From cd2ec6bd0b7197b68850e3920586ffebe035b68b Mon Sep 17 00:00:00 2001 From: Swati Mulje Date: Fri, 19 Jun 2026 18:23:14 +0530 Subject: [PATCH] Add cluster-network-operator ClusterRoleBindings to relatedObjects Add cluster-network-operator and default-account-cluster-network-operator ClusterRoleBindings to relatedObjects for oc adm inspect collection. These cluster-scoped RBAC resources are not auto-collected and are currently missing from inspect output. They are essential for debugging RBAC/permission issues with the cluster-network-operator ServiceAccount. Fixes: OCPBUGS-65488 Signed-off-by: Swati Mulje --- .../operconfig/operconfig_controller.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/controller/operconfig/operconfig_controller.go b/pkg/controller/operconfig/operconfig_controller.go index 099fe82c6b..12b5557a04 100644 --- a/pkg/controller/operconfig/operconfig_controller.go +++ b/pkg/controller/operconfig/operconfig_controller.go @@ -453,6 +453,21 @@ func (r *ReconcileOperConfig) Reconcile(ctx context.Context, request reconcile.R Name: "openshift-cloud-network-config-controller", }) + // Add cluster-scoped RBAC resources deployed by CVO from static manifests. + // Per OCPBUGS-65488: ClusterRoleBindings must be explicitly listed in relatedObjects + // for 'oc adm inspect clusteroperator/network' to collect them for debugging. + relatedObjects = append(relatedObjects, configv1.ObjectReference{ + Group: "rbac.authorization.k8s.io", + Resource: "clusterrolebindings", + Name: "cluster-network-operator", + }) + + relatedObjects = append(relatedObjects, configv1.ObjectReference{ + Group: "rbac.authorization.k8s.io", + Resource: "clusterrolebindings", + Name: "default-account-cluster-network-operator", + }) + r.status.SetRelatedObjects(relatedObjects) r.status.SetRelatedClusterObjects(relatedClusterObjects) err = r.status.SetMachineConfigs(ctx, renderedMachineConfigs)