Customize Trident protect installation
You can customize the default configuration of Trident protect to meet the specific requirements of your environment.
Specify Trident protect container resource limits
You can use a configuration file to specify resource limits for Trident protect containers after you install Trident protect. Setting resource limits enables you to control how much of the cluster's resources are consumed by Trident protect operations.
-
Create a file named
resourceLimits.yaml
. -
Populate the file with resource limit options for Trident protect containers according to the needs of your environment.
The following example configuration file shows the available settings and contains the default values for each resource limit:
-
Apply the values from the
resourceLimits.yaml
file:
Customize security context constraints
You can use a configuration file to modify OpenShift security context constraint (SCCs) for Trident protect containers after you install Trident protect. These constraints define security restrictions for pods in a Red Hat OpenShift cluster.
-
Create a file named
sccconfig.yaml
. -
Add the SCC option to the file and modify the parameters according to the needs of your environment.
The following example shows the default values of the parameters for the SCC option:
This table describes the parameters for the SCC option:
Parameter Description Default create
Determines whether an SCC resource can be created. An SCC resource will be created only if
scc.create
is set totrue
and the Helm installation process identifies an OpenShift environment. If not operating on OpenShift, or ifscc.create
is set tofalse
, no SCC resource will be created.true
name
Specifies the name of the SCC.
trident-protect-job
priority
Defines the priority of the SCC. SCCs with higher priority values are assessed before those with lower values.
1
-
Apply the values from the
sccconfig.yaml
file:This will replace the default values with those specified in the
sccconfig.yaml
file.
Configure NetApp AutoSupport connections for Trident protect
You can change the way Trident protect connects to NetApp Support to upload support bundles by configuring a proxy for the connection. You can configure the proxy to use either a secure or an insecure connection based on your needs.
-
Configure a secure proxy connection for Trident protect support bundle uploads:
-
Configure an insecure proxy connection for Trident protect support bundle uploads that skips TLS verification:
Restrict Trident protect pods to specific nodes
You can use the Kubernetes nodeSelector node selection constraint to control which of your nodes are eligible to run Trident protect pods, based on node labels. By default, Trident protect is restricted to nodes that are running Linux. You can further customize these constraints depending on your needs.
-
Create a file named
nodeSelectorConfig.yaml
. -
Add the nodeSelector option to the file and modify the file to add or change node labels to restrict according to the needs of your environment. For example, the following file contains the default OS restriction, but also targets a specific region and app name:
-
Apply the values from the
nodeSelectorConfig.yaml
file:This replaces the default restrictions with those you specified in the
nodeSelectorConfig.yaml
file.
Disable daily Trident protect AutoSupport bundle uploads
Optionally, you can disable the scheduled daily Trident protect AutoSupport support bundle uploads.
|
By default, Trident protect collects support information that helps with any NetApp support cases that you might open, including logs, metrics, and topology information about clusters and managed applications. Trident protect sends these support bundles to NetApp on a daily schedule. You can manually generate a support bundle at any time. |
-
Create a file named
autosupportconfig.yaml
. -
Add the AutoSupport option to the file and modify the parameters according to the needs of your environment.
The following example shows the default values of the parameters for the AutoSupport option:
When
autoSupport.enabled
is set tofalse
, daily uploads of AutoSupport support bundles are disabled. -
Apply the values from the
autosupportconfig.yaml
file: