[REF]: cli "must-gather" not have permission to cleanup CRB after each run in temp. namespace on ROSA cluster.

[zdtsw]

What is the problem

Using muts-gather image for "oc admin must-gather" by default it creates a temp. namespace in the cluster.
After all logs are collected, temp. namespace gets deleted but clusterrolebindings is left in the cluster.
export MUST_GATHER_SINCE=2h; oc adm must-gather --image=quay.io/openshift/origin-must-gather:4.16.0
snippet from logs:

....
[must-gather      ] OUT namespace/openshift-must-gather-ds686 created
[must-gather      ] OUT clusterrolebinding.rbac.authorization.k8s.io/must-gather-rn8jh created
....
[must-gather-gxzc9] OUT sent 6,075 bytes  received 342,792 bytes  139,546.80 bytes/sec
[must-gather-gxzc9] OUT total size is 2,503,217  speedup is 7.18
[must-gather      ] OUT namespace/openshift-must-gather-ds686 deleted
admission webhook "clusterrolebindings-validation.managed.openshift.io" denied the request: Deleting ClusterRoleBinding must-gather-rn8jh is not allowed

What is Expected

After each run, should not leave temp. resource in the cluster.

Detail information

oc version
Client Version: 4.15.0-202403220640.p0.g62c4d45.assembly.stream.el8-62c4d45
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.15.8
Kubernetes Version: v1.28.7+c1f5b34

This is running against a ROSA 4.15.8 cluster.
I've tried to find VWC or even MWC by the name clusterrolebindings-validation.managed.openshift.io but failed to see where it is.

[ardaguclu]

/close

[openshift-ci]

@ardaguclu: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.