Description of problem:

When deploying an appset, the gitopscluster controllers fails to get the addondeploymentconfig resulting in applications not being able to get deployed.

Version-Release number of selected component (if applicable):

latest-2.15

How reproducible:

Always

Steps to Reproduce:

1. Create an appset with placement
2.  
3. ...

Actual results:

Error: There are no Argo applications created. Check the following resources and make sure they are configured properly: applicationset placement, gitopscluster, gitopscluster placement, managedclusterset. Also make sure the ApplicationSet feature is enabled if GitOps is deployed to a namespace other than openshift-gitops.

Expected results:

Applications should be successful 

Additional info:

% oc logs -n ocm multicluster-operators-application-86b877cc9b-trqgv -c multicluster-operators-gitopscluster

E0918 18:13:37.554079       1 gitopscluster_controller.go:1244] Failed to get AddOnDeploymentConfig: addondeploymentconfigs.addon.open-cluster-management.io "gitops-addon-config" is forbidden: User "system:serviceaccount:ocm:multicluster-applications" cannot get resource "addondeploymentconfigs" in API group "addon.open-cluster-management.io" in the namespace "local-cluster"
E0918 18:13:37.554102       1 gitopscluster_controller.go:591] failed to create AddOnDeploymentConfig for managed cluster local-cluster: addondeploymentconfigs.addon.open-cluster-management.io "gitops-addon-config" is forbidden: User "system:serviceaccount:ocm:multicluster-applications" cannot get resource "addondeploymentconfigs" in API group "addon.open-cluster-management.io" in the namespace "local-cluster" 

-------------------------------------------------------------------------------------------------------
QE Hand Off Template (fill out when moving to Review) 9/29/25:

Summary of the Work:
What was implemented or fixed? Include a brief description of the problem (if applicable) and how it was addressed.
_e.g., "Updated the UI to show validation errors for the form. The previous implementation did not surface backend validation issues."_

• To address this defect, we merged several chart changes from the multicloud-operators-subscription component into the MCH operator. These changes were necessary to grant the operator the appropriate permissions to interact with the AddonDeploymentConfig resources.

Key Areas to Verify:

1. What functionality should QE focus on? List what was tested or what is most important to validate.
2. Ensure the new validation messages appear for required fields
3. Confirm the workflow still completes as expected after validation fixes
4. Any edge cases or high-risk areas touched by the change

• QE should verify whether the installation completes successfully. The multicluster-operator-applications pod is expected to show error logs indicating failures related to creating the AddOnDeploymentConfig resource.

Fix or Feature Availability:
When will this be available in a build? 
Code merged on: 2025-09-19 & 2025-09-23
Expected downstream build tag (if known): 2.15.0-DOWNSTREAM-2025-09-26-19-13-42
(Optional) Related PR(s):

• https://github.com/stolostron/multiclusterhub-operator/pull/2651
• https://github.com/stolostron/multiclusterhub-operator/pull/2674