d3c562f7e0
On systems with SELinux enabled, non-privileged containers can't access data of privileged containers. Since the CSI driver socket is exposed by a privileged container, all sidecars must be privileged too.
A partial copy of https://github.com/kubernetes-csi/docs/tree/master/book/src/example, with some modifications:
- serviceAccountName is used instead of the deprecated serviceAccount
- the RBAC roles from driver-registrar, external-attacher, external-provisioner and external-snapshotter are used