[Bug] Operator is unable to create RayClusters on OpenShift due to RBAC

[AlessandroPomponio]

Search before asking

• I searched the issues and found no similar issues.

KubeRay Component

ray-operator

What happened + What you expected to happen

The operator is unable to create the example RayCluster on OpenShift due to missing RBAC permissions, with the error being:

2022-10-11T14:45:04.448Z	ERROR	controllers.RayCluster	Pod Service Account create error!	{"Pod.ServiceAccount.Error": "serviceaccounts \"ray-disorch\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>", "error": "serviceaccounts \"ray-disorch\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}
github.com/ray-project/kuberay/ray-operator/controllers/ray.(*RayClusterReconciler).rayClusterReconcile
	/workspace/controllers/ray/raycluster_controller.go:172
github.com/ray-project/kuberay/ray-operator/controllers/ray.(*RayClusterReconciler).Reconcile
	/workspace/controllers/ray/raycluster_controller.go:95
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:114
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:311
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:227
2022-10-11T14:45:05.054Z	ERROR	controller.raycluster-controller	Reconciler error	{"reconciler group": "ray.io", "reconciler kind": "RayCluster", "name": "ray-disorch", "namespace": "discovery-prod", "error": "serviceaccounts \"ray-disorch\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.1/pkg/internal/controller/controller.go:227

Expected behavior: Creating the example clusters provided in the documentation should work without issues.

Additional details:

$ oc version
Client Version: 4.11.6
Kustomize Version: v4.5.4
Server Version: 4.10.34
Kubernetes Version: v1.23.5+8471591

Reproduction script

kubectl apply -f https://ray-project.github.io/kuberay/components/config/samples/ray-cluster.autoscaler.yaml

Anything else

The problem occurs every time

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

[AlessandroPomponio]

The issue is due to a typo in the kubebuilder instructions, as reported here:
https://sdk.operatorframework.io/docs/faqs/#after-deploying-my-operator-why-do-i-see-errors-like-is-forbidden-cannot-set-blockownerdeletion-if-an-ownerreference-refers-to-a-resource-you-cant-set-finalizers-on-

In a few instances, it is spelled finalizer instead of finalizers