We let CVO to apply ValidatingWebhookConfiguration for volume snapshot validation. CA bundle is automatically injected into this API object and this makes CVO to update the object again, creating endless loop of injecting CA bundle & removing it. Fortunately, CVO is not particularly fast, so it does not disrupt the service, however, we should fix it. Steps to reproduce: 1. oc get validatingwebhookconfiguration snapshot.storage.k8s.io -o yaml ... generation: 48 ... It should not grow that much.
Verified with: 4.7.0-0.nightly-2021-01-06-055910
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633