CSI-Addons + Rook doesn't work anymore due to authentication being enabled by default

[SkalaNetworks]

The documentation doesn't mention the authentication being enabled by default.

This commit dd9be53 enabled it a month ago, whereas it was disabled before.

The Rook serviceaccount is not equipped with sufficient RBAC for TolenReviews, which makes the documentations outdated and the setup not working out of the box.

Example message on the CSIAddonNode when it is trying to connect to the ceph-csi sidecars deployed by Rook:

  Message:  Failed to establish connection with sidecar: failed to review token tokenreviews.authentication.k8s.io is forbidden: User "system:serviceaccount:rook-system:rook-csi-rbd-provisioner-sa" cannot create resource "tok
enreviews" in API group "authentication.k8s.io" at the cluster scope

I don't know what the rationale is for authentication, it probably is a good thing, but it needs to be documented. The change will break downstream CSIs that use the sidecar, possibly breaking the addons on upgrades of CSI-Addons.

[Madhu-1]

@SkalaNetworks you might be using the csi-addons unreleased version, In Rook we support only know released version, This is already fixed in Rook master branch.

[SkalaNetworks]

I do because of #764 and #750 yup

[SkalaNetworks]

@Madhu-1 Do you know if there's a release planned soon? It's kinda hard running a production IPv6 cluster right now, I'd like to switch to non-canary images to be on the safe side. Same goes for the TLS bug which is problematic when running those versions.

[Madhu-1]

TLS problem is fixed in Rook. @nixpanic @Rakshith-R we can plan for a patch release this week or early next week?

[nixpanic]

fyi: https://github.com/csi-addons/kubernetes-csi-addons/releases/tag/v0.12.0 has been released earlier this week.