Hi, for log collection purposes I am missing root group permission to read at pod log files, even though whole directory path contains this permission.

ll /var/log/pods/kube-system_kube-apiserver-control-plane-24130_1ef43b24f95212cf14392d18c1c5e683/kube-apiserver/
total 272
drwxr-x---+ 2 root root   4096 Feb 11 11:45 ./
drwxr-x---+ 3 root root   4096 Feb 11 11:34 ../
-rw-------  1 root root 240896 Feb 11 11:44 7.log
-rw-------  1 root root  25992 Feb 11 11:46 8.log

I have tried to explicitly set umask for cri-o systemd service. I tried to set acl to log directory setfacl -R -d -m g::rX /var/log/pods but nothing changed permission of log file (old or new ones).

Is there configuration option for that or any advice how to achieve group read permission on pod log files?

Running Kubernetes cluster deployed by kubespray and cri-o RuntimeVersion: 1.30.3.

Thank you.