The policy is being created by tyk-operator.
The user who is running the Tyk process in the container has write access to the policies file.
Here is a bit of the relevant configuration (/etc/tyk-gateway/tyk.conf):
"policies": {
"allow_explicit_policy_id": true,
"policy_source": "file",
"policy_record_name": "/mnt/tyk-gateway/policies/policies.json"
},
Addition: it seems like the Tyk process inside a container can’t create a temporary file, but without knowing exact path it’s hard to debug.