Skip to main content

Install and configure Trident protect

Contributors netapp-mwallis netapp-shwetav netapp-aruldeepa
PDFs

If your environment meets the requirements for Trident protect, you can follow these steps to install Trident protect on your cluster. You can obtain Trident protect from NetApp, or install it from your own private registry. Installing from a private registry is helpful if your cluster cannot access the Internet.

Install Trident protect

Install Trident protect from NetApp
Steps

  1. Add the Trident Helm repository:

    helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart

  2. Use Helm to install Trident protect. Replace <name-of-cluster> with a cluster name, which will be assigned to the cluster and used to identify the cluster's backups and snapshots:

    helm install trident-protect netapp-trident-protect/trident-protect --set clusterName=<name-of-cluster> --version 100.2510.0 --create-namespace --namespace trident-protect

  3. Optionally, to enable debug logging (recommended for troubleshooting), use:

    helm install trident-protect netapp-trident-protect/trident-protect --set clusterName=<name-of-cluster> --set logLevel=debug --version 100.2510.0 --create-namespace --namespace trident-protect

    Debug logging helps NetApp support troubleshoot issues without requiring log level changes or problem reproduction.

Install Trident protect from a private registry

You can install Trident protect from a private image registry if your Kubernetes cluster is unable to access the Internet. In these examples, replace values in brackets with information from your environment:

Steps

  1. Pull the following images to your local machine, update the tags, and then push them to your private registry:

    docker.io/netapp/controller:25.10.0
docker.io/netapp/restic:25.10.0
docker.io/netapp/kopia:25.10.0
docker.io/netapp/kopiablockrestore:25.10.0
docker.io/netapp/trident-autosupport:25.10.0
docker.io/netapp/exechook:25.10.0
docker.io/netapp/resourcebackup:25.10.0
docker.io/netapp/resourcerestore:25.10.0
docker.io/netapp/resourcedelete:25.10.0
docker.io/netapp/trident-protect-utils:v1.0.0

    For example:

    docker pull docker.io/netapp/controller:25.10.0
    docker tag docker.io/netapp/controller:25.10.0 <private-registry-url>/controller:25.10.0
    docker push <private-registry-url>/controller:25.10.0
    Note To obtain the Helm chart, first download the Helm chart on a machine with internet access using helm pull trident-protect --version 100.2510.0 --repo https://netapp.github.io/trident-protect-helm-chart, then copy the resulting trident-protect-100.2510.0.tgz file to your offline environment and install using helm install trident-protect ./trident-protect-100.2510.0.tgz instead of the repository reference in the final step.

  2. Create the Trident protect system namespace:

    kubectl create ns trident-protect

  3. Log in to the registry:

    helm registry login <private-registry-url> -u <account-id> -p <api-token>

  4. Create a pull secret to use for private registry authentication:

    kubectl create secret docker-registry regcred --docker-username=<registry-username> --docker-password=<api-token> -n trident-protect --docker-server=<private-registry-url>

  5. Add the Trident Helm repository:

    helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart

  6. Create a file named protectValues.yaml. Ensure that it contains the following Trident protect settings:

    ---
imageRegistry: <private-registry-url>
imagePullSecrets:
  - name: regcred
    Note The imageRegistry and imagePullSecrets values apply to all component images including resourcebackup and resourcerestore. If you push images to a specific repository path within your registry (for example, example.com:443/my-repo), include the full path in the registry field. This will ensure that all images are pulled from <private-registry-url>/<image-name>:<tag>.

  7. Use Helm to install Trident protect. Replace <name_of_cluster> with a cluster name, which will be assigned to the cluster and used to identify the cluster's backups and snapshots:

    helm install trident-protect netapp-trident-protect/trident-protect --set clusterName=<name_of_cluster> --version 100.2510.0 --create-namespace --namespace trident-protect -f protectValues.yaml

  8. Optionally, to enable debug logging (recommended for troubleshooting), use:

    helm install trident-protect netapp-trident-protect/trident-protect --set clusterName=<name-of-cluster> --set logLevel=debug --version 100.2510.0 --create-namespace --namespace trident-protect -f protectValues.yaml

    Debug logging helps NetApp support troubleshoot issues without requiring log level changes or problem reproduction.

Note For additional Helm chart configuration options, including AutoSupport settings and namespace filtering, refer to Customize Trident protect installation.