Всем привет 👋 Подскажите пожалуйста, а чего тут не хватает

permission или образ битый?

Running with gitlab-runner 17.0.0 (44feccdf)
on gitlab-runner-c58775949-d7znz YxYz2zp1i, system ID: r_srrdLYTYbfjw
feature flags: FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab-ci
Using Kubernetes executor with image registry.werf.io/werf/werf:2-stable ...
Using attach strategy to execute scripts...
Preparing environment
00:11
Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...
Waiting for pod gitlab-ci/runner-yxyz2zp1i-project-227-concurrent-1-isn0myy7 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [fix-volumes-permissions init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab-ci/runner-yxyz2zp1i-project-227-concurrent-1-isn0myy7 to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [fix-volumes-permissions init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab-ci/runner-yxyz2zp1i-project-227-concurrent-1-isn0myy7 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-yxyz2zp1i-project-227-concurrent-1-isn0myy7 via gitlab-runner-c58775949-d7znz...
Getting source from Git repository
00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/YxYz2zp1i/1/devteam/test-ms/personal-data/.git/
Checking out 5986675a as detached HEAD (ref is refs/merge-requests/3/head)...
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:02
$ source "$(werf ci-env gitlab --as-file)"
Error during unshare(CLONE_NEWUSER): Invalid argument
User namespaces are not enabled in /proc/sys/user/max_user_namespaces.
time="2024-06-20T09:16:24Z" level=error msg="parsing PID \"\": strconv.Atoi: parsing \"\": invalid syntax"
time="2024-06-20T09:16:24Z" level=error msg="(Unable to determine exit status)"
/scripts-227-20421/step_script: line 190: : No such file or directory
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 1

Делаю согласно документации Gitlab CI/CD + раннер в кубере
https://ru.werf.io/getting_started/?usage=ci&ci=gitlabCiCd&runnerType=kubernetesRunner&os=linux&buildBackend=buildah&projectType=simplified&sharedCICD=no&repoType=application

user namespaces выключены на хостах. Должны быть включены, без них buildah не может работать в rootless-режиме. Что за ОС на Kubernetes Nodes?

Centos 7