bitnami/mariadb Docker 镜像 - 轩辕镜像

Bitnami Secure Image for MariaDB

What is MariaDB?

MariaDB is an open source, community-developed SQL database server that is widely in use around the world due to its enterprise features, flexibility, and collaboration with leading tech firms.

Overview of MariaDB Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

console
docker run --name mariadb -e ALLOW_EMPTY_PASSWORD=yes REGISTRY_NAME/bitnami/mariadb:latest

Warning: These quick setups are only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the Configuration section for a more secure deployment.

Why use Bitnami Secure Images?

Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?

• Hardened secure images of popular open source software with Near-Zero Vulnerabilities
• Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
• Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
• Software supply chain provenance attestation through in-toto
• First class support for the internet’s favorite Helm charts

Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.

!Alt text !Alt text

If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.

Choosing between the Standard and Minimal image

This asset is available in two flavors: Standard and Minimal; designed to address different use cases and operational needs.

Standard images

The standard images are full-featured, production-ready containers built on top of secure base operating systems. They include:

• The complete runtime and commonly used system tools.
• A familiar Linux environment (shell, package manager, debugging utilities).
• Full compatibility with most CI/CD pipelines and existing workloads.

Recommended for:

• Development and testing environments.
• Workloads requiring package installation or debugging tools.
• Applications that depend on system utilities or shared libraries.

Minimal images

The minimal images are optimized, distroless-style containers derived from a stripped-down base. They only ship what’s strictly necessary to run the application; no shell, package manager, or extra libraries. They provide:

• Smaller size: Faster pull and startup times.
• Reduced *** surface: Fewer components and potential vulnerabilities.
• Simpler maintenance: Fewer dependencies to patch or update.

Recommended for:

• Production environments prioritizing performance and security.
• Regulated or security-sensitive workloads
• Containers built via multi-stage builds (e.g., Golang static binaries).

How to deploy MariaDB in Kubernetes?

Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami MariaDB Chart GitHub repository.

Why use a non-root container?

Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.

Supported tags and respective Dockerfile links

Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.

You can see the equivalence between the different tags by taking a look at the tags-info.yaml file present in the branch folder, i.e bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml.

Subscribe to project updates by watching the bitnami/containers GitHub repo.

Get this image

The recommended way to get the Bitnami MariaDB Docker Image is to pull the prebuilt image from the Docker Hub Registry.

console
docker pull REGISTRY_NAME/bitnami/mariadb:latest

To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.

console
docker pull REGISTRY_NAME/bitnami/mariadb:[TAG]

If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.

console
git clone [***]
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t REGISTRY_NAME/bitnami/APP:latest .

Persisting your database

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/mariadb path. If the mounted directory is empty, it will be initialized on the first run.

console
docker run \
    -e ALLOW_EMPTY_PASSWORD=yes \
    -v /path/to/mariadb-persistence:/bitnami/mariadb \
    REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    volumes:
      - /path/to/mariadb-persistence:/bitnami/mariadb
  ...

NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID 1001.

Connecting to other containers

Using Docker container networking, a MariaDB server running inside a container can easily be accessed by your application containers.

Containers attached to the same network can communicate with each other using the container name as the hostname.

Using the Command Line

In this example, we will create a MariaDB client instance that will connect to the server instance that is running on the same docker network as the client.

Step 1: Create a network

console
docker network create app-tier --driver bridge

Step 2: Launch the MariaDB server instance

Use the --network app-tier argument to the docker run command to attach the MariaDB container to the app-tier network.

console
docker run -d --name mariadb-server \
    -e ALLOW_EMPTY_PASSWORD=yes \
    --network app-tier \
    REGISTRY_NAME/bitnami/mariadb:latest

Step 3: Launch your MariaDB client instance

Finally we create a new container instance to launch the MariaDB client and connect to the server created in the previous step:

console
docker run -it --rm \
    --network app-tier \
    REGISTRY_NAME/bitnami/mariadb:latest mysql -h mariadb-server -u root

Using a Docker Compose file

When not specified, Docker Compose automatically sets up a new network and attaches all deployed services to that network. However, we will explicitly define a new bridge network named app-tier. In this example we assume that you want to connect to the MariaDB server from your own custom application image which is identified in the following snippet by the service name myapp.

yaml
version: '2'

networks:
  app-tier:
    driver: bridge

services:
  mariadb:
    image: REGISTRY_NAME/bitnami/mariadb:latest
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
    networks:
      - app-tier
  myapp:
    image: YOUR_APPLICATION_IMAGE
    networks:
      - app-tier

IMPORTANT:

1. Please update the YOUR_APPLICATION_IMAGE placeholder in the above snippet with your application image
2. In your application container, use the hostname mariadb to connect to the MariaDB server

Launch the containers using:

console
docker-compose up -d

Configuration

Environment variables

Customizable environment variables

Read-only environment variables

Initializing a new instance

When the container is executed for the first time, it will execute the files with extensions .sh, .sql and .sql.gz located at /docker-entrypoint-startdb.d.

In order to have your custom files inside the docker image you can mount them as a volume.

Take into account those scripts are treated differently depending on the extension. While the .sh scripts are executed in all the nodes; the .sql and .sql.gz scripts are only executed in the master nodes. The reason behind this differentiation is that the .sh scripts allow adding conditions to determine what is the node running the script, while these conditions can't be set using .sql nor sql.gz files. This way it is possible to cover different use cases depending on their needs.

NOTE: If you are importing large databases, it is recommended to import them as .sql instead of .sql.gz, as the latter one needs to be decompressed on the fly and not allowing for additional optimizations to import large files.

Passing extra command-line flags to mysqld startup

Passing extra command-line flags to the mysqld service command is possible through the following env var:

• MARIADB_EXTRA_FLAGS: Flags to be appended to the startup command. No defaults

console
docker run --name mariadb -e ALLOW_EMPTY_PASSWORD=yes -e MARIADB_EXTRA_FLAGS='--max-connect-errors=1000 --max_connections=155' REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_EXTRA_FLAGS=--max-connect-errors=1000 --max_connections=155
  ...

Setting character set and collation

It is possible to configure the character set and collation used by default by the database with the following environment variables:

• MARIADB_CHARACTER_SET: The default character set to use. Default: utf8
• MARIADB_COLLATE: The default collation to use. Default: utf8_general_ci

Setting the root password on first run

The root user and password can easily be setup with the Bitnami MariaDB Docker image using the following environment variables:

• MARIADB_ROOT_USER: The database admin user. Defaults to root.
• MARIADB_ROOT_PASSWORD: The database admin user password. No defaults.
• MARIADB_ROOT_PASSWORD_FILE: Path to a file that contains the admin user password. This will override the value specified in MARIADB_ROOT_PASSWORD. No defaults.

Passing the MARIADB_ROOT_PASSWORD environment variable when running the image for the first time will set the password of the MARIADB_ROOT_USER user to the value of MARIADB_ROOT_PASSWORD.

console
docker run --name mariadb -e MARIADB_ROOT_PASSWORD=password123 REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    environment:
      - MARIADB_ROOT_PASSWORD=password123
  ...

Warning The MARIADB_ROOT_USER user is always created with remote access. It's suggested that the MARIADB_ROOT_PASSWORD env variable is always specified to set a password for the MARIADB_ROOT_USER user. In case you want to allow the MARIADB_ROOT_USER user to access the database without a password set the environment variable ALLOW_EMPTY_PASSWORD=yes. This is recommended only for development.

Allowing empty passwords

By default the MariaDB image expects all the available passwords to be set. In order to allow empty passwords, it is necessary to set the ALLOW_EMPTY_PASSWORD=yes env variable. This env variable is only recommended for testing or development purposes. We strongly recommend specifying the MARIADB_ROOT_PASSWORD for any other scenario.

console
docker run --name mariadb -e ALLOW_EMPTY_PASSWORD=yes REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
  ...

Creating a database on first run

By passing the MARIADB_DATABASE environment variable when running the image for the first time, a database will be created. This is useful if your application requires that a database already exists, saving you from having to manually create the database using the MySQL client.

console
docker run --name mariadb \
    -e ALLOW_EMPTY_PASSWORD=yes \
    -e MARIADB_DATABASE=my_database \
    REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_DATABASE=my_database
  ...

Creating a database user on first run

You can create a restricted database user that only has permissions for the database created with the MARIADB_DATABASE environment variable. To do this, provide the MARIADB_USER environment variable and to set a password for the database user provide the MARIADB_PASSWORD variable (alternatively, you can set the MARIADB_PASSWORD_FILE with the path to a file that contains the user password). MariaDB supports different authentication mechanisms, such as pam or mysql_native_password. To set it, use the MARIADB_AUTHENTICATION_PLUGIN variable.

console
docker run --name mariadb \
  -e ALLOW_EMPTY_PASSWORD=yes \
  -e MARIADB_USER=my_user \
  -e MARIADB_PASSWORD=my_password \
  -e MARIADB_DATABASE=my_database \
  REGISTRY_NAME/bitnami/mariadb:latest

or by modifying the docker-compose.yml file present in this repository:

yaml
services:
  mariadb:
  ...
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
      - MARIADB_USER=my_user
      - MARIADB_PASSWORD=my_password
      - MARIADB_DATABASE=my_database
  ...

Note!

_Note: the README for this container is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at [***]