Hi,

We faced the following error for galley 1.0.3:

"istio-galley validatingwebhookconfiguration update failed: validatingwebhookconfigurations.admissionregistration.k8s.io "istio-galley" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: no RBAC policy matched"

As per the upstream link https://github.com/istio/istio/issues/10311 we resolved the issue by adding the following RBAC policies:

apiGroups: ["extensions"]
resources: ["deployments/finalizers"]
resourceNames: ["istio-galley"]
verbs: ["update"]

I came across the below issue but it seemed a bit different so am raising new issue for this:
https://issues.jboss.org/browse/MAISTRA-52

Intention is to include this as part of future errata of galley via Redhat images/rpms.