Trident Overview
Suggest changes
PDFs
Trident is an open-source and fully supported storage orchestrator for containers and Kubernetes distributions, including Red Hat OpenShift. Trident works with the entire NetApp storage portfolio, including the NetApp ONTAP and Element storage systems, and it also supports NFS and iSCSI connections. Trident accelerates the DevOps workflow by allowing end users to provision and manage storage from their NetApp storage systems without requiring intervention from a storage administrator.
An administrator can configure a number of storage backends based on project needs and storage system models that enable advanced storage features, including compression, specific disk types, or QoS levels that guarantee a certain level of performance. After they are defined, these backends can be used by developers in their projects to create persistent volume claims (PVCs) and to attach persistent storage to their containers on demand.
Trident has a rapid development cycle, and just like Kubernetes, is released four times a year.
A support matrix for what version of Trident has been tested with which Kubernetes distribution can be found here.
Please refer to the Trident product documentation for installation and configuration details.
Download Trident
To install Trident on the deployed user cluster and provision a persistent volume, complete the following steps:
-
Download the installation archive to the admin workstation and extract the contents. The current version of Trident is 22.01, which can be downloaded here.
-
Extract the Trident install from the downloaded bundle.
[netapp-user@rhel7 ~]$ tar -xzf trident-installer-22.01.0.tar.gz [netapp-user@rhel7 ~]$ cd trident-installer/ [netapp-user@rhel7 trident-installer]$
Install the Trident Operator with Helm
-
First set the location of the user cluster’s
kubeconfigfile as an environment variable so that you don’t have to reference it, because Trident has no option to pass this file.[netapp-user@rhel7 trident-installer]$ export KUBECONFIG=~/ocp-install/auth/kubeconfig
-
Run the Helm command to install the Trident operator from the tarball in the helm directory while creating the trident namespace in your user cluster.
[netapp-user@rhel7 trident-installer]$ helm install trident helm/trident-operator-22.01.0.tgz --create-namespace --namespace trident NAME: trident LAST DEPLOYED: Fri May 7 12:54:25 2021 NAMESPACE: trident STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Thank you for installing trident-operator, which will deploy and manage NetApp's Trident CSI storage provisioner for Kubernetes. Your release is named 'trident' and is installed into the 'trident' namespace. Please note that there must be only one instance of Trident (and trident-operator) in a Kubernetes cluster. To configure Trident to manage storage resources, you will need a copy of tridentctl, which is available in pre-packaged Trident releases. You may find all Trident releases and source code online at https://github.com/NetApp/trident. To learn more about the release, try: $ helm status trident $ helm get all trident
-
You can verify that Trident is successfully installed by checking the pods that are running in the namespace or by using the tridentctl binary to check the installed version.
[netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-csi-5z45l 1/2 Running 2 30s trident-csi-696b685cf8-htdb2 6/6 Running 0 30s trident-csi-b74p2 2/2 Running 0 30s trident-csi-lrw4n 2/2 Running 0 30s trident-operator-7c748d957-gr2gw 1/1 Running 0 36s [netapp-user@rhel7 trident-installer]$ ./tridentctl -n trident version +----------------+----------------+ | SERVER VERSION | CLIENT VERSION | +----------------+----------------+ | 22.01.0 | 22.01.0 | +----------------+----------------+
|
In some cases, customer environments might require the customization of the Trident deployment. In these cases, it is also possible to manually install the Trident operator and update the included manifests to customize the deployment. |
Manually install the Trident Operator
-
First, set the location of the user cluster’s
kubeconfigfile as an environment variable so that you don’t have to reference it, because Trident has no option to pass this file.[netapp-user@rhel7 trident-installer]$ export KUBECONFIG=~/ocp-install/auth/kubeconfig
-
The
trident-installerdirectory contains manifests for defining all the required resources. Using the appropriate manifests, create theTridentOrchestratorcustom resource definition.[netapp-user@rhel7 trident-installer]$ oc create -f deploy/crds/trident.netapp.io_tridentorchestrators_crd_post1.16.yaml customresourcedefinition.apiextensions.k8s.io/tridentorchestrators.trident.netapp.io created
-
If one does not exist, create a Trident namespace in your cluster using the provided manifest.
[netapp-user@rhel7 trident-installer]$ oc apply -f deploy/namespace.yaml namespace/trident created
-
Create the resources required for the Trident operator deployment, such as a
ServiceAccountfor the operator, aClusterRoleandClusterRoleBindingto theServiceAccount, a dedicatedPodSecurityPolicy, or the operator itself.[netapp-user@rhel7 trident-installer]$ oc create -f deploy/bundle.yaml serviceaccount/trident-operator created clusterrole.rbac.authorization.k8s.io/trident-operator created clusterrolebinding.rbac.authorization.k8s.io/trident-operator created deployment.apps/trident-operator created podsecuritypolicy.policy/tridentoperatorpods created
-
You can check the status of the operator after it’s deployed with the following commands:
[netapp-user@rhel7 trident-installer]$ oc get deployment -n trident NAME READY UP-TO-DATE AVAILABLE AGE trident-operator 1/1 1 1 23s [netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-operator-66f48895cc-lzczk 1/1 Running 0 41s
-
With the operator deployed, we can now use it to install Trident. This requires creating a
TridentOrchestrator.[netapp-user@rhel7 trident-installer]$ oc create -f deploy/crds/tridentorchestrator_cr.yaml tridentorchestrator.trident.netapp.io/trident created [netapp-user@rhel7 trident-installer]$ oc describe torc trident Name: trident Namespace: Labels: <none> Annotations: <none> API Version: trident.netapp.io/v1 Kind: TridentOrchestrator Metadata: Creation Timestamp: 2021-05-07T17:00:28Z Generation: 1 Managed Fields: API Version: trident.netapp.io/v1 Fields Type: FieldsV1 fieldsV1: f:spec: .: f:debug: f:namespace: Manager: kubectl-create Operation: Update Time: 2021-05-07T17:00:28Z API Version: trident.netapp.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:currentInstallationParams: .: f:IPv6: f:autosupportHostname: f:autosupportimage: f:autosupportProxy: f:autosupportSerialNumber: f:debug: f:enableNodePrep: f:imagePullSecrets: f:imageRegistry: f:k8sTimeout: f:kubeletDir: f:logFormat: f:silenceAutosupport: f:tridentimage: f:message: f:namespace: f:status: f:version: Manager: trident-operator Operation: Update Time: 2021-05-07T17:00:28Z Resource Version: 931421 Self Link: /apis/trident.netapp.io/v1/tridentorchestrators/trident UID: 8a26a7a6-dde8-4d55-9b66-a7126754d81f Spec: Debug: true Namespace: trident Status: Current Installation Params: IPv6: false Autosupport Hostname: Autosupport image: netapp/trident-autosupport:21.01 Autosupport Proxy: Autosupport Serial Number: Debug: true Enable Node Prep: false Image Pull Secrets: Image Registry: k8sTimeout: 30 Kubelet Dir: /var/lib/kubelet Log Format: text Silence Autosupport: false Trident image: netapp/trident:22.01.0 Message: Trident installed Namespace: trident Status: Installed Version: v22.01.0 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Installing 80s trident-operator.netapp.io Installing Trident Normal Installed 68s trident-operator.netapp.io Trident installed -
You can verify that Trident is successfully installed by checking the pods that are running in the namespace or by using the tridentctl binary to check the installed version.
[netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-csi-bb64c6cb4-lmd6h 6/6 Running 0 82s trident-csi-gn59q 2/2 Running 0 82s trident-csi-m4szj 2/2 Running 0 82s trident-csi-sb9k9 2/2 Running 0 82s trident-operator-66f48895cc-lzczk 1/1 Running 0 2m39s [netapp-user@rhel7 trident-installer]$ ./tridentctl -n trident version +----------------+----------------+ | SERVER VERSION | CLIENT VERSION | +----------------+----------------+ | 22.01.0 | 22.01.0 | +----------------+----------------+
Prepare worker nodes for storage
NFS
Most Kubernetes distributions come with the packages and utilities to mount NFS backends installed by default, including Red Hat OpenShift.
However, for NFSv3, there is no mechanism to negotiate concurrency between the client and the server. Hence the maximum number of client-side sunrpc slot table entries must be manually synced with supported value on the server to ensure the best performance for the NFS connection without the server having to decrease the window size of the connection.
For ONTAP, the supported maximum number of sunrpc slot table entries is 128 i.e. ONTAP can serve 128 concurrent NFS requests at a time. However, by default, Red Hat CoreOS/Red Hat Enterprise Linux has maximum of 65,536 sunrpc slot table entries per connection. We need to set this value to 128 and this can be done using Machine Config Operator (MCO) in OpenShift.
To modify the maximum sunrpc slot table entries in OpenShift worker nodes, complete the following steps:
-
Log into the OCP web console and navigate to Compute > Machine Configs. Click Create Machine Config. Copy and paste the YAML file and click Create.
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: name: 98-worker-nfs-rpc-slot-tables labels: machineconfiguration.openshift.io/role: worker spec: config: ignition: version: 3.2.0 storage: files: - contents: source: data:text/plain;charset=utf-8;base64,b3B0aW9ucyBzdW5ycGMgdGNwX21heF9zbG90X3RhYmxlX2VudHJpZXM9MTI4Cg== filesystem: root mode: 420 path: /etc/modprobe.d/sunrpc.conf -
After the MCO is created, the configuration needs to be applied on all worker nodes and rebooted one by one. The whole process takes approximately 20 to 30 minutes. Verify whether the machine config is applied by using
oc get mcpand make sure that the machine config pool for workers is updated.[netapp-user@rhel7 openshift-deploy]$ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED master rendered-master-a520ae930e1d135e0dee7168 True False False worker rendered-worker-de321b36eeba62df41feb7bc True False False
iSCSI
To prepare worker nodes to allow for the mapping of block storage volumes through the iSCSI protocol, you must install the necessary packages to support that functionality.
In Red Hat OpenShift, this is handled by applying an MCO (Machine Config Operator) to your cluster after it is deployed.
To configure the worker nodes to run iSCSI services, complete the following steps:
-
Log into the OCP web console and navigate to Compute > Machine Configs. Click Create Machine Config. Copy and paste the YAML file and click Create.
When not using multipathing:
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 99-worker-element-iscsi spec: config: ignition: version: 3.2.0 systemd: units: - name: iscsid.service enabled: true state: started osImageURL: ""When using multipathing:
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: name: 99-worker-ontap-iscsi labels: machineconfiguration.openshift.io/role: worker spec: config: ignition: version: 3.2.0 storage: files: - contents: source: data:text/plain;charset=utf-8;base64,ZGVmYXVsdHMgewogICAgICAgIHVzZXJfZnJpZW5kbHlfbmFtZXMgbm8KICAgICAgICBmaW5kX211bHRpcGF0aHMgbm8KfQoKYmxhY2tsaXN0X2V4Y2VwdGlvbnMgewogICAgICAgIHByb3BlcnR5ICIoU0NTSV9JREVOVF98SURfV1dOKSIKfQoKYmxhY2tsaXN0IHsKfQoK verification: {} filesystem: root mode: 400 path: /etc/multipath.conf systemd: units: - name: iscsid.service enabled: true state: started - name: multipathd.service enabled: true state: started osImageURL: "" -
After the configuration is created, it takes approximately 20 to 30 minutes to apply the configuration to the worker nodes and reload them. Verify whether the machine config is applied by using
oc get mcpand make sure that the machine config pool for workers is updated. You can also log into the worker nodes to confirm that the iscsid service is running (and the multipathd service is running if using multipathing).[netapp-user@rhel7 openshift-deploy]$ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED master rendered-master-a520ae930e1d135e0dee7168 True False False worker rendered-worker-de321b36eeba62df41feb7bc True False False [netapp-user@rhel7 openshift-deploy]$ ssh core@10.61.181.22 sudo systemctl status iscsid ● iscsid.service - Open-iSCSI Loaded: loaded (/usr/lib/systemd/system/iscsid.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-05-26 13:36:22 UTC; 3 min ago Docs: man:iscsid(8) man:iscsiadm(8) Main PID: 1242 (iscsid) Status: "Ready to process requests" Tasks: 1 Memory: 4.9M CPU: 9ms CGroup: /system.slice/iscsid.service └─1242 /usr/sbin/iscsid -f [netapp-user@rhel7 openshift-deploy]$ ssh core@10.61.181.22 sudo systemctl status multipathd ● multipathd.service - Device-Mapper Multipath Device Controller Loaded: loaded (/usr/lib/systemd/system/multipathd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-05-26 13:36:22 UTC; 3 min ago Main PID: 918 (multipathd) Status: "up" Tasks: 7 Memory: 13.7M CPU: 57ms CGroup: /system.slice/multipathd.service └─918 /sbin/multipathd -d -s
It is also possible to confirm that the MachineConfig has been successfully applied and services have been started as expected by running the oc debugcommand with the appropriate flags.
Create storage-system backends
After completing the Trident Operator install, you must configure the backend for the specific NetApp storage platform you are using. Follow the links below in order to continue the setup and configuration of Trident.