Classic: Why am I denied server access when mounting a volume to a worker node?

Classic infrastructure

When you try to mount a file storage volume, you get an error stating that access is denied by the server.

Example error.

MountVolume.SetUp failed for volume "pvc-XXXX" : mount failed: exit status 32 Mounting command: mount Mounting arguments: -t nfs fsf-region-fz.service.softlayer.com:/VOLUME/data01 /var/data/kubelet/pods/1a11b234-567c-89d0-1ef2-34g567abc89/volumes/kubernetes.io~nfs/pvc-XXXX Output: mount.nfs: access denied by server while mounting fsf-region-fz.service.softlayer.com:/VOLUME/data01

Your worker nodes might not have access to the your file storage.

Follow the steps to ensure that your worker nodes have access. Note that these steps require classic infrastructure permissions.

In the CLI

Get the volume ID.

kubectl describe pv PVNAME -n NAMESPACE

Get the ID of the worker node's subnet.

ibmcloud oc worker get --worker <worker_node_id> --cluster <cluster_id>

Example Subnets section in output.

Subnets
ID                                          IP Address                CIDR
0101-0ef11da0-01c1-0011-1f7-01010db11e00    XXX.XX.XXX.10 (primary)   XXX.XX.XXX.10/24

Run the command to authorize access. Specify the volume ID and worker subnet ID that you found in the previous steps.
```
ibmcloud sl file access-authorize <volume_id> --subnet-id <worker_subnet_ID>
```

In the UI

In the UI, navigate to your Clusters dashboard. Click on your cluster, then click Worker nodes.
Click on the relevant worker node to find the Subnet name.
Navigate to the Classic Infrastructure File Storage dashboard and click on the volume you want to mount.
Click Actions > Authorize Host.
Under Select a host type, select Subnets.
In the dropdown, select the subnet that applies to your worker node.
Click Save.