Running the API Gateway Docker Image with the sagadmin User
If you do not want to use the default OpenShift behavior of starting the API Gateway container with an arbitrary root group user, you have to create a special service account with corresponding permissions using the oc command line tool of OpenShift.
To run the
API Gateway Docker image with the built-in sagadmin user
1. Switch to the API Gateway project where you intend to deploy API Gateway.
oc project API Gateway project name
2. Create a service account runassagadmin.
oc create serviceaccount runassagadmin
3. Assign the permission to the service account runassagadmin to use the built-in user of the Docker image.
oc adm policy add-scc-to-user anyuid -z runassagadmin
Note:
You must have OpenShift administrator privileges to perform this step.
4. In the DeploymentConfig.yaml file for API Gateway, set the field spec.template.spec.serviceAccountName to the name of the newly created service account.
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: api-gateway-deployment
spec:
template:
spec:
serviceAccountName: runassagadmin
In the
API Gateway sample YAML file, described in
OpenShift Sample Files section, the
serviceAccountName field is pre-populated with the default service account
default for OpenShift.
5. Apply the modified DeploymentConfig YAML file.
oc apply -f modified deploymentconfig for API Gateway