AKS can't read ACL on nfs mount

Question

AKS can't read ACL on nfs mount

Riccardo Gatti 41

Hello, I have an AKS service and a VM in the same Vnet. The VM expose a folder through NFS protocol with some ACL set on file and subdirectory

When I mount the NFS folder in a pod through nfs direct mount in the spec part of deployment definition, the mount success but when i goes in the folder i can't see the ACL on file

This is the NFS folder with ACL set

User's image

This is the situation in the pod that mount the NFS folder

User's image

The difference is that in the pod we had different conversion of the gid because the same gid on NFS is for group A while in the pod is for group B, but I don't think is that the problem.

The mount of the NFS folder is done in the deployment spec with this definition

volumes:
	- name: nfs
	nfs:
		server: NFS-IP
		path: /folder

deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-22T15:07:26.3933333+00:00

@Riccardo Gatti
Just letting you know that I am looking into this and will get back to you once I have more information to share.
Riccardo Gatti 41 Reputation points

2023-06-23T06:34:04.06+00:00

Hello @deherman-MSFT if you need some other information just let me know

I can you some update about some test made yesterday, we try to mount the share in NFS vm itself and we don't see the ACL also there, maybe there is something wrong in the export, I write the export configuration

/folder subnet(rw,sync,insecure,crossmnt,no_subtree_check)
Riccardo Gatti 41 Reputation points

2023-07-17T10:12:28.7533333+00:00

Hello @deherman-MSFT I will give you an update, after make some change on the export file we were able to read ACL from the VM itself and from pod in the AKS cluster.

But the ACL at the moment will worl only for user and not for group

1 answer

Your answer

deherman-MSFT 38,021 Reputation points Microsoft Employee Moderator

2023-06-22T15:07:26.3933333+00:00

@Riccardo Gatti
Just letting you know that I am looking into this and will get back to you once I have more information to share.
Riccardo Gatti 41 Reputation points

2023-06-23T06:34:04.06+00:00

Hello @deherman-MSFT if you need some other information just let me know

I can you some update about some test made yesterday, we try to mount the share in NFS vm itself and we don't see the ACL also there, maybe there is something wrong in the export, I write the export configuration

/folder subnet(rw,sync,insecure,crossmnt,no_subtree_check)
Riccardo Gatti 41 Reputation points

2023-07-17T10:12:28.7533333+00:00

Hello @deherman-MSFT I will give you an update, after make some change on the export file we were able to read ACL from the VM itself and from pod in the AKS cluster.

But the ACL at the moment will worl only for user and not for group

Answer 1

deherman-MSFT 38,021 Microsoft Employee Moderator

@Riccardo Gatti

Sorry for not getting back to you. To further troubleshoot this, we're going to enable a free, one time technical support ticket. Please email the following to AzCommunity@microsoft.com and we'll get back to you promptly:

• Subject: "Attn: deherman - "

• Email body: Your Subscription ID

• Email body: A link to this thread so we can validate and expedite the request

If you don't receive a response within 24 hours, please reply to the thread so we can investigate.

Share via

AKS can't read ACL on nfs mount

1 answer

Your answer