Dispatcher pod failed during upgrade of 5.3.3 version in open shift
search cancel

Dispatcher pod failed during upgrade of 5.3.3 version in open shift

book

Article ID: 410503

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Due to the vulnerabilities detected, the customer has started upgrading to version 5.3.3 with helm 2.3.16 but one of the images stopped working:



Logs:

BLAH !!ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,kEDH+AESGCM,!aNULL,!eNULL,!EXPORT,!DES,!RC4,!3DES,!MD5,!PSK!!
sed: can't read /www/data/dev/index.html: No such file or directory
INFO: Skipping custom URL configuration. Set CUSTOM_URLS_ENABLED variable to true to enable.
echo '##############################************************************################################' echo '##############################*********FCGIWRAP SCRIPT************################################' echo '##############################************************************################################' 2025/08/04 10:11:10 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)


And this was not the case with dispatcher 5.3.2 


Logs:

sed: /www/data/dev/index.html: No such file or directory
INFO: Skipping custom URL configuration. Set CUSTOM_URLS_ENABLED variable to true to enable.
echo '##############################************************************################################' echo '##############################*********FCGIWRAP SCRIPT************################################' echo '##############################************************************################################' 10.000.0.0 - - [04/Aug/2025:10:06:25 +0000] "GET /nginx_status HTTP/1.1" 200 97 "-" "kube-probe/1.29"
10.000.0.0 - - [04/Aug/2025:10:06:25 +0000] "GET /nginx_status HTTP/1.1" 200 97 "-" "kube-probe/1.29"


They use their own service account and are not allowed to modify.

Environment

API Portal 5.3.3

Resolution

It is recommended to create a service account with name 'portal-sa'. 

If the customer has restrictions in doing that, then they can try the below approach:

The customer can extend the dispatcher Deployment template to allow users to define volumes via values.yaml

      volumes:
        {{- if .Values.dispatcher.volumes }}
        {{- toYaml .Values.dispatcher.volumes | nindent 8 }}
        {{- end }}

      containers:
        - name: dispatcher
          ...
          volumeMounts:
            {{- if .Values.dispatcher.volumeMounts }}
            {{- toYaml .Values.dispatcher.volumeMounts | nindent 12 }}
            {{- end }}

 

Example values.yaml usage for OpenShift

dispatcher:
  volumes:
    - name: nginx-cache
      emptyDir: {}
  volumeMounts:
    - name: nginx-cache
      mountPath: /var/cache/nginx

This way:

  • Helm doesn’t hardcode volumes into the chart

  • Customers can enable/disable them via values.yaml

  • OpenShift users can comply with SCC restrictions without editing templates

Powered by Wolken Software