Description of problem: When we run Azure CSI driver on Azure Stack Hub, its operator tries to sync "cloud-provider-config" config map from "openshift-config" namespace with "openshift-cluster-csi-drivers". Unfortunately it doesn't have enough permissions, so next error occurs: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cluster-csi-drivers:azure-disk-csi-driver-operator" cannot list resource "configmaps" in API group "" in the namespace "openshift-config" To fix it we need to provide Azure CSI driver operator the appropriate permissions.
Verified pass on 4.9.0-0.nightly-2021-08-22-070405 $ oc -n openshift-cluster-csi-drivers get cm cloud-provider-config NAME DATA AGE cloud-provider-config 2 12h Logs from operator: I0823 13:32:05.382128 1 event.go:282] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-cluster-csi-drivers", Name:"azure-disk-csi-driver-operator", UID:"586defa6-78d5-4ed3-98eb-f0f1c2932a5d", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'ConfigMapCreated' Created ConfigMap/cloud-provider-config -n openshift-cluster-csi-drivers because it was missing
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759