permission to watch for referencepolicies are not created by the operator

[raffaelespazzoli]

What steps did you take and what happened: deploying the operator following the tutorial, I'm getting this error message:

time="2021-11-01T23:57:17Z" level=error msg="pkg/mod/k8s.io/client-go@v0.22.1/tools/cache/reflector.go:167: Failed to watch *v1alpha2.ReferencePolicy: failed to list *v1alpha2.ReferencePolicy: referencepolicies.gateway.networking.k8s.io is forbidden: User \"system:serviceaccount:projectcontour:contour\" cannot list resource \"referencepolicies\" in API group \"gateway.networking.k8s.io\" at the cluster scope\n" context=kubernetes error="<nil>" location="reflector.go:138"

If I try to manually add that permission the operator overwrites the cluster role...

• Software version:

• operator image: ghcr.io/projectcontour/contour-operator:main The operator starts with this logs:

  2021-11-01T20:35:06.196Z    INFO    setup   using contour   {"image": "ghcr.io/projectcontour/contour:main"}
  2021-11-01T20:35:06.196Z    INFO    setup   using envoy {"image": "docker.io/envoyproxy/envoy:v1.19.1"}

• Kubernetes version: (use kubectl version):

• Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.5", GitCommit:"6b1d87acf3c8253c123756b9e61dac642678305f", GitTreeState:"archive", BuildDate:"2021-03-30T00:00:00Z", GoVersion:"go1.16", Compiler:"gc", Platform:"linux/amd64"}
  Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.0-rc.0+894a78b", GitCommit:"894a78b5538c3e96d7bdfabfa8b41430cbd6811e", GitTreeState:"clean", BuildDate:"2021-10-08T07:20:41Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}

• Kubernetes installer & version: OpenShift 4.9

• Cloud provider or hardware configuration: AWS

• OS (e.g. from /etc/os-release): CoreOS

[skriss]

@raffaelespazzoli I have this PR up to fix that in main, we should get it merged tomorrow.

[skriss]

@raffaelespazzoli this should now be fixed in main, please check it out.

Closed by #464