Comment 10 for bug 1866262

So, it turns out that there was a core Kubernetes issue[1] which led to fsGroup being changed to explicitly only apply to RWO volumes[2], leading to the permission issue that is being seen. There is a ceph-csi upstream workaround[3] for this, which is included in the 2.0 plugin version that will be included in the CK 1.18 release. In the meantime, the workaround you mentioned can be incorporated into the pod spec via an initContainer, as mentioned[4] on the kubernetes/examples#260 issue you linked.

[1]: https://github.com/kubernetes/kubernetes/issues/66323
[2]: https://github.com/kubernetes/kubernetes/blob/06ad960bfd03b39c8310aaf92d1e7c12ce618213/pkg/volume/csi/csi_mounter.go#L391-L394
[3]: https://github.com/ceph/ceph-csi/pull/423
[4]: https://github.com/kubernetes/examples/issues/260#issuecomment-534160265