Use Astra Trident with Amazon FSx for NetApp ONTAP
Suggest changes
PDFs
Amazon FSx for NetApp ONTAP, is a fully managed AWS service that enables customers to launch and run file systems powered by NetApp’s ONTAP storage operating system. Amazon FSx for NetApp ONTAP enables you to leverage NetApp features, performance, and administrative capabilities you are familiar with, while taking advantage of the simplicity, agility, security, and scalability of storing data on AWS. FSx supports many of ONTAP’s file system features and administration APIs.
A file system is the primary resource in Amazon FSx, analogous to an ONTAP cluster on premises. Within each SVM you can create one or multiple volumes, which are data containers that store the files and folders in your file system. With Amazon FSx for NetApp ONTAP, Data ONTAP will be provided as a managed file system in the cloud. The new file system type is called NetApp ONTAP.
Using Astra Trident with Amazon FSx for NetApp ONTAP, you can ensure Kubernetes clusters running in Amazon Elastic Kubernetes Service (EKS) can provision block and file persistent volumes backed by ONTAP.
|
Creating your Amazon FSx for ONTAP file system
Volumes created on Amazon FSx filesystems that have automatic backups enabled cannot be deleted by Trident. To delete PVCs, you need to manually delete the PV and the FSx for ONTAP volume. To prevent this issue:
|
Learn about Astra Trident
If you are new to Astra Trident, familiarize yourself by using the links provided below:
Learn more about driver capabilities here.
Amazon FSx for NetApp ONTAP uses FabricPool to manage storage tiers. It enables you to store data in a tier, based on whether the data is frequently accessed.
Astra Trident expects to be run as a vsadmin SVM user or as a user with a different name that has the same role. Amazon FSx for NetApp ONTAP has an fsxadmin user that is a limited replacement of the ONTAP admin cluster user. It is not recommended to use the fsxadmin user, with Trident, as a vsadmin SVM user has access to more Astra Trident capabilities.
Drivers
You can integrate Astra Trident with Amazon FSx for NetApp ONTAP by using the following drivers:
-
ontap-san: Each PV provisioned is a LUN within its own Amazon FSx for NetApp ONTAP volume. -
ontap-san-economy: Each PV provisioned is a LUN with a configurable number of LUNs per Amazon FSx for NetApp ONTAP volume. -
ontap-nas: Each PV provisioned is a full Amazon FSx for NetApp ONTAP volume. -
ontap-nas-economy: Each PV provisioned is a qtree, with a configurable number of qtrees per Amazon FSx for NetApp ONTAP volume. -
ontap-nas-flexgroup: Each PV provisioned is a full Amazon FSx for NetApp ONTAP FlexGroup volume.
Authentication
Astra Trident offers two modes of authentication:
-
Certificate-based: Astra Trident will communicate with the SVM on your FSx file system using a certificate installed on your SVM.
-
Credential-based: You can use the
fsxadminuser for your file system or thevsadminuser configured for your SVM.
We strongly recommend using the vsadminuser instead of thefsxadminto configure your backend. Astra Trident will communicate with the FSx file system using this username and password.
You can update existing backends to move between credential-based and certificate-based methods. However, only one authentication method is supported at a time. To switch to a different authentication method, you must remove the existing method from the backend configuration.
|
|
If you attempt to provide both credentials and certificates, backend creation will fail with an error that more than one authentication method was provided in the configuration file. |
To learn more about authentication, see these links:
Deploy and configure Astra Trident on EKS with Amazon FSx for NetApp ONTAP
-
An existing Amazon EKS cluster or self-managed Kubernetes cluster with
kubectlinstalled. -
An existing Amazon FSx for NetApp ONTAP file system and storage virtual machine (SVM) that is reachable from your cluster’s worker nodes.
-
Worker nodes that are prepared for NFS and/or iSCSI.
Ensure that you follow the node preparation steps required for Amazon Linux and Ubuntu Amazon Machine Images (AMIs) depending on your EKS AMI type.
For other Astra Trident requirements, see here.
-
Deploy Astra Trident using one of the deployment methods.
-
Configure Astra Trident as follows:
-
Collect your SVM’s management LIF DNS name. For example, by using the AWS CLI, find the
DNSNameentry underEndpoints→Managementafter running the following command:aws fsx describe-storage-virtual-machines --region <file system region>
-
-
Create and install certificates for authentication. If you are using an
ontap-sanbackend, see here. If you are using anontap-nasbackend, see here.
You can log in to your file system (for example to install certificates) using SSH from anywhere that can reach your file system. Use the fsxadminuser, the password you configured when you created your file system, and the management DNS name fromaws fsx describe-file-systems. -
Create a backend file using your certificates and the DNS name of your management LIF, as shown in the sample below:
{ "version": 1, "storageDriverName": "ontap-san", "backendName": "customBackendName", "managementLIF": "svm-XXXXXXXXXXXXXXXXX.fs-XXXXXXXXXXXXXXXXX.fsx.us-east-2.aws.internal", "svm": "svm01", "clientCertificate": "ZXR0ZXJwYXB...ICMgJ3BhcGVyc2", "clientPrivateKey": "vciwKIyAgZG...0cnksIGRlc2NyaX", "trustedCACertificate": "zcyBbaG...b3Igb3duIGNsYXNz", }
For information about creating backends, see these links:
|
|
Do not specify dataLIF for the ontap-san and ontap-san-economy drivers to allow Astra Trident to use multipath.
|
|
|
The limitAggregateUsage parameter will not work with the vsadmin and fsxadmin user accounts. The configuration operation will fail if you specify this parameter.
|
After deployment, perform the steps to create a storage class, provision a volume, and mount the volume in a pod.