![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 62%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 91%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hi BatmanNinja,
Welcome to Microsoft Q&A, i hope you are doing well.
Thank you for sharing the details and error messages about mounting Azure Blob storage with NFS protocol on AKS after switching to private endpoints. Based on the scenario and your symptoms, here are the targeted steps to resolve this:
1. Confirm Private Endpoint and DNS Configuration:
Azure Blob NFS works with private endpoints, but AKS nodes must resolve the storage account’s private DNS name correctly. Ensure you have configured a custom DNS zone or Azure Private DNS Zone for privatelink.blob.core.windows.net, and AKS nodes can resolve <storage-account>.privatelink.blob.core.windows.net to the private endpoint IP.
See the official documentation for details: https://free.blessedness.top/en-us/azure/storage/common/storage-private-endpointslearn.microsoft
- On an AKS node or test pod, run:
nslookup <storage-account>.privatelink.blob.core.windows.netConfirm this resolves to the private endpoint IP.
2. Network Security Group and Firewall Rules:
Verify your Network Security Groups (NSGs) and firewall rules allow AKS nodes to communicate with the storage account’s private endpoint on port 2049 (NFS). Blocked traffic will trigger mount/unmount errors and RPC deadline exceeded messages.
Refer to: https://free.blessedness.top/en-us/azure/storage/blobs/network-file-system-protocol-support-how-tolearn.microsoft
3. AKS Pod and Node Resources:
"Memory cgroup out of memory" and mount/unmount errors suggest either resource contention or excessive parallel mounts. Test by scaling down the number of pods mounting the NFS volume and monitoring node resource consumption:
Restart affected AKS nodes to clear any stale mounts.
Ensure node memory is adequate for your pod workload. Troubleshooting guide: https://free.blessedness.top/en-us/troubleshoot/azure/azure-kubernetes/storage/mounting-azure-blob-storage-container-faillearn.microsoft
4. Known Limitations and Additional Guidance:
NFS protocol on Blob storage does not support all legacy NFS features; check for known limitations here: https://free.blessedness.top/en-us/azure/storage/blobs/network-file-system-protocol-supportlearn.microsoft
For persistent issues, verify you are using the latest CSI driver and StorageClass YAML per Microsoft examples: https://free.blessedness.top/en-us/azure/storage/blobs/network-file-system-protocol-support-how-tolearn.microsoft
If these steps are implemented and verified, AKS pods should mount and unmount Azure Blob NFS volumes via private endpoints reliably. For full testing and setup validation, please follow all steps in Microsoft's official guides linked above.
Let me know if you need further troubleshooting or clarification.
If the provided information answers your query, do click "Accept Answer", it will help others who might be facing similar challenges.
Thanks,
Harish.