“Currently there is no resolution to this issue. It is being tracked via an internal bug.”
That could be a little more helpful, but at least it is acknowledged as a bug. The solution for me is probably to skip using container exec health checks (or make sure that it’s UID and not USER that gets set whenever I do use them) and wait for a fix to arrive upstream in docker, but meanwhile, when I find a node that encounters this problem, to resolve I can drain it, cordon and restart it. That’s really quite a bit less than optimal but that readinessProbe wasn’t really doing me any favors to be fair.