpmyadmin
         image: "{{ .Values.image.phpmyadmin.registry }}/{{ .Values.image.phpmyadmin.repository }}:{{ .Values.image.phpmyadmin.tag }}"
         imagePullPolicy: {{ .Values.image.phpmyadmin.pullPolicy }}
-        command: ['sh', '-c', 'echo "PHP-FPM init container completed"']
+        command: 
+          - sh
+          - -c
+          - |
+            echo "Copying phpMyAdmin files to shared volume..."
+            cp -rp /var/www/html/. /tmp/phpmyadmin/
+            echo "Copy completed successfully"
         securityContext:
-          {{- toYaml .Values.securityContext.phpmyadmin | nindent 10 }}
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsNonRoot: true
+          runAsUser: 82
+        volumeMounts:
+        - name: phpmyadmin-data
+          mountPath: /tmp/phpmyadmin
       containers:
       - name: nginx
         securityContext:
@@ -79,7 +93,6 @@ spec:
           mountPath: /var/run
         - name: phpmyadmin-data
           mountPath: /var/www/html
-          readOnly: true
       - name: phpmyadmin
         securityContext:
           {{- toYaml .Values.securityContext.phpmyadmin | nindent 10 }}
@@ -134,6 +147,10 @@ spec:
         volumeMounts:
         - name: phpmyadmin-data
           mountPath: /var/www/html
+        - name: phpmyadmin-config
+          mountPath: /etc/phpmyadmin/config.user.inc.php
+          subPath: config.inc.php
+          readOnly: true
         {{- if .Values.persistence.enabled }}
         - name: sessions
           mountPath: /sessions
@@ -153,6 +170,12 @@ spec:
           items:
           - key: default.conf
             path: default.conf
+      - name: phpmyadmin-config
+        configMap:
+          name: {{ include "phpmyadmin-nginx.fullname" . }}
+          items:
+          - key: config.inc.php
+            path: config.inc.php
       - name: nginx-cache
         emptyDir: {}
       - name: nginx-run