В логах kubelet полно вот такого:

Mar 25 18:31:18 kub kubelet[899]: W0325 18:31:18.244545     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/91e33d5d-648a-4aba-bbff-e3da6ea7596f/volumes/kubernetes.
Mar 25 18:31:30 kub kubelet[899]: W0325 18:31:30.220311     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/765ffa3f-0a8a-4b65-8c37-8555c1854829/volumes/kubernetes.
Mar 25 18:31:32 kub kubelet[899]: W0325 18:31:32.232058     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/de64ae28-9f70-44b0-ae2c-7d2b0f080169/volumes/kubernetes.
Mar 25 18:31:32 kub kubelet[899]: W0325 18:31:32.232171     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/de64ae28-9f70-44b0-ae2c-7d2b0f080169/volumes/kubernetes.
Mar 25 18:31:33 kub kubelet[899]: W0325 18:31:33.237612     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/3eb10467-d9fb-473c-8892-e57dfb7191ad/volumes/kubernetes.
Mar 25 18:31:33 kub kubelet[899]: W0325 18:31:33.237666     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/3eb10467-d9fb-473c-8892-e57dfb7191ad/volumes/kubernetes.
Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285697     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285795     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.285821     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.
Mar 25 18:31:42 kub kubelet[899]: W0325 18:31:42.287672     899 volume_linux.go:45] Setting volume ownership for /var/lib/kubelet/pods/89392ae2-6b17-47b4-85ac-813c2781234b/volumes/kubernetes.

Подозреваю, что причина в каких-то правах.
Попробую сделать так: https://stackoverflow.com/questions/43544370/kubernetes-how-to-set-volumemount-user-group-and-file-permissions#7

This came as one of the challenges for the Kubernetes Deployments/StatefulSets, when you have to run process inside a container as non-root user. But, when you mount a volume to a pod, it always gets mounted with the permission of root:root.

So, the non-root user must have access to the folder where it wants to read and write data.

Please follow the below steps for the same.

    Create user group and assign group ID in Dockerfile.
    Create user with user ID and add to the group in Dockerfile.
    change ownership recursively for the folders the user process wants to read/write.

    Add the below lines in Deployment/StatefulSet in pod spec context.

    spec:
      securityContext:
        runAsUser: 1099
        runAsGroup: 1099
        fsGroup: 1099

runAsUser

Specifies that for any Containers in the Pod, all processes run with user ID 1099.

runAsGroup

Specifies the primary group ID of 1099 for all processes within any containers of the Pod.

If this field is omitted, the primary group ID of the containers will be root(0).

Any files created will also be owned by user 1099 and group 1099 when runAsGroup is specified.

fsGroup

Specifies the owner of any volume attached will be owner by group ID 1099.

Any files created under it will be having permission of nonrootgroup:nonrootgroup.
Enter your comment. Wiki syntax is allowed:
 
  • linux_faq/kubernetes_kubelet_setting_volume_ownership_warning_flood.txt
  • Last modified: 2020/03/25 18:39
  • by admin