I was wondering what is best practice for the csi plugin. Currently I am running an nfs and ceph csi plugin. For them to work properly I had to add to the agents bounding_capabilities the capability SYS_ADMIN (currently tasks are only using net_bind, net_admin and syslog).
I also had to disable authenticate_http_readwrite/authenticate_http_readonly on the agent in order to launch the plugin. I am starting to think it is maybe better to use an unmanaged plugin, any advice?