Search code examples

Unable to mount google filestore inside a GKE pod directly (without using PV)

I am trying to take backup of Google Filestore to a GCS bucket. I also want to rsync the contents of filestore in primary region to another filestore in secondary region.

For this, I have created a bash script which is working fine in compute engine VM. I have converted that into a docker container which I'm running as a kubernetes cronjob inside a GKE cluster.

But when I run the scripts inside the GKE pod, it is giving me the following error:

root@filestore-backup-1594023480-k9wmn:/# mount /mnt/filestore-primary 
mount.nfs: access denied by server while mounting

I am able to connect to the filestore from the container:

root@filestore-backup-1594023480-k9wmn:/# telnet 111 
Connected to 
Escape character is '^]'.

The pod ip ranges are also added to the VPC ip range. Filestore has been given full access to allow the VPC. The same script is working fine in compute engine VM.

Why is mounting a google filestore inside a GKE pod not working?

bash script used for taking backup of google filestore:


# Create the GCloud Authentication file if set
    touch /root/gcloud.json
    echo "$GCP_GCLOUD_AUTH" > /root/gcloud.json
    gcloud auth activate-service-account --key-file=/root/gcloud.json

#backup filestore to GCS

DATE=$(date +"%m-%d-%Y-%T")



#rsync filestore to secondary region



All the variables are passed as environmental variables in the yaml.


  • The reason why you can't access it's because GKE has a different method for consuming filestore than other GCP instances, in order to be able to mount you have to create Persistent Volume and Persistent Volume Claims.

    • If you need only one static access to the filestore, you can follow this guide to manually set PV and PVC to attach to your application:

    • If you want to make it more dynamic and ready for broader use, consider using a NFS Client Provisioner. It will create a storageClass that can be reffered on your yamls. In a nutshell a storageClass dinamically provisions the PV and PVCs for each access. You can follow this guide:

    • Additionally, you can also use the Filestore CSI driver to enable GKE workloads to dynamically create and mount Filestore volumes without using helm. However, the CSI driver is not a supported Google Cloud product so you should consider if it fits your production environment:

    Choose your path, if you have any questions let me know in the comments.