[BUG] Permission denied when deleting pvc

[christianhuth]

The helper-pods are not able to delete the pv from the disk. We receive the following error message in the logs of the helper-pods: rm: can't remove '/opt/local-path-provisioner/pvc-47c78805-8957-428d-8996-d10b0517e043': Permission denied

Installation of local-path-provisioner is based on https://github.com/rancher/local-path-provisioner/blob/master/deploy/local-path-storage.yaml. Additionaly we use the following PodSecurityPolicy to allow the execution of local-path-provisioner as root:

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: local-path-provisioner
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
  privileged: true
  allowPrivilegeEscalation: true
  requiredDropCapabilities:
    - ALL
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'secret'
    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: "/opt/local-path-provisioner"
      readOnly: false
  hostNetwork: false
  hostIPC: false
  hostPID: false
  runAsUser:
    rule: 'RunAsAny'
  seLinux:
    rule: 'RunAsAny'
  supplementalGroups:
    rule: 'RunAsAny'
  fsGroup:
    rule: 'RunAsAny'
  readOnlyRootFilesystem: false

Which is also successfully bound to LocalPathProvisioner and the Helper Pods:

---
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubernetes.io/psp: local-path-provisioner
  name: local-path-provisioner-569fc54756-x9c22

---
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubernetes.io/psp: local-path-provisioner
  name: helper-pod-delete-pvc-6c12fbab-1d15-44ef-a1cd-80b5a512f7eb

Any help very much appreciated. :)

Used Versions:

kubespray: v0.15.0 kubernetes: v1.19.7 containerd: v1.4.3 local-path-provisioner: v.0.0.19

[bauerjs1]

I could reproduce the same issue with the helm chart from here: https://artifacthub.io/packages/helm/containeroo/local-path-provisioner

Any thoughts on this, somebody?