Running the API Gateway Docker Image with the sagadmin User

If you do not want to use the default OpenShift behavior of starting the webMethods API Gateway container with an arbitrary root group user, you have to create a special service account with corresponding permissions using the oc command line tool of OpenShift.

To run the webMethods API Gateway Docker image with the built-in sagadmin user

  1. Switch to the webMethods API Gateway project where you intend to deploy webMethods API Gateway.
    oc project API Gateway project name
  2. Create a service account runassagadmin.
    oc create serviceaccount runassagadmin 
  3. Assign the permission to the service account runassagadmin to use the built-in user of the Docker image.
    oc adm policy add-scc-to-user anyuid -z runassagadmin 
    Note: You must have OpenShift administrator privileges to perform this step.
  4. In the DeploymentConfig.yaml file for webMethods API Gateway, set the field spec.template.spec.serviceAccountName to the name of the newly created service account.
    apiVersion: apps.openshift.io/v1
    kind: DeploymentConfig
    metadata:
      name: api-gateway-deployment
     
    spec: 
      template:
        spec:
          serviceAccountName: runassagadmin
    
    In the webMethods API Gateway sample YAML file, described in OpenShift Sample Files section, the serviceAccountName field is pre-populated with the default service account default for OpenShift.
  5. Apply the modified DeploymentConfig YAML file.
    oc apply -f modified deploymentconfig for API Gateway