Move between backend management options
Suggest changes
PDFs
Learn about the different ways of managing backends in Astra Trident.
Options for managing backends
With the introduction of TridentBackendConfig, administrators now have two unique ways of managing backends. This poses the following questions:
-
Can backends created using
tridentctlbe managed withTridentBackendConfig? -
Can backends created using
TridentBackendConfigbe managed usingtridentctl?
Manage tridentctl backends using TridentBackendConfig
This section covers the steps required to manage backends that were created using tridentctl directly through the Kubernetes interface by creating TridentBackendConfig objects.
This will apply to the following scenarios:
-
Pre-existing backends, that don't have a
TridentBackendConfigbecause they were created withtridentctl. -
New backends that were created with
tridentctl, while otherTridentBackendConfigobjects exist.
In both scenarios, backends will continue to be present, with Astra Trident scheduling volumes and operating on them. Administrators have one of two choices here:
-
Continue using
tridentctlto manage backends that were created using it. -
Bind backends created using
tridentctlto a newTridentBackendConfigobject. Doing so would mean the backends will be managed usingkubectland nottridentctl.
To manage a pre-existing backend using kubectl, you will need to create a TridentBackendConfig that binds to the existing backend. Here is an overview of how that works:
-
Create a Kubernetes Secret. The secret contains the credentials Astra Trident needs to communicate with the storage cluster/service.
-
Create a
TridentBackendConfigobject. This contains specifics about the storage cluster/service and references the secret created in the previous step. Care must be taken to specify identical config parameters (such asspec.backendName,spec.storagePrefix,spec.storageDriverName, and so on).spec.backendNamemust be set to the name of the existing backend.
Step 0: Identify the backend
To create a TridentBackendConfig that binds to an existing backend, you will need to obtain the backend configuration. In this example, let us assume a backend was created using the following JSON definition:
tridentctl get backend ontap-nas-backend -n trident
+---------------------+----------------+--------------------------------------+--------+---------+
| NAME | STORAGE DRIVER | UUID | STATE | VOLUMES |
+---------------------+----------------+--------------------------------------+--------+---------+
| ontap-nas-backend | ontap-nas | 52f2eb10-e4c6-4160-99fc-96b3be5ab5d7 | online | 25 |
+---------------------+----------------+--------------------------------------+--------+---------+
cat ontap-nas-backend.json
{
"version": 1,
"storageDriverName": "ontap-nas",
"managementLIF": "10.10.10.1",
"dataLIF": "10.10.10.2",
"backendName": "ontap-nas-backend",
"svm": "trident_svm",
"username": "cluster-admin",
"password": "admin-password",
"defaults": {
"spaceReserve": "none",
"encryption": "false"
},
"labels":{"store":"nas_store"},
"region": "us_east_1",
"storage": [
{
"labels":{"app":"msoffice", "cost":"100"},
"zone":"us_east_1a",
"defaults": {
"spaceReserve": "volume",
"encryption": "true",
"unixPermissions": "0755"
}
},
{
"labels":{"app":"mysqldb", "cost":"25"},
"zone":"us_east_1d",
"defaults": {
"spaceReserve": "volume",
"encryption": "false",
"unixPermissions": "0775"
}
}
]
}
Step 1: Create a Kubernetes Secret
Create a Secret that contains the credentials for the backend, as shown in this example:
cat tbc-ontap-nas-backend-secret.yaml apiVersion: v1 kind: Secret metadata: name: ontap-nas-backend-secret type: Opaque stringData: username: cluster-admin password: admin-password kubectl create -f tbc-ontap-nas-backend-secret.yaml -n trident secret/backend-tbc-ontap-san-secret created
Step 2: Create a TridentBackendConfig CR
The next step is to create a TridentBackendConfig CR that will automatically bind to the pre-existing ontap-nas-backend (as in this example). Ensure the following requirements are met:
-
The same backend name is defined in
spec.backendName. -
Configuration parameters are identical to the original backend.
-
Virtual pools (if present) must retain the same order as in the original backend.
-
Credentials are provided through a Kubernetes Secret and not in plain text.
In this case, the TridentBackendConfig will look like this:
cat backend-tbc-ontap-nas.yaml
apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
name: tbc-ontap-nas-backend
spec:
version: 1
storageDriverName: ontap-nas
managementLIF: 10.10.10.1
dataLIF: 10.10.10.2
backendName: ontap-nas-backend
svm: trident_svm
credentials:
name: mysecret
defaults:
spaceReserve: none
encryption: 'false'
labels:
store: nas_store
region: us_east_1
storage:
- labels:
app: msoffice
cost: '100'
zone: us_east_1a
defaults:
spaceReserve: volume
encryption: 'true'
unixPermissions: '0755'
- labels:
app: mysqldb
cost: '25'
zone: us_east_1d
defaults:
spaceReserve: volume
encryption: 'false'
unixPermissions: '0775'
kubectl create -f backend-tbc-ontap-nas.yaml -n trident
tridentbackendconfig.trident.netapp.io/tbc-ontap-nas-backend created
Step 3: Verify the status of the TridentBackendConfig CR
After the TridentBackendConfig has been created, its phase must be Bound. It should also reflect the same backend name and UUID as that of the existing backend.
kubectl get tbc tbc-ontap-nas-backend -n trident NAME BACKEND NAME BACKEND UUID PHASE STATUS tbc-ontap-nas-backend ontap-nas-backend 52f2eb10-e4c6-4160-99fc-96b3be5ab5d7 Bound Success #confirm that no new backends were created (i.e., TridentBackendConfig did not end up creating a new backend) tridentctl get backend -n trident +---------------------+----------------+--------------------------------------+--------+---------+ | NAME | STORAGE DRIVER | UUID | STATE | VOLUMES | +---------------------+----------------+--------------------------------------+--------+---------+ | ontap-nas-backend | ontap-nas | 52f2eb10-e4c6-4160-99fc-96b3be5ab5d7 | online | 25 | +---------------------+----------------+--------------------------------------+--------+---------+
The backend will now be completely managed using the tbc-ontap-nas-backend TridentBackendConfig object.
Manage TridentBackendConfig backends using tridentctl
tridentctl can be used to list backends that were created using TridentBackendConfig. In addition, administrators can also choose to completely manage such backends through tridentctl by deleting TridentBackendConfig and making sure spec.deletionPolicy is set to retain.
Step 0: Identify the backend
For example, let us assume the following backend was created using TridentBackendConfig:
kubectl get tbc backend-tbc-ontap-san -n trident -o wide NAME BACKEND NAME BACKEND UUID PHASE STATUS STORAGE DRIVER DELETION POLICY backend-tbc-ontap-san ontap-san-backend 81abcb27-ea63-49bb-b606-0a5315ac5f82 Bound Success ontap-san delete tridentctl get backend ontap-san-backend -n trident +-------------------+----------------+--------------------------------------+--------+---------+ | NAME | STORAGE DRIVER | UUID | STATE | VOLUMES | +-------------------+----------------+--------------------------------------+--------+---------+ | ontap-san-backend | ontap-san | 81abcb27-ea63-49bb-b606-0a5315ac5f82 | online | 33 | +-------------------+----------------+--------------------------------------+--------+---------+
From the output, it is seen that TridentBackendConfig was created successfully and is bound to a backend [observe the backend's UUID].
Step 1: Confirm deletionPolicy is set to retain
Let us take a look at the value of deletionPolicy. This needs to be set to retain. This will ensure that when a TridentBackendConfig CR is deleted, the backend definition will still be present and can be managed with tridentctl.
kubectl get tbc backend-tbc-ontap-san -n trident -o wide
NAME BACKEND NAME BACKEND UUID PHASE STATUS STORAGE DRIVER DELETION POLICY
backend-tbc-ontap-san ontap-san-backend 81abcb27-ea63-49bb-b606-0a5315ac5f82 Bound Success ontap-san delete
# Patch value of deletionPolicy to retain
kubectl patch tbc backend-tbc-ontap-san --type=merge -p '{"spec":{"deletionPolicy":"retain"}}' -n trident
tridentbackendconfig.trident.netapp.io/backend-tbc-ontap-san patched
#Confirm the value of deletionPolicy
kubectl get tbc backend-tbc-ontap-san -n trident -o wide
NAME BACKEND NAME BACKEND UUID PHASE STATUS STORAGE DRIVER DELETION POLICY
backend-tbc-ontap-san ontap-san-backend 81abcb27-ea63-49bb-b606-0a5315ac5f82 Bound Success ontap-san retain
|
Do not proceed to the next step unless deletionPolicy is set to retain.
|
Step 2: Delete the TridentBackendConfig CR
The final step is to delete the TridentBackendConfig CR. After confirming the deletionPolicy is set to retain, you can go ahead with the deletion:
kubectl delete tbc backend-tbc-ontap-san -n trident tridentbackendconfig.trident.netapp.io "backend-tbc-ontap-san" deleted tridentctl get backend ontap-san-backend -n trident +-------------------+----------------+--------------------------------------+--------+---------+ | NAME | STORAGE DRIVER | UUID | STATE | VOLUMES | +-------------------+----------------+--------------------------------------+--------+---------+ | ontap-san-backend | ontap-san | 81abcb27-ea63-49bb-b606-0a5315ac5f82 | online | 33 | +-------------------+----------------+--------------------------------------+--------+---------+
Upon the deletion of the TridentBackendConfig object, Astra Trident simply removes it without actually deleting the backend itself.