When installing Sonatype IQ Server using helm charts, the following error may be observed during pod startup:
com.sonatype.insight.brain.service.InsightFileLock - Failed to write lock file /sonatype-work/lock
java.io.FileNotFoundException: /sonatype-work/lock (Permission denied)
This error indicates that the sonatype-work directory cannot be accessed by the user running Sonatype IQ Server. It can be caused by the uid by which the pod is trying to access the filesystem. By default, in the docker container, IQ Server runs as user "nexus", and that user has uid=997. The sonatype-work directory needs to be accessible by this user. Alternatively, custom configuration options including security context can be set via the values.yaml file.
Reference:
https://github.com/sonatype/helm3-charts/tree/master/charts/nexus-iq