How to fix an issue with the service account not able to access ingresses?

Article ID:360053034731
1 minute readKnowledge base


I encounter a failure when trying to deploy a new Managed Controller or update it. The error message reads:

Error Failure executing: POST at: Message: Forbidden!Configured service account doesn’t have access. Service account may have been revoked. is forbidden: User "system:serviceaccount:default:cjoc" cannot create resource "ingresses" in API group "" in the namespace "my-namespace".


In some cases, there is a bug in the helm chart in versions lower than in the definition of the cjoc-master-management role. To fix the issue, you should update to version at least to pick the fix in the chart. We recommend that you skip version and and directly pick


In case the update is not a short term solution, you need to modify the cjoc-master-management. Edit the role, locate the definition for the ingress resource and modify it so that it looks like:

- apiGroups:
  - extensions
  - ingresses
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch