Description of problem: Alibaba CSI driver operator is degraded with this message: rbac/snapshotter_role.yaml" (string): clusterroles.rbac.authorization.k8s.io "alibaba-disk-external-snapshotter-role" is forbidden: user "system:serviceaccount:openshift-cluster-csi-drivers:alibaba-disk-csi-driver-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-cluster-csi-drivers" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:{APIGroups:["snapshot.storage.k8s.io"], Resources:["volumesnapshotcontents"], Verbs:["patch"]}"rbac/snapshotter_binding.yaml" (string): clusterroles.rbac.authorization.k8s.io "alibaba-disk-external-snapshotter-role" not found This PR misses updates of RBAC rules for Alibaba: https://github.com/openshift/cluster-storage-operator/pull/256 Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2022-01-26-234447 How reproducible: Always
This breaks installation on Alibaba cloud.
Verified pass on 4.10.0-0.nightly-2022-01-27-144113 $ oc get co storage NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE storage 4.10.0-0.nightly-2022-01-27-144113 True False False 58m
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056