API Gateway 10.11 | Administering API Gateway | Container-based Provisioning | Kubernetes Support | OpenShift Support | Running the API Gateway Docker Image with the sagadmin User
 
Running the API Gateway Docker Image with the sagadmin User
If you do not want to use the default OpenShift behavior of starting the API Gateway container with an arbitrary root group user, you have to create a special service account with corresponding permissions using the oc command line tool of OpenShift.
*To run the API Gateway Docker image with the built-in sagadmin user
1. Switch to the API Gateway project where you intend to deploy API Gateway.
oc project API Gateway project name
2. Create a service account runassagadmin.
oc create serviceaccount runassagadmin
3. Assign the permission to the service account runassagadmin to use the built-in user of the Docker image.
oc adm policy add-scc-to-user anyuid -z runassagadmin
Note:
You must have OpenShift administrator privileges to perform this step.
4. In the DeploymentConfig.yaml file for API Gateway, set the field spec.template.spec.serviceAccountName to the name of the newly created service account.
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: api-gateway-deployment

spec:
template:
spec:
serviceAccountName: runassagadmin
In the API Gateway sample YAML file, described in OpenShift Sample Files section, the serviceAccountName field is pre-populated with the default service account default for OpenShift.
5. Apply the modified DeploymentConfig YAML file.
oc apply -f modified deploymentconfig for API Gateway
Note:
The API Gateway Docker image referenced in the DeploymentConfig YAML file can be any API Gateway Docker image. It is not necessary to build it using the --target.configuration parameter as described in Building a Docker Image for an API Gateway Instance in OpenShift Environment.