NFS Mount (4.1) not working, not permitted, even with NFS client compiled in ISO

[Power2All]

Bug Report

I'm unable to mount a NFS folder on Talos.

Description

Trying to mount a NFS when deploying Traefik, but everything I've tried, I keep getting the issue that I'm unable to mount:

Mounting command: mount
Mounting arguments: -t nfs -o nfsvers=4.1,hard,noresvport,rw 10.0.2.2:/mnt/pve/DATA/shared/kubesystem/traefik /var/lib/kubelet/pods/b61125ab-f46a-4db2-87b3-d74b308e6597/volumes/kubernetes.io~csi/traefik-pv/mount
Output: mount.nfs: Operation not permitted

Even with NFS client extension added to the ISO, it still doesn't work...

Logs

root@server2:/mnt/pve/DATA/shared/kubesystem/system# talosctl -n control1 get extensions
NODE       NAMESPACE   TYPE              ID            VERSION   NAME               VERSION
control1   runtime     ExtensionStatus   0             1         util-linux-tools   2.40.4
control1   runtime     ExtensionStatus   1             1         fuse3              3.17.1
control1   runtime     ExtensionStatus   2             1         nfsd               v1.10.4
control1   runtime     ExtensionStatus   3             1         nvme-cli           v2.11
control1   runtime     ExtensionStatus   4             1         qemu-guest-agent   10.0.2
control1   runtime     ExtensionStatus   5             1         schematic          bc329165646289d34ddd72584908682b80d48b013b67e80017af71400480e0b8
control1   runtime     ExtensionStatus   modules.dep   1         modules.dep        6.12.31-talos

root@server2:/mnt/pve/DATA/shared/kubesystem/system# kubectl get events -n traefik
LAST SEEN   TYPE      REASON        OBJECT                         MESSAGE
15m         Normal    Scheduled     pod/traefik-8587dfddbf-479d2   Successfully assigned traefik/traefik-8587dfddbf-479d2 to worker-web-1
10m         Warning   FailedMount   pod/traefik-8587dfddbf-479d2   MountVolume.SetUp failed for volume "traefik-pv" : rpc error: code = Internal desc = mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs -o nfsvers=4.1,hard,noresvport,rw 10.0.2.2:/mnt/pve/DATA/shared/kubesystem/traefik /var/lib/kubelet/pods/8cba5870-fefe-4252-ba70-0d5546b3a6a0/volumes/kubernetes.io~csi/traefik-pv/mount
Output: mount.nfs: Operation not permitted
9m51s       Warning   FailedMount   pod/traefik-8587dfddbf-479d2   Unable to attach or mount volumes: unmounted volumes=[data], unattached volumes=[], failed to process volumes=[]: error processing PVC traefik/traefik-data: failed to fetch PVC from API server: Get "https://127.0.0.1:7445/api/v1/namespaces/traefik/persistentvolumeclaims/traefik-data": EOF
20m         Normal    Scheduled     pod/traefik-8587dfddbf-fl6fm   Successfully assigned traefik/traefik-8587dfddbf-fl6fm to worker-php-2
15m         Warning   FailedMount   pod/traefik-8587dfddbf-fl6fm   MountVolume.SetUp failed for volume "traefik-pv" : rpc error: code = Internal desc = mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs -o nfsvers=4.1,hard,noresvport,rw 10.0.2.2:/mnt/pve/DATA/shared/kubesystem/traefik /var/lib/kubelet/pods/10b22320-8970-4943-abb7-067a52d1e558/volumes/kubernetes.io~csi/traefik-pv/mount
Output: mount.nfs: Operation not permitted
9m55s       Normal    Scheduled     pod/traefik-8587dfddbf-w8rg8   Successfully assigned traefik/traefik-8587dfddbf-w8rg8 to worker-other-1
75s         Warning   FailedMount   pod/traefik-8587dfddbf-w8rg8   MountVolume.SetUp failed for volume "traefik-pv" : rpc error: code = Internal desc = mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs -o nfsvers=4.1,hard,noresvport,rw 10.0.2.2:/mnt/pve/DATA/shared/kubesystem/traefik /var/lib/kubelet/pods/b61125ab-f46a-4db2-87b3-d74b308e6597/volumes/kubernetes.io~csi/traefik-pv/mount
Output: mount.nfs: Operation not permitted
20m         Normal    SuccessfulCreate    replicaset/traefik-8587dfddbf   Created pod: traefik-8587dfddbf-fl6fm
15m         Normal    SuccessfulCreate    replicaset/traefik-8587dfddbf   Created pod: traefik-8587dfddbf-479d2
9m56s       Normal    SuccessfulCreate    replicaset/traefik-8587dfddbf   Created pod: traefik-8587dfddbf-w8rg8
20m         Normal    ScalingReplicaSet   deployment/traefik              Scaled up replica set traefik-8587dfddbf from 0 to 1

Environment

• Talos version:

Client:
        Tag:         v1.10.4
        SHA:         3c119bf8
        Built:
        Go version:  go1.24.4
        OS/Arch:     linux/amd64
Server:
        NODE:        control1
        Tag:         v1.10.4
        SHA:         3c119bf8
        Built:
        Go version:  go1.24.4
        OS/Arch:     linux/amd64
        Enabled:     RBAC

• Kubernetes version:

root@server2:/mnt/pve/DATA/shared/kubesystem/system# kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.2", GitCommit:"faecb196815e248d3ecfb03c680a4507229c2a56", GitTreeState:"archive", BuildDate:"2022-04-02T14:49:13Z", GoVersion:"go1.18", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"33", GitVersion:"v1.33.1", GitCommit:"8adc0f041b8e7ad1d30e29cc59c6ae7a15e19828", GitTreeState:"clean", BuildDate:"2025-05-15T08:19:08Z", GoVersion:"go1.24.2", Compiler:"gc", Platform:"linux/amd64"}

• Platform: Proxmox

[Power2All]

I've tried everything, also custom mounting.
Talos won't let me mount any NFS whatsoever.

If someone can tell me what I need to do in order to mount an NFS 4.1 (or 4.2) share, let me know...