Menu
After updating the ingress paths from '/' to '/test', the new path does not work and i still keep getting redirected to the old '/' path. Any ideas on how to update nginx-ingress controller for updated ingresses?
Update: I get following in my ingress-controller logs
kubectl logs --tail=10 nginx-ingress-controller-6b5498d8dc-vsdpl
E0923 17:03:11.440951 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:03:25.947663 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:03:35.337064 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
E0923 17:03:39.800610 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:03:45.983141 9 main.go:49] Error getting node 192.168.0.81: nodes "192.168.0.81" is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot get resource "nodes" in API group "" at the cluster scope
E0923 17:03:57.179763 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "configmaps" in API group "" at the cluster scope
E0923 17:03:57.609798 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "endpoints" in API group "" at the cluster scope
E0923 17:04:10.422852 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "services" in API group "" at the cluster scope
E0923 17:04:20.552808 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "secrets" in API group "" at the cluster scope
E0923 17:04:24.767965 9 reflector.go:178] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:125: Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:default:nginx-ingress" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
771
asked Sep 17 '25 03:09
The service account used by nginx ingress controller does not seem to have permission. use the below clusterrolebinding
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=default:nginx-ingress
Just a note this is essentially giving cluster admin privilege to that service account and can be made more fine grained.
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
