Customize Trident operator installation
The Trident operator allows you to customize Astra Trident installation using the attributes in the TridentOrchestrator
spec. If you want to customize the installation beyond what TridentOrchestrator
arguments allow, consider using tridentctl
to generate custom YAML manifests to modify as needed.
Understanding controller pods and node pods
Astra Trident runs as a single controller pod, plus a node pod on each worker node in the cluster. The node pod must be running on any host where you want to potentially mount an Astra Trident volume.
Kubernetes node selectors and tolerations and taints are used to constrain a pod to run on a specific or preferred node. Using the`ControllerPlugin` and NodePlugin
, you can specify constraints and overrides.
-
The controller plugin handles volume provisioning and management, such as snapshots and resizing.
-
The node plugin handles attaching the storage to the node.
Configuration options
spec.namespace is specified in TridentOrchestrator to signify the namespace where Astra Trident is installed. This parameter cannot be updated after Astra Trident is installed. Attempting to do so causes the TridentOrchestrator status to change to Failed . Astra Trident is not intended to be migrated across namespaces.
|
This table details TridentOrchestrator
attributes.
Parameter | Description | Default |
---|---|---|
|
Namespace to install Astra Trident in |
|
|
Enable debugging for Astra Trident |
|
|
|
|
|
Setting to |
|
|
Set to |
|
|
Install Astra Trident over IPv6 |
false |
|
Timeout for Kubernetes operations |
|
|
Don't send autosupport bundles to NetApp |
|
|
The container image for Autosupport Telemetry |
|
|
The address/port of a proxy for sending Autosupport |
|
|
A flag used to uninstall Astra Trident |
|
|
Astra Trident logging format to be used [text,json] |
|
|
Astra Trident image to install |
|
|
Path to internal registry, of the format |
|
|
Path to the kubelet directory on the host |
|
|
A list of resources to delete to perform a complete removal of |
|
|
Secrets to pull images from an internal registry |
|
|
Sets the image pull policy for the the Trident operator. Valid values are: |
|
|
Additional node selectors for pods. Follows same format as |
No default; optional |
|
Overrides Kubernetes tolerations for pods. Follows the same format as |
No default; optional |
|
Additional node selectors for pods. Follows same format as |
No default; optional |
|
Overrides Kubernetes tolerations for pods. Follows the same format as |
No default; optional |
For more information on formatting pod parameters, see Assigning Pods to Nodes. |
Details about force detach
Force detach is available for ontap-san
and ontap-san-economy
only. Before enabling force detach, non-graceful node shutdown (NGNS) must be enabled on the Kubernetes cluster. For more information, refer to Kubernetes: Non Graceful node shutdown.
Because Astra Trident relies on Kubernetes NGNS, do not remove out-of-service taints from an unhealthy node until all non-tolerable workloads are rescheduled. Recklessly applying or removing the taint can jeopardize backend data protection.
|
When the Kubernetes cluster administrator has applied the node.kubernetes.io/out-of-service=nodeshutdown:NoExecute
taint to the node and enableForceDetach
is set to true
, Astra Trident will determine the node status and:
-
Cease backend I/O access for volumes mounted to that node.
-
Mark the Astra Trident node object as
dirty
(not safe for new publications).The Trident controller will reject new publish volume requests until the node is re-qualified (after having been marked as dirty
) by the Trident node pod. Any workloads scheduled with a mounted PVC (even after the cluster node is healthy and ready) will be not be accepted until Astra Trident can verify the nodeclean
(safe for new publications).
When node health is restored and the taint is removed, Astra Trident will:
-
Identify and clean stale published paths on the node.
-
If the node is in a
cleanable
state (the out-of-service taint has been removed and the node is inReady
state) and all stale, published paths are clean, Astra Trident will readmit the node asclean
and allow new published volumes to the node.
Sample configurations
You can use the attributes in Configuration options when defining TridentOrchestrator
to customize your installation.
Basic custom configuration
This is an example for a basic custom installation.
cat deploy/crds/tridentorchestrator_cr_imagepullsecrets.yaml apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullSecrets: - thisisasecret
Node selectors
This example installs Astra Trident with node selectors.
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident controllerPluginNodeSelector: nodetype: master nodePluginNodeSelector: storage: netapp
Windows worker nodes
This example installs Astra Trident on a Windows worker node.
cat deploy/crds/tridentorchestrator_cr.yaml apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident windows: true
Managed identities on an AKS cluster
This example installs Astra Trident to enable managed identities on an AKS cluster.
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident cloudProvider: "Azure"