When trying to install a gateway using the gateway helm charts
helm install layer7 layer7/gateway --set-file "license.value=/Broadcom/license.xml" --set "license.accept=true" -f ./custom-values.yaml
We get the next error:
Error: INSTALLATION FAILED: failed pre-install: serviceaccounts "layer7-gateway" is forbidden: User "xxxxxx" cannot delete resource "serviceaccounts" in API group "" in the namespace "xxxxxxxx
why do we need a service account ?
The service account is used by the pmtagger pod.
This pod needs to query kubenetes API and update some of the networks to ensure policymanager traffic only goes to one pod .
ServiceAccount:
# name:
create: true
# If pmtagger is enabled the Gateway Service Account will need to have
# list/patch permissions for Pods.
rbac:
create: true