Just would like to add a consideration about permissions. The NFS directory that we’re using here to share the content, so /opt/dynamic-storage, gets the number of the beast (at least in Linux): 777.

This can’t possibly be right. Those kind of permissions are too wide and a security risk, it can simply be avoided by using something like:

> sudo chown -R nobody:nogroup /storage
> sudo chmod 2770 /storage

The setgid does the trick here, and you don’t have a directory opened for rwx to the world.
With that said, the resources that get created by the provisioner are in any case 777:

> sudo ls -la /storage/
total 12
drwxrws— 3 nobody nogroup 4096 giu 9 12:24 .
drwxr-xr-x 22 root root 4096 giu 9 12:20 ..
drwxrwxrwx 2 nobody nogroup 4096 giu 9 12:25 nfs-provisioning-demo-claim-pvc-3483691c-492f-4a84-875d-897efe855978

But that’s how the provisioner work, and so should be explored there (the project doesn’t seem to be maintained anymore ‘https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/issues/286’ ).

Great work, btw!