Customize Trident protect installation
Suggest changes
PDFs
You can customize the default configuration of Trident protect to meet the specific requirements of your environment.
Specify Trident protect container resource limits
You can use a configuration file to specify resource limits for Trident protect containers after you install Trident protect. Setting resource limits enables you to control how much of the cluster's resources are consumed by Trident protect operations.
-
Create a file named
resourceLimits.yaml. -
Populate the file with resource limit options for Trident protect containers according to the needs of your environment.
The following example configuration file shows the available settings and contains the default values for each resource limit:
--- jobResources: defaults: limits: cpu: 8000m memory: 10000Mi ephemeralStorage: "" requests: cpu: 100m memory: 100Mi ephemeralStorage: "" resticVolumeBackup: limits: cpu: "" memory: "" ephemeralStorage: "" requests: cpu: "" memory: "" ephemeralStorage: "" resticVolumeRestore: limits: cpu: "" memory: "" ephemeralStorage: "" requests: cpu: "" memory: "" ephemeralStorage: "" kopiaVolumeBackup: limits: cpu: "" memory: "" ephemeralStorage: "" requests: cpu: "" memory: "" ephemeralStorage: "" kopiaVolumeRestore: limits: cpu: "" memory: "" ephemeralStorage: "" requests: cpu: "" memory: "" ephemeralStorage: "" -
Apply the values from the
resourceLimits.yamlfile:helm upgrade trident-protect -n trident-protect netapp-trident-protect/trident-protect -f resourceLimits.yaml --reuse-values
Customize security context constraints
You can use a configuration file to modify OpenShift security context constraint (SCCs) for Trident protect containers after you install Trident protect. These constraints define security restrictions for pods in a Red Hat OpenShift cluster.
-
Create a file named
sccconfig.yaml. -
Add the SCC option to the file and modify the parameters according to the needs of your environment.
The following example shows the default values of the parameters for the SCC option:
scc: create: true name: trident-protect-job priority: 1This table describes the parameters for the SCC option:
Parameter Description Default create
Determines whether an SCC resource can be created. An SCC resource will be created only if
scc.createis set totrueand the Helm installation process identifies an OpenShift environment. If not operating on OpenShift, or ifscc.createis set tofalse, no SCC resource will be created.true
name
Specifies the name of the SCC.
trident-protect-job
priority
Defines the priority of the SCC. SCCs with higher priority values are assessed before those with lower values.
1
-
Apply the values from the
sccconfig.yamlfile:helm upgrade trident-protect netapp-trident-protect/trident-protect -f sccconfig.yaml --reuse-valuesThis will replace the default values with those specified in the
sccconfig.yamlfile.
Configure additional Trident protect helm chart settings
You can customize AutoSupport settings and namespace filtering to meet your specific requirements. The following table describes the available configuration parameters:
| Parameter | Type | Description |
|---|---|---|
autoSupport.proxy |
string |
Configures a proxy URL for NetApp AutoSupport connections. Use this to route support bundle uploads through a proxy server. Example: |
autoSupport.insecure |
boolean |
Skips TLS verification for AutoSupport proxy connections when set to |
autoSupport.enabled |
boolean |
Enables or disables daily Trident protect AutoSupport bundle uploads. When set to |
restoreSkipNamespaceAnnotations |
string |
Comma-separated list of namespace annotations to exclude from backup and restore operations. Allows you to filter namespaces based on annotations. |
restoreSkipNamespaceLabels |
string |
Comma-separated list of namespace labels to exclude from backup and restore operations. Allows you to filter namespaces based on labels. |
You can configure these options using either a YAML configuration file or command-line flags:
-
Create a configuration file and name it
values.yaml. -
In the file you created, add the configuration options you want to customize.
autoSupport: enabled: false proxy: http://my.proxy.url insecure: true restoreSkipNamespaceAnnotations: "annotation1,annotation2" restoreSkipNamespaceLabels: "label1,label2" -
After you populate the
values.yamlfile with the correct values, apply the configuration file:helm upgrade trident-protect -n trident-protect netapp-trident-protect/trident-protect -f values.yaml --reuse-values
-
Use the following command with the
--setflag to specify individual parameters:helm upgrade trident-protect -n trident-protect netapp-trident-protect/trident-protect \ --set autoSupport.enabled=false \ --set autoSupport.proxy=http://my.proxy.url \ --set restoreSkipNamespaceAnnotations="annotation1,annotation2" \ --set restoreSkipNamespaceLabels="label1,label2" \ --reuse-values
Restrict Trident protect pods to specific nodes
You can use the Kubernetes nodeSelector node selection constraint to control which of your nodes are eligible to run Trident protect pods, based on node labels. By default, Trident protect is restricted to nodes that are running Linux. You can further customize these constraints depending on your needs.
-
Create a file named
nodeSelectorConfig.yaml. -
Add the nodeSelector option to the file and modify the file to add or change node labels to restrict according to the needs of your environment. For example, the following file contains the default OS restriction, but also targets a specific region and app name:
nodeSelector: kubernetes.io/os: linux region: us-west app.kubernetes.io/name: mysql -
Apply the values from the
nodeSelectorConfig.yamlfile:helm upgrade trident-protect -n trident-protect netapp-trident-protect/trident-protect -f nodeSelectorConfig.yaml --reuse-valuesThis replaces the default restrictions with those you specified in the
nodeSelectorConfig.yamlfile.