Configure a CVS for GCP backend
Suggest changes
PDFs
Learn about how to configure NetApp Cloud Volumes Service (CVS) for Google Cloud Platform (GCP) as the backend for your Astra Trident installation using the sample configurations provided.
|
NetApp Cloud Volumes Service for Google Cloud does not support CVS-Performance volumes less than 100 GiB in size, or CVS volumes less than 300 GiB in size. Astra Trident automatically creates volumes of the minimum size if a the volume requested is smaller than the minimum size. |
To configure and use the Cloud Volumes Service for Google Cloud backend, you need the following:
-
A Google Cloud account configured with NetApp CVS
-
Project number of your Google Cloud account
-
Google Cloud service account with the
netappcloudvolumes.adminrole -
API key file for your CVS service account
Astra Trident now includes support for smaller volumes with the default CVS service type on GCP. For backends created with storageClass=software, volumes will now have a minimum provisioning size of 300 GiB. CVS currently provides this feature under Controlled Availability and does not provide technical support. Users must sign up for access to sub-1TiB volumes here. NetApp recommends customers consume sub-1TiB volumes for non-production workloads.
|
|
When deploying backends using the default CVS service type (storageClass=software), users must obtain access to the sub-1TiB volumes feature on GCP for the Project Number(s) and Project ID(s) in question. This is necessary for Astra Trident to provision sub-1TiB volumes. If not, volume creations will fail for PVCs that are lesser than 600 GiB. Obtain access to sub-1TiB volumes using this form.
|
Volumes created by Astra Trident for the default CVS service level will be provisioned as follows:
-
PVCs that are smaller than 300 GiB will result in Astra Trident creating a 300 GiB CVS volume.
-
PVCs that are between 300 GiB to 600 GiB will result in Astra Trident creating a CVS volume of the requested size.
-
PVCs that are between 600 GiB and 1 TiB will result in Astra Trident creating a 1TiB CVS volume.
-
PVCs that are greater than 1 TiB will result in Astra Trident creating a CVS volume of the requested size.
Backend configuration options
See the following table for the backend configuration options:
| Parameter | Description | Default |
|---|---|---|
|
Always 1 |
|
|
Name of the storage driver |
"gcp-cvs" |
|
Custom name or the storage backend |
Driver name + "_" + part of API key |
|
Type of storage. Choose from |
|
|
Google Cloud account project number. The value is found on the Google Cloud portal's Home page. |
|
|
CVS account region. It is the region where the backend will provision the volumes. |
|
|
API key for the Google Cloud service account with the |
|
|
Proxy URL if proxy server required to connect to CVS Account. The proxy server can either be an HTTP proxy or an HTTPS proxy. For an HTTPS proxy, certificate validation is skipped to allow the usage of self-signed certificates in the proxy server. Proxy servers with authentication enabled are not supported. |
|
|
Fine-grained control of NFS mount options. |
"nfsvers=3" |
|
Fail provisioning if the requested volume size is above this value |
"" (not enforced by default) |
|
The CVS service level for new volumes. The values are "standard", "premium", and "extreme". |
"standard" |
|
GCP network used for CVS volumes |
“default” |
|
Debug flags to use when troubleshooting. Example, |
null |
If using a shared VPC network, both projectNumber and hostProjectNumber must be specified. In that case, projectNumber is the service project, and hostProjectNumber is the host project.
The apiRegion represents the GCP region where Astra Trident creates CVS volumes. When creating cross-region Kubernetes clusters, CVS volumes created in an apiRegion can be used in workloads scheduled on nodes across multiple GCP regions. Be aware that cross-region traffic incurs an additional cost.
|
|
|
|
Astra Trident's integration with the base CVS service type on Google Cloud is a beta feature, not meant for production workloads. Trident is fully supported with the CVS-Performance service type and uses it by default. |
Each backend provisions volumes in a single Google Cloud region. To create volumes in other regions, you can define additional backends.
You can control how each volume is provisioned by default by specifying the following options in a special section of the configuration file. See the configuration examples below.
| Parameter | Description | Default |
|---|---|---|
|
The export rule(s) for new volumes |
"0.0.0.0/0" |
|
Access to the |
"false" |
|
Percentage of volume reserved for snapshots |
"" (accept CVS default of 0) |
|
The size of new volumes |
"100Gi" |
The exportRule value must be a comma-separated list of any combination of IPv4 addresses or IPv4 subnets in CIDR notation.
|
|
For all the volumes created on a CVS Google Cloud backend, Trident copies all the labels present on a storage pool to the storage volume at the time it is provisioned. Storage administrators can define labels per storage pool and group all the volumes created in a storage pool. This provides a convenient way of differentiating volumes based on a set of customizable labels that are provided in the backend configuration. |
Example 1: Minimal configuration
This is the absolute minimum backend configuration.
{
"version": 1,
"storageDriverName": "gcp-cvs",
"projectNumber": "012345678901",
"apiRegion": "us-west2",
"apiKey": {
"type": "service_account",
"project_id": "my-gcp-project",
"private_key_id": "<id_value>",
"private_key": "
-----BEGIN PRIVATE KEY-----
<key_value>
-----END PRIVATE KEY-----\n",
"client_email": "cloudvolumes-admin-sa@my-gcp-project.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloudvolumes-admin-sa%40my-gcp-project.iam.gserviceaccount.com"
}
}
Example 2: Base CVS service type configuration
This example shows a backend definition that uses the base CVS service type, which is meant for general-purpose workloads and provides light/moderate performance, coupled with high zonal availability.
{
"version": 1,
"storageDriverName": "gcp-cvs",
"projectNumber": "012345678901",
"storageClass": "software",
"apiRegion": "us-east4",
"apiKey": {
"type": "service_account",
"project_id": "my-gcp-project",
"private_key_id": "<id_value>",
"private_key": "
-----BEGIN PRIVATE KEY-----
<key_value>
-----END PRIVATE KEY-----\n",
"client_email": "cloudvolumes-admin-sa@my-gcp-project.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloudvolumes-admin-sa%40my-gcp-project.iam.gserviceaccount.com"
}
}
Example 3: Single service level configuration
This example shows a backend file that applies the same aspects to all Astra Trident-created storage in the Google Cloud us-west2 region. This example also shows the usage of proxyURL in the backend configuration file.
{
"version": 1,
"storageDriverName": "gcp-cvs",
"projectNumber": "012345678901",
"apiRegion": "us-west2",
"apiKey": {
"type": "service_account",
"project_id": "my-gcp-project",
"private_key_id": "<id_value>",
"private_key": "
-----BEGIN PRIVATE KEY-----
<key_value>
-----END PRIVATE KEY-----\n",
"client_email": "cloudvolumes-admin-sa@my-gcp-project.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloudvolumes-admin-sa%40my-gcp-project.iam.gserviceaccount.com"
},
"proxyURL": "http://proxy-server-hostname/",
"nfsMountOptions": "vers=3,proto=tcp,timeo=600",
"limitVolumeSize": "10Ti",
"serviceLevel": "premium",
"defaults": {
"snapshotDir": "true",
"snapshotReserve": "5",
"exportRule": "10.0.0.0/24,10.0.1.0/24,10.0.2.100",
"size": "5Ti"
}
}
Example 4: Virtual storage pool configuration
This example shows the backend definition file configured with virtual storage pools along with StorageClasses that refer back to them.
In the sample backend definition file shown below, specific defaults are set for all storage pools, which set the snapshotReserve at 5% and the exportRule to 0.0.0.0/0. The virtual storage pools are defined in the storage section. In this example, each individual storage pool sets its own serviceLevel, and some pools overwrite the default values.
{
"version": 1,
"storageDriverName": "gcp-cvs",
"projectNumber": "012345678901",
"apiRegion": "us-west2",
"apiKey": {
"type": "service_account",
"project_id": "my-gcp-project",
"private_key_id": "<id_value>",
"private_key": "
-----BEGIN PRIVATE KEY-----
<key_value>
-----END PRIVATE KEY-----\n",
"client_email": "cloudvolumes-admin-sa@my-gcp-project.iam.gserviceaccount.com",
"client_id": "123456789012345678901",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloudvolumes-admin-sa%40my-gcp-project.iam.gserviceaccount.com"
},
"nfsMountOptions": "vers=3,proto=tcp,timeo=600",
"defaults": {
"snapshotReserve": "5",
"exportRule": "0.0.0.0/0"
},
"labels": {
"cloud": "gcp"
},
"region": "us-west2",
"storage": [
{
"labels": {
"performance": "extreme",
"protection": "extra"
},
"serviceLevel": "extreme",
"defaults": {
"snapshotDir": "true",
"snapshotReserve": "10",
"exportRule": "10.0.0.0/24"
}
},
{
"labels": {
"performance": "extreme",
"protection": "standard"
},
"serviceLevel": "extreme"
},
{
"labels": {
"performance": "premium",
"protection": "extra"
},
"serviceLevel": "premium",
"defaults": {
"snapshotDir": "true",
"snapshotReserve": "10"
}
},
{
"labels": {
"performance": "premium",
"protection": "standard"
},
"serviceLevel": "premium"
},
{
"labels": {
"performance": "standard"
},
"serviceLevel": "standard"
}
]
}
The following StorageClass definitions refer to the storage pools above. By using the parameters.selector field, you can specify for each StorageClass the virtual pool that is used to host a volume. The volume will have the aspects defined in the chosen pool.
The first StorageClass (cvs-extreme-extra-protection) maps to the first virtual storage pool. This is the only pool offering extreme performance with a snapshot reserve of 10%. The last StorageClass (cvs-extra-protection) calls out any storage pool which provides a snapshot reserve of 10%. Astra Trident decides which virtual storage pool is selected and ensures that the snapshot reserve requirement is met.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-extreme-extra-protection provisioner: netapp.io/trident parameters: selector: "performance=extreme; protection=extra" allowVolumeExpansion: true --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-extreme-standard-protection provisioner: netapp.io/trident parameters: selector: "performance=premium; protection=standard" allowVolumeExpansion: true --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-premium-extra-protection provisioner: netapp.io/trident parameters: selector: "performance=premium; protection=extra" allowVolumeExpansion: true --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-premium provisioner: netapp.io/trident parameters: selector: "performance=premium; protection=standard" allowVolumeExpansion: true --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-standard provisioner: netapp.io/trident parameters: selector: "performance=standard" allowVolumeExpansion: true --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: cvs-extra-protection provisioner: netapp.io/trident parameters: selector: "protection=extra" allowVolumeExpansion: true
What's next?
After you create the backend configuration file, run the following command:
tridentctl create backend -f <backend-file>
If the backend creation fails, something is wrong with the backend configuration. You can view the logs to determine the cause by running the following command:
tridentctl logs
After you identify and correct the problem with the configuration file, you can run the create command again.