Description of problem:

When a cluster is configured to use a cluster-wide proxy [0] that makes use of a private CA certificate stored in the cluster's trusted CA bundle store [1], it does not use the trusted CA bundle when communicating to *googleapis.com addresses.

This results in the gcp-pd-csi-driver-controller entering a CrashLoopBackOff state because it does not trust the CA used by the proxy:

E1119 05:04:43.542047       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority

The gcp-pd-csi-driver should make use of a CA bundle that has the user-ca-bundle injected into it so that communications occur successfully via a proxy. [2]

[0] https://docs.openshift.com/container-platform/4.8/networking/enable-cluster-wide-proxy.html
[1] https://docs.openshift.com/container-platform/4.8/networking/configuring-a-custom-pki.html
[2] https://docs.openshift.com/container-platform/4.8/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki

Version-Release number of selected component (if applicable):
4.8

How reproducible:

Steps to Reproduce:
1. Configure a cluster to use a cluster-wide proxy that uses a privately-signed CA for communications.
2. After MCO applies the change to the cluster, the pod will be in a crash looping state.

Expected results:

The pod should have no issues communicating via a cluster-wide proxy.

Node Log (of failed PODs):

From gcp-pd-csi-driver-controller-86b8f6c6d-5hvs2:

I1119 05:15:24.483448       1 main.go:71] Driver vendor version v4.8.0-202108312109.p0.git.0b61889.assembly.stream-0-ge68012f-dirty
I1119 05:15:24.483555       1 gce.go:83] Using GCE provider config <nil>
I1119 05:15:24.483683       1 gce.go:134] GOOGLE_APPLICATION_CREDENTIALS env var set /etc/cloud-sa/service_account.json
I1119 05:15:24.483694       1 gce.go:138] Using DefaultTokenSource &oauth2.reuseTokenSource{new:jwt.jwtSource{ctx:(*context.cancelCtx)(0xc00042e7c0), conf:(*jwt.Config)(0xc000248a00)}, mu:sync.Mutex{state:0, sema:0x0}, t:(*oauth2.Token)(nil)}
E1119 05:15:24.529075       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:29.538027       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:34.538449       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:39.538740       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:44.538544       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:49.537687       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:54.537770       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
E1119 05:15:54.545507       1 gce.go:195] error fetching initial token: oauth2: cannot fetch token: Post "https://oauth2.googleapis.com/token": proxyconnect tcp: x509: certificate signed by unknown authority
F1119 05:15:54.545531       1 main.go:87] Failed to get cloud provider: timed out waiting for the condition