Description of problem: Reconciliation of aws pod identity mutating webhook did not happen Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.oc scale deployment cloud-credential-operator -n openshift-cloud-credential-operator --replicas=0 2.oc scale deployment pod-identity-webhook -n openshift-cloud-credential-operator --replicas=0 3.Updated the aws pod identity mutating webhook configuration with port 443->444 4.oc scale deployment cloud-credential-operator -n openshift-cloud-credential-operator --replicas=1 5.oc scale deployment pod-identity-webhook -n openshift-cloud-credential-operator --replicas=1 Actual results: The controller does not reconcile port value back to 443 from 444 Expected results: The controller should reconcile port value back to 443 from 444 Additional info:
Verified on 4.10.0-0.nightly-2022-01-26-234447 with the fix PR The port will back to default 443 after I patch it to 444 $ oc get mutatingwebhookconfiguration pod-identity-webhook -o json | jq -r ".webhooks[].clientConfig.service" { "name": "pod-identity-webhook", "namespace": "openshift-cloud-credential-operator", "path": "/mutate", "port": 443 } tested on 4.10.0-fc.2 without the fix pr The port will not reset after I patch it to 444 $ oc get mutatingwebhookconfiguration pod-identity-webhook -o json | jq -r ".webhooks[].clientConfig.service" { "name": "pod-identity-webhook", "namespace": "openshift-cloud-credential-operator", "path": "/mutate", "port": 444 }
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056