Mounting persistent volume from NFS file share fails with "mount.nfs: access denied by server while mounting" on Tanzu Kubernetes Grid Integrated Edition (TKGI) using NSX-T with NAT. There can be a number of reasons for this error. To retrieve further information on why it is mounting, review the NFS server logs.

If TKGI is running with NSX-T and uses NAT when connecting to remote servers, the source port is changed and this can be one possible reason why the NFS server can deny access. In this scenario, the NFS server will indicate that the client is trying to connect using an insecure port or a port with a value greater than 1024.

If its possible to mount the NFS share from another a non-TKGI server that doesn't use NSX-T, then this may also indicate the NSX-T NAT is having an impact.

When the Pod is trying to mount the volume from NFS share, it will use a source port less than (<) 1024. NSX-T will do port translation and the NFS server will receive a connection from a source port greater than (>) 1024. The NFS server will refuse the connection as it is deemed to be insecure.