Concepts
ONTAP NAS configuration options and examples
Suggest changes
PDFs
Learn about how to create and use ONTAP NAS drivers with your Astra Trident installation. This section provides backend configuration examples and details about how to map backends to StorageClasses.
Backend configuration options
See the following table for the backend configuration options:
| Parameter | Description | Default |
|---|---|---|
|
Always 1 |
|
|
Name of the storage driver |
“ontap-nas”, “ontap-nas-economy”, “ontap-nas-flexgroup”, “ontap-san”, “ontap-san-economy” |
|
Custom name or the storage backend |
Driver name + “_” + dataLIF |
|
IP address of a cluster or SVM management LIF |
“10.0.0.1”, “[2001:1234:abcd::fefe]” |
|
IP address of protocol LIF. |
Specified address or derived from SVM, if not specified (not recommended) |
|
Enable automatic export policy creation and updating [Boolean]. |
false |
|
List of CIDRs to filter Kubernetes’ node IPs against when |
[“0.0.0.0/0”, “::/0”]` |
|
Set of arbitrary JSON-formatted labels to apply on volumes |
“” |
|
Base64-encoded value of client certificate. Used for certificate-based auth |
“” |
|
Base64-encoded value of client private key. Used for certificate-based auth |
“” |
|
Base64-encoded value of trusted CA certificate. Optional. Used for certificate-based auth |
“” |
|
Username to connect to the cluster/SVM. Used for credential-based auth |
|
|
Password to connect to the cluster/SVM. Used for credential-based auth |
|
|
Storage virtual machine to use |
Derived if an SVM |
|
Prefix used when provisioning new volumes in the SVM. Cannot be updated after you set it |
“trident” |
|
Fail provisioning if usage is above this percentage. |
“” (not enforced by default) |
|
Fail provisioning if requested volume size is above this value. |
“” (not enforced by default) |
|
Fail provisioning if requested volume size is above this value. |
“” (not enforced by default) |
|
Maximum LUNs per Flexvol, must be in range [50, 200] |
“100” |
|
Debug flags to use when troubleshooting. Example, {“api”:false, “method”:true} |
null |
|
Comma-separated list of NFS mount options. |
“” |
|
Maximum Qtrees per FlexVol, must be in range [50, 300] |
“200” |
|
Boolean parameter to use ONTAP REST APIs. Tech preview |
false |
Backend configuration options for provisioning volumes
You can control default provisioning using these options in the defaults section of the configuration. For an example, see the configuration examples below.
| Parameter | Description | Default |
|---|---|---|
|
Space-allocation for LUNs |
“true” |
|
Space reservation mode; “none” (thin) or “volume” (thick) |
“none” |
|
Snapshot policy to use |
“none” |
|
QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool/backend |
“” |
|
Adaptive QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool/backend. |
“” |
|
Percentage of volume reserved for snapshots “0” |
If |
|
Split a clone from its parent upon creation |
“false” |
|
Enable NetApp Volume Encryption (NVE) on the new volume; defaults to |
“false” |
|
Tiering policy to use “none” |
“snapshot-only” for pre-ONTAP 9.5 SVM-DR configuration |
|
Mode for new volumes |
“777” for NFS volumes; empty (not applicable) for SMB volumes |
|
Controls visibility of the |
“false” |
|
Export policy to use |
“default” |
|
Security style for new volumes. |
NFS default is |
|
Using QoS policy groups with Astra Trident requires ONTAP 9.8 or later. It is recommended to use a non-shared QoS policy group and ensure the policy group is applied to each constituent individually. A shared QoS policy group will enforce the ceiling for the total throughput of all workloads. |
Volume provisioning examples
Here's an example with defaults defined:
--- version: 1 storageDriverName: ontap-nas backendName: customBackendName managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 labels: k8scluster: dev1 backend: dev1-nasbackend svm: trident_svm username: cluster-admin password: password limitAggregateUsage: 80% limitVolumeSize: 50Gi nfsMountOptions: nfsvers=4 debugTraceFlags: api: false method: true defaults: spaceReserve: volume qosPolicy: premium exportPolicy: myk8scluster snapshotPolicy: default snapshotReserve: '10'
For ontap-nas and ontap-nas-flexgroups, Astra Trident now uses a new calculation to ensure that the FlexVol is sized correctly with the snapshotReserve percentage and PVC. When the user requests a PVC, Astra Trident creates the original FlexVol with more space by using the new calculation. This calculation ensures that the user receives the writable space they requested for in the PVC, and not lesser space than what they requested. Before v21.07, when the user requests a PVC (for example, 5GiB), with the snapshotReserve to 50 percent, they get only 2.5GiB of writeable space. This is because what the user requested for is the whole volume and snapshotReserve is a percentage of that. With Trident 21.07, what the user requests for is the writeable space and Astra Trident defines the snapshotReserve number as the percentage of the whole volume. This does not apply to ontap-nas-economy. See the following example to see how this works:
The calculation is as follows:
Total volume size = (PVC requested size) / (1 - (snapshotReserve percentage) / 100)
For snapshotReserve = 50%, and PVC request = 5GiB, the total volume size is 2/.5 = 10GiB and the available size is 5GiB, which is what the user requested in the PVC request. The volume show command should show results similar to this example:
Existing backends from previous installs will provision volumes as explained above when upgrading Astra Trident. For volumes that you created before upgrading, you should resize their volumes for the change to be observed. For example, a 2GiB PVC with snapshotReserve=50 earlier resulted in a volume that provides 1GiB of writable space. Resizing the volume to 3GiB, for example, provides the application with 3GiB of writable space on a 6 GiB volume.
Examples
Minimal configuration examples
The following examples show basic configurations that leave most parameters to default. This is the easiest way to define a backend.
|
|
If you are using Amazon FSx on NetApp ONTAP with Trident, the recommendation is to specify DNS names for LIFs instead of IP addresses. |
Default options on ontap-nas-economy
--- version: 1 storageDriverName: ontap-nas-economy managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs username: vsadmin password: password
Certificate-based authentication
This is a minimal backend configuration example. clientCertificate, clientPrivateKey, and trustedCACertificate (optional, if using trusted CA) are populated in backend.json and take the base64-encoded values of the client certificate, private key, and trusted CA certificate, respectively.
--- version: 1 backendName: DefaultNASBackend storageDriverName: ontap-nas managementLIF: 10.0.0.1 dataLIF: 10.0.0.15 svm: nfs_svm clientCertificate: ZXR0ZXJwYXB...ICMgJ3BhcGVyc2 clientPrivateKey: vciwKIyAgZG...0cnksIGRlc2NyaX trustedCACertificate: zcyBbaG...b3Igb3duIGNsYXNz storagePrefix: myPrefix_
Auto export policy
These examples show you how you can instruct Astra Trident to use dynamic export policies to create and manage the export policy automatically. This works the same for the ontap-nas-economy and ontap-nas-flexgroup drivers.
--- version: 1 storageDriverName: ontap-nas managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs labels: k8scluster: test-cluster-east-1a backend: test1-nasbackend autoExportPolicy: true autoExportCIDRs: - 10.0.0.0/24 username: admin password: password nfsMountOptions: nfsvers=4
ontap-nas-flexgroup driver--- version: 1 storageDriverName: ontap-nas-flexgroup managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 labels: k8scluster: test-cluster-east-1b backend: test1-ontap-cluster svm: svm_nfs username: vsadmin password: password
Using IPv6 addresses
This example shows managementLIF using an IPv6 address.
--- version: 1 storageDriverName: ontap-nas backendName: nas_ipv6_backend managementLIF: "[5c5d:5edf:8f:7657:bef8:109b:1b41:d491]" labels: k8scluster: test-cluster-east-1a backend: test1-ontap-ipv6 svm: nas_ipv6_svm username: vsadmin password: password
ontap-nas-economy driver
--- version: 1 storageDriverName: ontap-nas-economy managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs username: vsadmin password: password
ontap-nas driver for Amazon FSx for ONTAP using SMB volumes
--- version: 1 backendName: SMBBackend storageDriverName: ontap-nas managementLIF: example.mgmt.fqdn.aws.com nasType: smb dataLIF: 10.0.0.15 svm: nfs_svm clientCertificate: ZXR0ZXJwYXB...ICMgJ3BhcGVyc2 clientPrivateKey: vciwKIyAgZG...0cnksIGRlc2NyaX trustedCACertificate: zcyBbaG...b3Igb3duIGNsYXNz storagePrefix: myPrefix_
Examples of backends with virtual pools
In the sample backend definition file shown below, specific defaults are set for all storage pools, such as spaceReserve at none, spaceAllocation at false, and encryption at false. The virtual pools are defined in the storage section.
Astra Trident sets provisioning labels in the “Comments” field. Comments are set on FlexVol for ontap-nas or FlexGroup for ontap-nas-flexgroup. Astra Trident copies all labels present on a virtual pool to the storage volume at provisioning. For convenience, storage administrators can define labels per virtual pool and group volumes by label.
In this example, some of the storage pool sets their own spaceReserve, spaceAllocation, and encryption values, and some pools overwrite the default values set above.
ontap-nas driver
---
version: 1
storageDriverName: ontap-nas
managementLIF: 10.0.0.1
dataLIF: 10.0.0.2
svm: svm_nfs
username: admin
password: password
nfsMountOptions: nfsvers=4
defaults:
spaceReserve: none
encryption: 'false'
qosPolicy: standard
labels:
store: nas_store
k8scluster: prod-cluster-1
region: us_east_1
storage:
- labels:
app: msoffice
cost: '100'
zone: us_east_1a
defaults:
spaceReserve: volume
encryption: 'true'
unixPermissions: '0755'
adaptiveQosPolicy: adaptive-premium
- labels:
app: slack
cost: '75'
zone: us_east_1b
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0755'
- labels:
app: wordpress
cost: '50'
zone: us_east_1c
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0775'
- labels:
app: mysqldb
cost: '25'
zone: us_east_1d
defaults:
spaceReserve: volume
encryption: 'false'
unixPermissions: '0775'
ontap-nas-flexgroup driver
---
version: 1
storageDriverName: ontap-nas-flexgroup
managementLIF: 10.0.0.1
dataLIF: 10.0.0.2
svm: svm_nfs
username: vsadmin
password: password
defaults:
spaceReserve: none
encryption: 'false'
labels:
store: flexgroup_store
k8scluster: prod-cluster-1
region: us_east_1
storage:
- labels:
protection: gold
creditpoints: '50000'
zone: us_east_1a
defaults:
spaceReserve: volume
encryption: 'true'
unixPermissions: '0755'
- labels:
protection: gold
creditpoints: '30000'
zone: us_east_1b
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0755'
- labels:
protection: silver
creditpoints: '20000'
zone: us_east_1c
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0775'
- labels:
protection: bronze
creditpoints: '10000'
zone: us_east_1d
defaults:
spaceReserve: volume
encryption: 'false'
unixPermissions: '0775'
ontap-nas-economy driver
---
version: 1
storageDriverName: ontap-nas-economy
managementLIF: 10.0.0.1
dataLIF: 10.0.0.2
svm: svm_nfs
username: vsadmin
password: password
defaults:
spaceReserve: none
encryption: 'false'
labels:
store: nas_economy_store
region: us_east_1
storage:
- labels:
department: finance
creditpoints: '6000'
zone: us_east_1a
defaults:
spaceReserve: volume
encryption: 'true'
unixPermissions: '0755'
- labels:
department: legal
creditpoints: '5000'
zone: us_east_1b
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0755'
- labels:
department: engineering
creditpoints: '3000'
zone: us_east_1c
defaults:
spaceReserve: none
encryption: 'true'
unixPermissions: '0775'
- labels:
department: humanresource
creditpoints: '2000'
zone: us_east_1d
defaults:
spaceReserve: volume
encryption: 'false'
unixPermissions: '0775'
Update dataLIF after initial configuration
You can change the data LIF after initial configuration by running the following command to provide the new backend JSON file with updated data LIF.
tridentctl update backend <backend-name> -f <path-to-backend-json-file-with-updated-dataLIF>
|
|
If PVCs are attached to one or multiple pods, you must bring down all corresponding pods and then bring them back up in order to for the new data LIF to take effect. |
Map backends to StorageClasses
The following StorageClass definitions refer to the above virtual pools. Using the parameters.selector field, each StorageClass calls out which virtual pool(s) can be used to host a volume. The volume will have the aspects defined in the chosen virtual pool.
-
The first StorageClass (
protection-gold) will map to the first, second virtual pool in theontap-nas-flexgroupbackend and the first virtual pool in theontap-sanbackend. These are the only pool offering gold level protection. -
The second StorageClass (
protection-not-gold) will map to the third, fourth virtual pool inontap-nas-flexgroupbackend and the second, third virtual pool inontap-sanbackend. These are the only pools offering protection level other than gold. -
The third StorageClass (
app-mysqldb) will map to the fourth virtual pool inontap-nasbackend and the third virtual pool inontap-san-economybackend. These are the only pools offering storage pool configuration for mysqldb type app. -
The fourth StorageClass (
protection-silver-creditpoints-20k) will map to the third virtual pool inontap-nas-flexgroupbackend and the second virtual pool inontap-sanbackend. These are the only pools offering gold-level protection at 20000 creditpoints. -
The fifth StorageClass (
creditpoints-5k) will map to the second virtual pool inontap-nas-economybackend and the third virtual pool inontap-sanbackend. These are the only pool offerings at 5000 creditpoints.
Astra Trident will decide which virtual pool is selected and will ensure the storage requirement is met.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-gold provisioner: netapp.io/trident parameters: selector: "protection=gold" fsType: "ext4" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-not-gold provisioner: netapp.io/trident parameters: selector: "protection!=gold" fsType: "ext4" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: app-mysqldb provisioner: netapp.io/trident parameters: selector: "app=mysqldb" fsType: "ext4" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-silver-creditpoints-20k provisioner: netapp.io/trident parameters: selector: "protection=silver; creditpoints=20000" fsType: "ext4" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: creditpoints-5k provisioner: netapp.io/trident parameters: selector: "creditpoints=5000" fsType: "ext4"