Description of the problem: Infrastructure operator experiencing permission errors due to lacking permissions to create mutatingwebhookconfigurations. This is indirectly causing validatingwebhookconfigurations to break, because the infrastructure operator is practically stuck in a loop hitting the mutatingwebhookconfigurations permissions errors and so it's not doing its job of reconciling other resources. Release version: Operator snapshot version: MCE 2.1 (2.1.0-DOWNANDBACK-2022-07-07-08-17-35) OCP version: 4.11 Steps to reproduce: 1. Install a hub cluster with 2.1.0-DOWNANDBACK-2022-07-07-08-17-35 Actual results: Infrastructure operator pod cannot create mutatingwebhookconfigurations and is stuck in a loop Expected results: mutatingwebhookconfigurations created as expected and the operator is fully functional Additional info: Logs from infrastructure-operator pod: W0707 15:49:37.175312 1 reflector.go:324] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:250: failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:multicluster-engine:assisted-service" cannot list resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scope E0707 15:49:37.175372 1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:250: Failed to watch *v1.MutatingWebhookConfiguration: failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:multicluster-engine:assisted-service" cannot list resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scope
Solved by taking the newest operator build as far as I know.
Verified that this behavior no longer occurs on 2.1.0-DOWNANDBACK-2022-07-08-09-45-12
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6370