RKE2 Troubleshooting: NFS Provisioner

Error Description

The following error occurs when Kubernetes attempts to mount an NFS volume:

MountVolume.SetUp failed for volume "nfs-subdir-external-provisioner-root" : mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs 192.168.100.100:/volume1/rke2-pv /var/lib/kubelet/pods/b6ad96fb...
Output: mount: ... bad option; for several filesystems you might need a mount.<type> helper program.

This indicates that the node cannot mount the NFS directory.

1. Ensure NFS client tools are installed on worker nodes

Different Linux distributions require different packages.

Ubuntu / Debian

sudo apt-get update
sudo apt-get install -y nfs-common

CentOS / RHEL / Rocky / Alma

sudo yum install -y nfs-utils

openSUSE / SLES

sudo zypper install -y nfs-client

The node must contain mount.nfs. Missing tools will cause exit status 32.

2. Test manual mount on the worker node

Run:

sudo mount -t nfs 192.168.100.100:/volume1/rke2-pv /mnt

If this fails, inspect kernel messages:

dmesg | tail

Common issues:

Permission denied
RPC service not running
Access denied by server

3. Verify Synology (or NFS server) configuration

For Synology NAS:

Enable NFS service
Edit Shared Folder → NFS Permissions
Add Kubernetes node subnet (e.g. 192.168.2.0/24)
Squash: Map all users to admin (recommended for PV creation)
Enable NFSv3 (some kubelet versions require it)
Apply settings

4. Set required mount options (if needed)

Some NFS servers require specifying the version explicitly.

For NFSv3:

nfs:
  mountOptions:
    - nfsvers=3

For NFSv4.1:

nfs:
  mountOptions:
    - nfsvers=4.1

5. Validate NFS server path and Helm chart values

Ensure your values.yaml matches:

nfs:
  server: 192.168.100.100
  path: /volume1/rke2-pv

Errors in the path produce mount failures.

6. Check firewall ports

NFS requires the following:

111 (rpcbind)
2049 (nfs)
20048 (mountd)
Additional dynamic ports depending on configuration

Open these ports for Kubernetes nodes.

7. Check SELinux or AppArmor restrictions

SELinux

getenforce

If it's Enforcing, run:

sudo setsebool -P virt_use_nfs 1

AppArmor

sudo aa-status | grep nfs

Profiles may block NFS mounting.

Summary of Common Causes

Missing NFS client tools (nfs-common, nfs-utils)
Incorrect NFS permissions on Synology or server
Wrong export path
Required NFS version mismatch
Firewall blocking RPC/NFS ports
SELinux/AppArmor policies blocking mounts

Error Description​

1. Ensure NFS client tools are installed on worker nodes​

Ubuntu / Debian​

CentOS / RHEL / Rocky / Alma​

openSUSE / SLES​

2. Test manual mount on the worker node​

3. Verify Synology (or NFS server) configuration​

4. Set required mount options (if needed)​

For NFSv3:​

For NFSv4.1:​

5. Validate NFS server path and Helm chart values​

6. Check firewall ports​

7. Check SELinux or AppArmor restrictions​

SELinux​

AppArmor​

Summary of Common Causes​