Description of problem:

During node drains, pods created from an existing Running Job are left in Terminating state. The finalizers cannot be deleted for these pods, until their namespace is added in the excludeNamespace of assign "runtimeclass" and "fsgroup" resources respectively. The pods are created by the job and affected by the gatekeeper policies. Is this behavior expected?

How reproducible:

All the time during node drains

Steps to Reproduce:

1. Deploy OCP env 4.13 and install gatekeeper.
2. add policies, like assign apply-runtimeclass apply-fsgroup for all pods
3. create a job to create pods(gatekeeper policies would apply automatically).
4. Drain one of the nodes.

Actual results:

Expected results:

Additional info: