Using Cloud Volumes ONTAP as persistent storage for Kubernetes
Cloud Manager can automate the deployment of NetApp Trident on Kubernetes clusters so you can use Cloud Volumes ONTAP as persistent storage for containers.
Trident is a fully-supported open source project maintained by NetApp. Trident integrates natively with Kubernetes and its Persistent Volume framework to seamlessly provision and manage volumes from systems running any combination of NetApp's storage platforms. Learn more about Trident.
The Kubernetes feature isn't supported with on-prem ONTAP clusters. It's supported with Cloud Volumes ONTAP only. |
Quick start
Get started quickly by following these steps or scroll down to the remaining sections for full details.
Review prerequisites
Ensure that your environment can meet the prerequisites, which includes connectivity between Kubernetes clusters and Cloud Volumes ONTAP, connectivity between Kubernetes clusters and a Connector, a minimum Kubernetes version of 1.14, at least one worker node in a cluster, and more. See the complete list.
Add your Kubernetes clusters to Cloud Manager
In Cloud Manager, click Kubernetes and discover clusters directly from your cloud provider's managed service or import a cluster by providing a kubeconfig file.
Connect your clusters to Cloud Volumes ONTAP
After you add a Kubernetes cluster, click Connect to Working Environment to connect the cluster to one or more Cloud Volumes ONTAP systems.
Start provisioning Persistent Volumes
Request and manage Persistent Volumes using native Kubernetes interfaces and constructs. Cloud Manager creates NFS and iSCSI storage classes that you can use when provisioning Persistent Volumes.
Reviewing prerequisites
Before you get started, ensure that your Kubernetes clusters and Connector meet specific requirements.
Kubernetes cluster requirements
-
Network connectivity is required between a Kubernetes cluster and the Connector and between a Kubernetes cluster and Cloud Volumes ONTAP.
Both the Connector and Cloud Volumes ONTAP need a connection to the Kubernetes API endpoint:
-
For managed clusters, set up a route between a cluster's VPC and the VPC where the Connector and Cloud Volumes ONTAP reside.
-
For other clusters, the IP address of the master node or load balancer (as listed in the kubeconfig file) must be reachable by the Connector and Cloud Volumes ONTAP, and it must present a valid TLS certificate.
-
-
A Kubernetes cluster can be in any location that has the network connectivity listed above.
-
A Kubernetes cluster must be running version 1.14 at a minimum.
The maximum supported version is defined by Trident. Click here to see the maximum supported Kubernetes version.
-
A Kubernetes cluster must have at least one worker node.
-
For clusters running in Amazon Elastic Kubernetes Service (Amazon EKS), each cluster needs an IAM role added in order to resolve a permissions error. After you add the cluster, Cloud Manager will prompt you with the exact eksctl command that resolves the error.
-
For clusters running in Azure Kubernetes Service (AKS), those clusters must be assigned the Azure Kubernetes Service RBAC Cluster Admin role. This is required so Cloud Manager can install Trident and configure storage classes on the cluster.
-
For clusters running in Google Kubernetes Engine (GKE), those clusters must not use the default Container Optimized OS. You should switch them to use Ubuntu.
GKE defaults to using the Google container-optimized image, which doesn't have the utilities that Trident needs to mount volumes.
Connector requirements
Ensure that the following networking and permissions are in place for the Connector.
Networking
-
The Connector needs an outbound internet connection to access the following endpoints when installing Trident:
https://packages.cloud.google.com/yum
https://github.com/NetApp/trident/releases/download/Cloud Manager installs Trident on a Kubernetes cluster when you connect a working environment to the cluster.
Required permissions to discover and manage EKS clusters
The Connector needs Admin permissions to discover and manage Kubernetes clusters running in Amazon Elastic Kubernetes Service (EKS):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
}
]
}
Required permissions to discover and manage GKE clusters
The Connector needs the following permissions to discover and manage Kubernetes clusters running in Google Kubernetes Engine (GKE):
container.*
Example setup
The following image shows an example of a Kubernetes cluster running in Amazon Elastic Kubernetes Service (Amazon EKS) and its connections to the Connector and Cloud Volumes ONTAP.
Adding Kubernetes clusters
Add Kubernetes clusters to Cloud Manager by discovering the clusters running in your cloud provider's managed Kubernetes service or by importing a cluster's kubeconfig file.
-
At the top of Cloud Manager, click Kubernetes.
-
Click Add Cluster.
-
Choose one of the available options:
-
Click Discover Clusters to discover the managed clusters that Cloud Manager has access to based on permissions that you provided to the Connector.
For example, if your Connector is running in Google Cloud, Cloud Manager uses the permissions from the Connector's service account to discover clusters running in Google Kubernetes Engine (GKE).
-
Click Import Cluster to import a cluster using a kubeconfig file.
After you upload the file, Cloud Manager verifies connectivity to the cluster and saves an encrypted copy of the kubeconfig file.
-
Cloud Manager adds the Kubernetes cluster. You can now connect the cluster to Cloud Volumes ONTAP.
Connecting a cluster to Cloud Volumes ONTAP
Connect a Kubernetes cluster to Cloud Volumes ONTAP so you can use Cloud Volumes ONTAP as persistent storage for containers.
-
At the top of Cloud Manager, click Kubernetes.
-
Click Connect to Working Environment for the cluster that you just added.
-
Select a working environment and click Continue.
-
Choose the NetApp storage class to use as the default storage class for the Kubernetes cluster and click Continue.
When a user creates a persistent volume, the Kubernetes cluster can use this storage class as the backend storage by default.
-
Choose whether to use default auto export policies or whether to add a custom CIDR block.
-
Click Add Working Environment.
Cloud Manager connects the working environment to the cluster, which can take up to 15 minutes.
Managing your clusters
Cloud Manager enables you to manage your Kubernetes clusters by changing the default storage class, upgrading Trident, and more.
Changing the default storage class
Make sure that you've set a Cloud Volumes ONTAP storage class as the default storage class so clusters use Cloud Volumes ONTAP as the backend storage.
-
At the top of Cloud Manager, click Kubernetes.
-
Click the name of the Kubernetes cluster.
-
In the Storage Classes table, click the actions menu on the far right for the storage class that you'd like to set as the default.
-
Click Set as Default.
Upgrading Trident
You can upgrade Trident from Cloud Manager when a new version of Trident is available.
-
At the top of Cloud Manager, click Kubernetes.
-
Click the name of the Kubernetes cluster.
-
If a new version is available, click Upgrade next to the Trident version.
Updating the kubeconfig file
If you added your cluster to Cloud Manager by importing the kubeconfig file, you can upload the latest kubeconfig file to Cloud Manager at any time. You might do this if you've updated the credentials, if you've changed users or roles, or if something changed that affects the cluster, user, namespaces, or authentication.
-
At the top of Cloud Manager, click Kubernetes.
-
Click the name of the Kubernetes cluster.
-
Click Update Kubeconfig.
-
When prompted through your web browser, select the updated kubeconfig file and click Open.
Cloud Manager updates information about the Kubernetes cluster based on the latest kubeconfig file.
Disconnecting a cluster
When you disconnect a cluster from Cloud Volumes ONTAP, you can no longer use that Cloud Volumes ONTAP system as persistent storage for containers. Existing Persistent Volumes are not deleted.
-
At the top of Cloud Manager, click Kubernetes.
-
Click the name of the Kubernetes cluster.
-
In the Working Environments table, click the actions menu on the far right for the working environment that you want to disconnect.
-
Click Disconnect.
Cloud Manager disconnects the cluster from the Cloud Volumes ONTAP system.
Removing a cluster
Remove decommissioned clusters from Cloud Manager after you disconnect all working environments from the cluster.
-
At the top of Cloud Manager, click Kubernetes.
-
Click the name of the Kubernetes cluster.
-
Click Remove Cluster.