Description

Install OSC 1.3.1-10 on a OCP 4.10 cluster fails to start the controller manager pod

Thanks to sserafin@redhat.com for finding this

Steps to reproduce

1. install a 4.10 OCP cluster.  
2. Install a catsrc pointing to the 1.3.1-10 OSC
3. subscribe to OSC with stable-1.3

4. create kataconfig

Expected result

To be able to install kataconfig

Actual result

The deployment of the controller-manager pod fails & prevents kataconfig from installing with the error:

Error "failed calling webhook "vkataconfig.kb.io": failed to call webhook: Post "https://controller-manager-service.openshift-sandboxed-containers-operator.svc:443/validate-kataconfiguration-openshift-io-v1-kataconfig?timeout=10s": no endpoints available for service "controller-manager-service"" for field "undefined".

Impact

OSC 1.3 should be supported back to OCP 4.10

Env

Server Version: 4.10.0-0.nightly-2022-10-26-042816

OSC 1.3.1-10 is in the catalog bundle

registry-proxy.engineering.redhat.com/rh-osbs/iib:341874

It was pulled into podman and pushed to 

quay.io/tbuskey/operator-index:1.3.1-10

catsrc.yamland ImageContentSourcePolicy.yaml were used to get OSC 1.3.1-10 from quay/brew

Additional helpful info

channel stable-1.2 of OSC 1.3.1 works on OCP 4.10

oc get csv sandboxed-containers-operator.v1.3.1 -o yaml csv.yaml

oc get pod controller-manager-755fd4c97f-7w4f4 -o yaml controller-manager-pod.yaml

 message: 'container has runAsNonRoot and image has non-numeric user (nonroot),
          cannot verify user is non-root (pod: "controller-manager-755fd4c97f-7w4f4_openshift-sandboxed-containers-operator(af350798-c741-42b2-8527-9e31da8cf28c)",
          container: manager)'
        reason: CreateContainerConfigError

oc get deployment controller-manager -o yaml deployment.yaml