[CREDITS] This bug was found by @shreyabiradar07 Raising it on her behalf
Describe the bug
When deploying the Kruize UI (NGINX-based frontend) on OpenShift, the container fails to start and enters a CrashLoopBackOff state due to filesystem permission errors. This occurs even when using the nginx-unprivileged base image.
The issue appears to be related to OpenShift’s restricted security context, where containers run with a randomly assigned non-root UID, causing write operations to fail on default NGINX paths.
Logs:
mkdir() "/var/cache/nginx/proxy_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/proxy_temp" failed (13: Permission denied)
open() "/run/nginx.pid" failed (13: Permission denied)
nginx: [emerg] open() "/run/nginx.pid" failed (13: Permission denied)
Environment:
Platform: OpenShift (restricted SCC)
Deployment Type: Kubernetes Deployment
Runtime User: Random non-root UID (OpenShift default)
[CREDITS] This bug was found by @shreyabiradar07 Raising it on her behalf
Describe the bug
When deploying the Kruize UI (NGINX-based frontend) on OpenShift, the container fails to start and enters a CrashLoopBackOff state due to filesystem permission errors. This occurs even when using the nginx-unprivileged base image.
The issue appears to be related to OpenShift’s restricted security context, where containers run with a randomly assigned non-root UID, causing write operations to fail on default NGINX paths.
Logs:
Environment:
Platform: OpenShift (restricted SCC)
Deployment Type: Kubernetes Deployment
Runtime User: Random non-root UID (OpenShift default)