Drop-in replacement for the official image.
- Unprivileged image: you should check your volumes' permissions (eg
/var/lib/mysql), default UID/GID is 3003. We cannot use 999 like upstream as it is already used by another user. - Built on top of Alpine, with MariaDB provided by Alpine repositories.
- Alpine tends to be behind upstream MariaDB and stick to LTS branches, so you will not get the latest version of MariaDB with this image.
- Generally more up-to-date packages in the OS than Red Hat UBI.
- Low number of vulnerabilities.
- Galera is only supported on
x86_64builds. - Tag:
alpine. Should Alpine start getting the latest MariaDB versions, it will get thelatesttag.
- Unprivileged image: you should check your volumes' permissions (eg
/var/lib/mysql), default UID/GID is 999. - Built on the upstream MariaDB UBI image.
- Removes unnecessary gosu SUID binary.
- Uses FUTURE crypto policy.
- Has a lot of outdated packages with maybe some downstream patching.
- Generates a lot of vulnerbility scanner noise - hard to tell what is a false positive and what is not.
- Source: https://github.com/Polarix-Containers/mariadb-ubi
mariadb:
container_name: mariadb
restart: unless-stopped
image: ghcr.io/polarix-containers/mariadb:11.4-alpine
volumes:
- "./mariadb:/var/lib/mysql:Z"
environment:
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
- MARIADB_DATABASE=${MARIADB_DATABASE}
- MARIADB_USER=${MARIADB_USER}
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
user: "3003:3003"
read_only: true
tmpfs:
- /var/tmp:mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
- /run/mariadb:size=50M,mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
- Licensed under GPL 2 to comply with licensing by MariaDB.
- Any image built by Polarix Containers is provided under the combination of license terms resulting from the use of individual packages.