The customer upgraded the Openshift cluster that is running multicluster-engine from 4.20.3 to 4.20.8. It was running PX-CSI 25.8.1 before the upgrade.
The upgrade completed but noticed the pods "ironic-proxy" were crashloopbackoff in namespace "openshift-machine-api".

The oc logs were showing these errors:
[ocpadmin@ocp01-bastion sonya]$ oc logs ironic-proxy-gm5js
mkdir: cannot create directory '/certs/ca/ironic': Read-only file system
mktemp: failed to create file via template '/certs/ca/ironic/tls.crt.XXX': No such file or directory
cp: cannot create regular file '': No such file or directory

We saw these annotations:
metadata:
  annotations:
    openshift.io/scc: pure-csi-node-plugin-scc

Previously the scc was node-exporter but after pod restarts it changed to pure-csi-node-plugin-scc and also added this in the pod spec:
readOnlyRootFilesystem: true

Thats the reason for the failure.

Though a patched to the ironic-proxy daemonset and added the below annotation to the template as a workaround works.

openshift.io/required-scc: node-exporterThis will make sure the ironic-proxy pods come up with the correct scc

Customer is still looking for a permanent fix for this to not happened on their environment once patched again.

    1.
    2.
    3.