I figured it is because I have a Vault sidecar container attached to the pod. Looking for an option for Vault to quit when the base container does, or change the Kubernetes executor to look for a terminated status for the base container instead of waiting for the whole pod to terminate before deleting it.

Since they are short runs, and we really don't need to worry about rotating credentials during a run (which would likely not even be supported by Meltano or the taps/targets), setting exit_after_auth in the Vault agent causes it to exit after it renders the secrets in the in-memory volume for the run. So, everything is working, securely!