So, it turns out that there was a core Kubernetes issue[1] which led to fsGroup being changed to explicitly only apply to RWO volumes[2], leading to the permission issue that is being seen. There is a ceph-csi upstream workaround[3] for this, which is included in the 2.0 plugin version that will be included in the CK 1.18 release. In the meantime, the workaround you mentioned can be incorporated into the pod spec via an initContainer, as mentioned[4] on the kubernetes/examples#260 issue you linked.
So, it turns out that there was a core Kubernetes issue[1] which led to fsGroup being changed to explicitly only apply to RWO volumes[2], leading to the permission issue that is being seen. There is a ceph-csi upstream workaround[3] for this, which is included in the 2.0 plugin version that will be included in the CK 1.18 release. In the meantime, the workaround you mentioned can be incorporated into the pod spec via an initContainer, as mentioned[4] on the kubernetes/ examples# 260 issue you linked.
[1]: https:/ /github. com/kubernetes/ kubernetes/ issues/ 66323 /github. com/kubernetes/ kubernetes/ blob/06ad960bfd 03b39c8310aaf92 d1e7c12ce618213 /pkg/volume/ csi/csi_ mounter. go#L391- L394 /github. com/ceph/ ceph-csi/ pull/423 /github. com/kubernetes/ examples/ issues/ 260#issuecommen t-534160265
[2]: https:/
[3]: https:/
[4]: https:/