Details: https://github.com/openshift/vmware-vsphere-csi-driver/pull/12#issuecomment-884934118
It's probably a bug in library-go ApplyClusterRoleBinding / ApplyRoleBinding.
vmware-vsphere-csi-driver-operator was hitting a bounds error: E0729 20:29:23.814759 1 runtime.go:78] Observed a panic: runtime.boundsError{x:1, y:1, signed:true, code:0x0} (runtime error: index out of range [1] with length 1) goroutine 614 [running]: k8s.io/apimachinery/pkg/util/runtime.logPanic(0x299e460, 0xc0016fc720) k8s.io/apimachinery.1/pkg/util/runtime/runtime.go:74 +0x95 k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0xc0015bbd58, 0x1, 0x1) k8s.io/apimachinery.1/pkg/util/runtime/runtime.go:48 +0x86 panic(0x299e460, 0xc0016fc720) runtime/panic.go:965 +0x1b9 github.com/openshift/library-go/pkg/operator/resource/resourceapply.ApplyClusterRoleBinding( 0x2f904d0, 0xc000645780, 0x7f41280db860, 0xc000c24f90, 0x2fa5c40, 0xc0002058c0, 0xc0002e4f20 , 0xc0008c9680, 0x1, 0x2f3afa0, ...) Because we added a new ServiceAccount to the ClusterRoleBinding: https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/32/files And this loop in ApplyClusterRoleBinding has a mistake. existingCopy.Subjects[i] should be requiredCopy.Subjects[i]. https://github.com/openshift/library-go/blob/331c921007eb14f1292c5b727da61fb2e7f5be6a/pkg/operator/resource/resourceapply/rbac.go#L83 for i := range requiredCopy.Subjects { if existingCopy.Subjects[i].Kind == "User" { requiredCopy.Subjects[i].APIGroup = rbacv1.GroupName } } existingCopy.Subjects has 1 entry in this case, and requiredCopy.Subjects has 2 entries. So existingCopy.Subjects[1] triggers the panic.
Need to bump library-go in vmware-vsphere-csi-driver-operator to resolve this bug, moving this back to assigned.
Verified pass on 4.9.0-0.nightly-2021-08-19-184748
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759