When trying to install a gateway using the gateway helm charts 

helm install layer7 layer7/gateway --set-file "license.value=/Broadcom/license.xml" --set "license.accept=true" -f ./custom-values.yaml

We get the next error:

Error: INSTALLATION FAILED: failed pre-install: serviceaccounts "layer7-gateway" is forbidden: User "xxxxxx" cannot delete resource "serviceaccounts" in API group "" in the namespace "xxxxxxxx

why do we need  a service account ?

The service account is used by the pmtagger pod.

This pod needs to query kubenetes API and update some of the networks to ensure policymanager traffic only goes to one pod .

ServiceAccount:
 # name:
  create: true
 # If pmtagger is enabled the Gateway Service Account will need to have 
 # list/patch permissions for Pods.
  rbac:
    create: true