FSx for ONTAP configuration options and examples
Learn about backend configuration options for Amazon FSx for ONTAP. This section provides backend configuration examples.
Backend configuration options
See the following table for the backend configuration options:
Parameter | Description | Example |
---|---|---|
|
Always 1 |
|
|
Name of the storage driver |
|
|
Custom name or the storage backend |
Driver name + “_” + dataLIF |
|
IP address of a cluster or SVM management LIF |
“10.0.0.1”, “[2001:1234:abcd::fefe]” |
|
IP address of protocol LIF. |
|
|
Enable automatic export policy creation and updating [Boolean]. |
|
|
List of CIDRs to filter Kubernetes' node IPs against when |
"[“0.0.0.0/0”, “::/0”]" |
|
Set of arbitrary JSON-formatted labels to apply on volumes |
"" |
|
Base64-encoded value of client certificate. Used for certificate-based auth |
"" |
|
Base64-encoded value of client private key. Used for certificate-based auth |
"" |
|
Base64-encoded value of trusted CA certificate. Optional. Used for certificate-based authentication. |
"" |
|
Username to connect to the cluster or SVM. Used for credential-based authentication. For example, vsadmin. |
|
|
Password to connect to the cluster or SVM. Used for credential-based authentication. |
|
|
Storage virtual machine to use |
Derived if an SVM managementLIF is specified. |
|
Prefix used when provisioning new volumes in the SVM. |
|
|
Do not specify for Amazon FSx for NetApp ONTAP. |
Do not use. |
|
Fail provisioning if requested volume size is above this value. |
“” (not enforced by default) |
|
Maximum LUNs per Flexvol, must be in range [50, 200]. |
|
|
Debug flags to use when troubleshooting. Example, {“api”:false, “method”:true} |
null |
|
Comma-separated list of NFS mount options. |
"" |
|
Configure NFS or SMB volumes creation. |
|
|
Maximum Qtrees per FlexVol, must be in range [50, 300] |
|
|
You can specify one of the following: the name of an SMB share created using the Microsoft Management Console or ONTAP CLI or a name to allow Astra Trident to create the SMB share. |
|
|
Boolean parameter to use ONTAP REST APIs. Tech preview |
|
Update dataLIF
after initial configuration
You can change the data LIF after initial configuration by running the following command to provide the new backend JSON file with updated data LIF.
tridentctl update backend <backend-name> -f <path-to-backend-json-file-with-updated-dataLIF>
If PVCs are attached to one or multiple pods, you must bring down all corresponding pods and then bring them back up in order to for the new data LIF to take effect. |
Backend configuration options for provisioning volumes
You can control default provisioning using these options in the defaults
section of the configuration. For an example, see the configuration examples below.
Parameter | Description | Default |
---|---|---|
|
Space-allocation for LUNs |
|
|
Space reservation mode; “none” (thin) or “volume” (thick) |
|
|
Snapshot policy to use |
|
|
QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool or backend. |
“” |
|
Adaptive QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool or backend. |
“” |
|
Percentage of volume reserved for snapshots “0” |
If |
|
Split a clone from its parent upon creation |
|
|
Enable NetApp Volume Encryption (NVE) on the new volume; defaults to |
|
|
Enable LUKS encryption. Refer to Use Linux Unified Key Setup (LUKS). |
"" |
|
Tiering policy to use |
|
|
Mode for new volumes. |
“" |
|
Security style for new volumes. |
NFS default is |
Example
Using nasType
, node-stage-secret-name
, and node-stage-secret-namespace
, you can specify an SMB volume and provide the required Active Directory credentials. SMB volumes are supported using the ontap-nas
driver only.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nas-smb-sc provisioner: csi.trident.netapp.io parameters: backendType: "ontap-nas" trident.netapp.io/nasType: "smb" csi.storage.k8s.io/node-stage-secret-name: "smbcreds" csi.storage.k8s.io/node-stage-secret-namespace: "default"