[bug]: Garbage collection of cluster-wide resources owned by operator deployment fails

[anekdoti]

Describe the bug

The installation of webhooks in the init container of the operator creates a service as well as a ValidatingWebhookConfiguration and a MutatingWebhookConfiguration. All three resources are created with an owner reference to the deployment of the operator. However, the latter two resources are cluster-wide, and thus can not be owned by a namespaced resource the deployment (see https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/#owner-references-in-object-specifications).
Hence, the resources are not cleaned up on removal of the operator deployment but instead generate warning events as described in the link above.

To reproduce

1. Deploy a KubeOps operator on your Kubernetes cluster
2. Remove the operator deployment

Expected behavior

The ValidatingWebhookConfiguration and the MutatingWebhookConfiguration are cleaned up as well.

Screenshots

The warning event created for each of the two mentioned resources:

  Type     Reason                    Age    From                          Message
  ----     ------                    ----   ----                          -------
  Warning  OwnerRefInvalidNamespace  3m42s  garbage-collector-controller  ownerRef [apps/v1/Deployment, namespace: , name: my-operator, uid: 46c64771-eedf-41ca-b65c-d28b6f9326d7] does not exist in namespace ""

Additional Context

Kubernetes: v1.23
KubeOps: 7.0.6

[anekdoti]

A possible fix might be to not set the owner references to the Deployment, but e.g. to the ClusterRoleBinding.

[buehler]

This absolutely makes sense :-D did not know that was the case