@subhamkrai can you please point me to the Rook job here?

@subhamkrai can you please point me to the Rook job here?

it will not be in the job, but it will be artifacts of the job. currently job is running I'll share the job.

logs--ceph-csi-operator-controller-manager-6b8ff59ff5-4jmb9.txt

this logs file

@leelavg are you also seeing this error in operator logs?

well, I didn't look at kube-rbac-proxy container logs.

@Madhu-1 @subhamkrai We will need to live with that deprecation warning for some time because we are targeting older k8s releases

What K8s version is needed to avoid that warning? Rook just updated the min version supported to v1.26. For running the CSI operator we could easily set the min supported version to v1.27, since that will be our min version for the next Rook release v1.16 where csi operator will no longer be experimental.

It doesn't look like kubernetes version problem but it's like container image problem, let me check this and see what is the exact problem

This is not related to kubernetes version, its related to kube-proxy brancz/kube-rbac-proxy#187

Looked into this for a bit and here are my thoughts

kube-rbac-proxy now wants tls cert & private key file, for d/s there are 2 solutions, https://docs.openshift.com/container-platform/4.17/security/certificates/service-serving-certificate.html or https://github.com/openshift/service-ca-operator but for u/s we need user to deploy https://cert-manager.io/docs/installation/helm/ or provide certificates manually.

however, iirc this dependency is being added by kubebuilder w/ the assumption that non-resource urls (for ex: metrics) also need authentication but csi-op doesn't export any metrics and this dep could be dropped altogether.

if we infact choose to continue, I don't see the seriousness in continuing to use the proxy w/o certs.

If not required, lets drop the container from the deployment. Lets discuss in the team meeting