Issue
I encounter a failure when trying to deploy a new Managed Controller or update it. The error message reads:
Error Failure executing: POST at:
https://10.0.0.1/apis/networking.k8s.io/v1beta1/namespaces/my-namespace/ingresses
. Message: Forbidden!Configured service account doesn’t have access. Service account may have been revoked. ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:cjoc" cannot create resource "ingresses" in API group "networking.k8s.io" in the namespace "my-namespace".
Resolution
In some cases, there is a bug in the helm chart in versions lower than 2.249.3.1 in the definition of the cjoc-master-management
role.
To fix the issue, you should update to version at least 2.249.3.3 to pick the fix in the chart.
We recommend that you skip version 2.249.3.1 and 2.249.3.2 and directly pick 2.249.3.3.
Workaround
In case the update is not a short term solution, you need to modify the cjoc-master-management
.
Edit the role, locate the definition for the ingress resource and modify it so that it looks like:
- apiGroups: - extensions - networking.k8s.io resources: - ingresses verbs: - create - delete - get - list - patch - update - watch