Hi there
We are having issues getting ignition on the openshift platform, the image keeps crashing due to permissions denied, I have followed the examples from the image documentation
init | 2025/05/22 13:14:34 | WARNING: IGNITION_UID='2003' and IGNITION_GID='2003' are ignored when not running as root (uid=0), detected uid=1000790000
init | 2025/05/22 13:14:34 | Creating init.properties file
init | 2025/05/22 13:14:34 | Creating gateway.xml
cp: cannot create regular file '/usr/local/bin/ignition/data/gateway.xml': Permission denied
I also tried building an image with heightened read/writes rights to the folders but that is not working
Can someone provide me with a clear explanation on how to fix this ?
The default SCC (Security Context Constraint) on OpenShift is restricted, which enforces randomized UID/GID assignments (such as the 1000790000 mentioned in your logs). This breaks the current filesystem permissions in our image. We've got a ticket to fix this up, however...
...the options at this time are:
- Create/use a service account with an association to the
nonroot security context. This will allow Ignition to run as UID/GID 2003 (the default in our image). This guide will be helpful.
- Build a derived image that changes the Ignition installation to have
root group ownership (and root group write access) of the installation files (OpenShift leverages this to facilitate r/w via adding the dynamic UID to the root group).
If you go with option 2, this Dockerfile should get you going (consider squashing the image afterwards, as this operation will add a large layer due to the permission changes):
FROM inductiveautomation/ignition:8.1.48
USER root
RUN chgrp -R 0 /usr/local/bin/ignition /home/ignition && \
chmod -R g=u /usr/local/bin/ignition /home/ignition
ENV HOME=/home/ignition
USER 2003:2003
1 Like
that did the trick, thanks