Fix webhook clusterroles for openshift

[xtreme-vikram-yadav]

Environment: Openshift on Vsphere
Server Version: 4.10.5
Kubernetes Version: v1.23.3+e419edf

Problem: The rabbitmq-webhook and rabbitmq-broker-webhook pods while running successfully show RBAC errors in their logs. These errors show up on Openshift clusters because of OwnerReferencesPermissionEnforcement enforced by admission controllers.

Error (rabbitmq-webhook):

{
    "level": "error",
    "ts": "2022-08-23T15:33:26.248Z",
    "logger": "rabbitmq-webhook.ValidationWebhook",
    "caller": "controller/controller.go:566",
    "msg": "Reconcile error",
    "knative.dev/traceid": "afe29ce1-6224-441d-a477-a1b0ba07b430",
    "knative.dev/key": "knative-sources/rabbitmq-webhook-certs",
    "duration": 0.01455999,
    "error": "failed to update webhook: validatingwebhookconfigurations.admissionregistration.k8s.io \"validation.webhook.rabbitmq.sources.knative.dev\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>",
    "stacktrace": "knative.dev/pkg/controller.(*Impl).handleErr\n\tknative.dev/[email protected]/controller/controller.go:566\nknative.dev/pkg/controller.(*Impl).processNextWorkItem\n\tknative.dev/[email protected]/controller/controller.go:543\nknative.dev/pkg/controller.(*Impl).RunContext.func3\n\tknative.dev/[email protected]/controller/controller.go:491"
}

Pods status:

 k get pods -n knative-sources
NAME                                           READY   STATUS    RESTARTS   AGE
...
rabbitmq-webhook-99896cd5d-c2ndg               1/1     Running   0          9m24s

 k get pods -n knative-eventing
NAME                                          READY   STATUS    RESTARTS   AGE
...
rabbitmq-broker-webhook-5bfcf4666d-9rw6t      1/1     Running   0          10m

Proposed Changes

• Update finalizers subresource for namespaces

Pre-review Checklist

• At least 80% unit test coverage
• E2E tests for any new behavior
• Docs for any user-facing impact

Release Note

Fixes RBAC errors when creating rabbitmq webhook and rabbitmq broker webhook resources on openshift clusters

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: xtreme-vikram-yadav / name: Vikram Yadav (ae18872)

[knative-prow]

Welcome @xtreme-vikram-yadav! It looks like this is your first PR to knative-sandbox/eventing-rabbitmq 🎉

[gabo1208]

Hey @xtreme-vikram-yadav you need to sign the EasyCLA form to be able to commit to the project

[codecov]

Codecov Report

Merging #904 (ae18872) into main (6ae0236) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #904   +/-   ##
=======================================
  Coverage   71.11%   71.11%           
=======================================
  Files          43       43           
  Lines        2970     2970           
=======================================
  Hits         2112     2112           
  Misses        779      779           
  Partials       79       79           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gabo1208, xtreme-vikram-yadav

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [gabo1208]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[xtreme-vikram-yadav]

@gabo1208 I'm a little confused about signing the CLA. I can't find the project in the list of approved projects. Any ideas on how to proceed with it? Or may be i can sign the individual contributor agreement?

[gabo1208]

Yep I think signing the IC is enough, but I'll tag @xtreme-sameer-vohra just to double check

[gabo1208]

/cherry-pick release-1.7

[knative-prow-robot]

@gabo1208: new pull request created: #908

In response to this:

/cherry-pick release-1.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.