Share via

Azure Container Apps: Volume mount fails with "Permission Denied" error

Jason Lee 181 Reputation points
2023-06-16T17:13:05.6966667+00:00

Hi,

I'm following the ACA storage mount tutorial but using Terraform and Azure Portal (the latter to experiment/debug before updating my TF scripts). However, when my container starts it always throws an permission denied error when trying to mount the volume.

SetUp failed for volume \u0022web-configuration\u0022 : rpc error: code = Internal desc = volume(csi-####) mount //#####.file.core.windows.net/web-config on /var/lib/kubelet/pods/####/volumes/kubernetes.io~csi/web-configuration/mount failed with mount failed: exit status 32\nMounting command: mount\nMounting arguments: -t cifs -o ,file_mode=0777,dir_mode=0777,actimeo=30,mfsymlinks,nosharesock,\u003Cmasked\u003E //#####.file.core.windows.net/web-config /var/lib/kubelet/pods/####/volumes/kubernetes.io~csi/web-configuration/mount\nOutput: mount error(13): Permission denied\nRefer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)\n","Reason":"FailedMount","EventSource":"ContainerAppController","Count":4}

Everything looks configured properly as per the documentation/tutorial, so I'm wondering if anyone has any ideas what could be wrong?

Here's some additional details.

  1. My storage account is publically accessible
    User's image
  2. Names and settings were directly copy and pasted, so doubt there are typos
    File share config
    User's image

Container Apps Environment file mount config
User's image

Container App volume mount config
User's image

  1. The File Share has security set to "maximum compatibility"
    User's image
  2. Where the mount is supposed to go (console in running container). I also tried mounting to the existing config directory but I get the same error.
    User's image
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
Accepted answer
  1. KarishmaTiwari-MSFT 20,787 Reputation points Microsoft Employee Moderator
    2023-06-22T17:25:45.3266667+00:00

    @Jason Lee I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.

    Issue: Azure Container Apps: Volume mount fails with "Permission Denied" error

    Possible Cause: Cx shared - "My initial volume mount configuration above was done manually through Azure Portal. When I translated it into Terraform and ran the TF scripts, everything worked as expected. Maybe using Terraform avoided a typo, I made in the above configuration."

    If your issue remains unresolved or have further questions, please let us know in the comments how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.
    User's image

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bart McLeod 0 Reputation points
    2023-09-29T07:30:41.3966667+00:00

    I had the same issue and it cost me over a day to get it sorted. In the end, I also suddenly fixed it, without knowing what really happened. I have even deleted the entire storage account and refreshed the container and finally it started working. I saved the app.yml definition of the container app before and after, to be able to learn what changed. Turns out it was a nasty typo indeed. So I'm humbled by the fact that again my own human failure was at the root of wasting so much time. Then again, it wasn't entirely wasted, because I learned how to dump the app.yml and how to update the app from the az command. In case you might find this useful, these were the commands:

    az containerapp show --name <name-of-app> --resource-group <name of resource group> --output yaml > app.yml

// and to update it after changes were made in app.yml
az containerapp update --name <name-of-app> --resource-group <name of resource group> --yaml app.yml --output table
    0 comments
  2. Mohammad Hussain Hussaini 5 Reputation points
    2024-11-28T12:49:15.4166667+00:00

    I had the exact same problem. for me adding below line in the "Mount Options" in the Volumes tab in the container settings solved the problem.

    dir_mode=0777,file_mode=0777,uid=1000,gid=1000,mfsymlinks,nobrl,cache=none

    User's image

    0 comments
  3. Andrew Hoffmann 0 Reputation points
    2025-06-27T20:54:17.6266667+00:00

    I was using Terraform and had the incorrect share_name attribute in the azurerm_container_app_environment_storage resource. I didn't want to believe it, but it was human error. 🙃

    The takeaway here is that Azure's resource manager doesn't appear to validate the file share information.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.