Permission denied on Pod bootstrap for openshift
search cancel

Permission denied on Pod bootstrap for openshift

book

Article ID: 368786

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

When setting up a Layer7 11 CR1 container on Openshift 4, the gateway pod won't start. Upon checking the logs, the below error was found:

/opt/docker/entrypoint.sh: line 233: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/010_update_cluster_host.xml.req.bundle: Permission denied
Starting gateway in foreground
touch: cannot touch '/opt/SecureSpan/Gateway/node/default/var/preboot': Permission denied
[0.000s][error][logging] Error opening log file '/opt/SecureSpan/Gateway/node/default/var/logs/ssg_gc.log': Permission denied
[0.000s][error][logging] Initialization of output 'file=/opt/SecureSpan/Gateway/node/default/var/logs/ssg_gc.log' using options '(null)' failed.
Invalid -Xlog option '-Xlog:gc*:/opt/SecureSpan/Gateway/node/default/var/logs/ssg_gc.log', see error log for details.

Environment

API Gateway 11.0

Resolution

1. Create a custom SecurityContextConstraints
2. Create a ServiceAccount
3. Create a Cluster Role and a Cluster RoleBinding
4. Modify the annotation to apply the custom SecurityContextConstraints to the deployed object

Powered by Wolken Software