Running the API Gateway Docker Image with the sagadmin User

About this task

If you do not want to use the default OpenShift behavior of starting the API Gateway container with an arbitrary root group user, you have to create a special service account with corresponding permissions using the oc command line tool of OpenShift.

To run the API Gateway Docker image with the built-in sagadmin user

Procedure

  1. Switch to the API Gateway project where you intend to deploy API Gateway.
    oc project API Gateway project name
  2. Create a service account runassagadmin.
    oc create serviceaccount runassagadmin 
  3. Assign the permission to the service account runassagadmin to use the built-in user of the Docker image.
    oc adm policy add-scc-to-user anyuid -z runassagadmin 
    Note: You must have OpenShift administrator privileges to perform this step.
  4. In the DeploymentConfig.yaml file for API Gateway, set the field spec.template.spec.serviceAccountName to the name of the newly created service account.
    apiVersion: apps.openshift.io/v1
    kind: DeploymentConfig
    metadata:
      name: api-gateway-deployment
     
    spec: 
      template:
        spec:
          serviceAccountName: runassagadmin
    
    In the API Gateway sample YAML file, described in OpenShift Sample Files section, the serviceAccountName field is pre-populated with the default service account default for OpenShift.
  5. Apply the modified DeploymentConfig YAML file.
    oc apply -f modified deploymentconfig for API Gateway
    Note: The API Gateway Docker image referenced in the DeploymentConfig YAML file can be any API Gateway Docker image. It is not necessary to build it using the --target.configuration parameter as described in Building a Docker Image for an API Gateway Instance in OpenShift Environment.