/var/log/nginx/error.log on OpenShift

[Skiepp]

Chart 3.0.0 cannot be deployed on Openshift due to error on frontend:

Using /etc/nginx/nginx.conf for nginx
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2023/10/20 10:29:13 [emerg] 7#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)

Current id of the pod:

sh-4.4$ id       
uid=1000690000(1000690000) gid=0(root) groups=0(root),1000690000

Current directory permissions:

sh-4.4$ ls -lan /var/log      
total 0
drwxr-xr-x. 1     0     0 19 Oct  4 14:18 .
drwxr-xr-x. 1     0     0 17 Sep 13 02:11 ..
-rw-rw----. 1     0    22  0 Oct  4 14:18 btmp
-rw-rw-r--. 1     0    22  0 Oct  4 14:18 lastlog
drwxrwx---. 1 65534 65534  6 Dec 21  2021 nginx
drwx------. 2     0     0  6 Oct  4 14:18 private
-rw-rw-r--. 1     0    22  0 Oct  4 14:18 wtmp

This is probably due to OpenShift ID management.

Workaround is to manually edit the deploy with:
serviceAccountName: <serviceaccount>

And add the serviceaccount and the adm policy anyuid manually.
Also running as root a frontend is not recommended.

[luanfrj]

Hello! I also faced the same issue. I did mount the /var/log/nginx dir as an EmptyDir volume.

[Calvinaud]

Hello,
This issue is also related to: litmuschaos/litmus#3882.
Another solution if needed (but not really clean) was to runAsUser: 65534 with the nonroot scc.

[Jonsy13]

Thanks @Skiepp @luanfrj for raising this issue. As @Calvinaud already raised fix for same & it has been merged & released. Feel free to upgrade to latest version & let us know if issues still persists.