1. Client side phenomenon Use ack pod to mount pvc, use Huawei NAS system, report error, but the host node where pod is located can mount all volumes normally. The error is as follows:
flexvolume: driver call failed, status: Failure, reason: Nas, maybe use fast nas, but path not startwith /share: Failed to run cmd: mount -f nfs -o vers=3,xxxxxx: access denied by server while mouting 10.xxx:/.
2. Problem analysis
1) The client side failed to mount pvc through the pod, but it can be mounted through the host outside the pod. Pod and node are not in the same network segment, allowing customers to check the NAS system access control list. The client-side access control list is the entire network segment that is released, and both pod and Node nodes are released. This access control factor is excluded.
2) For issues related to directory permissions, the client confirms that the directory permissions are correct, and all are released. All volumes to be mounted are released. And the node node can mount the NAS volume
3) The configuration file of the customer k8s and the sc of the storage system are also checked. There is no problem with the official website configuration.
4) Let the client take a screenshot on the NAS side to see the contents of different volumes, because some volumes can be mounted and others cannot be mounted. One of the configuration items is different. The volume where the pod is successfully mounted has the non-secure port open, and the volume where the pod fails to be mounted uses the secure port option.
5) Huawei's Oceanstore storage used on the client side, after confirmation, 1-1024 is a secure port, and >1024 is a non-secure port. The pod mounts the NAS with the ip of the node node, the port is greater than 1024, and the mounted volume is configured as a non-secure port. That is, all ports of the initiator can mount NAS volumes
The problem can be the source and target