Use advanced Trident protect restore settings

09/01/2025 Contributors

You can customize restore operations using advanced settings such as annotations, namespace settings, and storage options to meet your specific requirements.

Namespace annotations and labels during restore and failover operations

During restore and failover operations, labels and annotations in the destination namespace are made to match the labels and annotations in the source namespace. Labels or annotations from the source namespace that don't exist in the destination namespace are added, and any labels or annotations that already exist are overwritten to match the value from the source namespace. Labels or annotations that exist only on the destination namespace remain unchanged.

If you use Red Hat OpenShift, it's important to note the critical role of namespace annotations in OpenShift environments. Namespace annotations ensure that restored pods adhere to the appropriate permissions and security configurations defined by OpenShift security context constraints (SCCs) and can access volumes without permission issues. For more information, refer to the OpenShift security context constraints documentation.

You can prevent specific annotations in the destination namespace from being overwritten by setting the Kubernetes environment variable RESTORE_SKIP_NAMESPACE_ANNOTATIONS before you perform the restore or failover operation. For example:

helm upgrade trident-protect --set restoreSkipNamespaceAnnotations=<annotation_key_to_skip_1>,<annotation_key_to_skip_2> --reuse-values

When performing restore or failover operation, any namespace annotations and labels specified in restoreSkipNamespaceAnnotations and restoreSkipNamespaceLabels are excluded from the restore or failover operation. Ensure these settings are configured during the initial Helm installation. To learn more, refer to Configure additional Trident protect helm chart settings.

If you installed the source application using Helm with the --create-namespace flag, special treatment is given to the name label key. During the restore or failover process, Trident protect copies this label to the destination namespace, but updates the value to the destination namespace value if the value from source matches the source namespace. If this value doesn't match the source namespace it is copied to the destination namespace with no changes.

Example

The following example presents a source and destination namespace, each with different annotations and labels. You can see the state of the destination namespace before and after the operation, and how the annotations and labels are combined or overwritten in the destination namespace.

Before the restore or failover operation

The following table illustrates the state of the example source and destination namespaces before the restore or failover operation:

Namespace	Annotations	Labels
Namespace ns-1 (source)	annotation.one/key: "updatedvalue" annotation.two/key: "true"	environment=production compliance=hipaa name=ns-1
Namespace ns-2 (destination)	annotation.one/key: "true" annotation.three/key: "false"	role=database

Namespace

Annotations

Labels

Namespace ns-1 (source)

annotation.one/key: "updatedvalue"
annotation.two/key: "true"

environment=production
compliance=hipaa
name=ns-1

Namespace ns-2 (destination)

annotation.one/key: "true"
annotation.three/key: "false"

role=database

After the restore operation

The following table illustrates the state of the example destination namespace after the restore or failover operation. Some keys have been added, some have been overwritten, and the name label has been updated to match the destination namespace:

Namespace	Annotations	Labels
Namespace ns-2 (destination)	annotation.one/key: "updatedvalue" annotation.two/key: "true" annotation.three/key: "false"	name=ns-2 compliance=hipaa environment=production role=database

Namespace

Annotations

Labels

Namespace ns-2 (destination)

annotation.one/key: "updatedvalue"
annotation.two/key: "true"
annotation.three/key: "false"

name=ns-2
compliance=hipaa
environment=production
role=database

Supported fields

This section describes additional fields available for restore operations.

Storage class mapping

The spec.storageClassMapping attribute defines a mapping from a storage class present in the source application to a new storage class on the target cluster. You can use this when migrating applications between clusters with different storage classes or when changing the storage backend for BackupRestore operations.

Example:

storageClassMapping:
  - destination: "destinationStorageClass1"
    source: "sourceStorageClass1"
  - destination: "destinationStorageClass2"
    source: "sourceStorageClass2"

Supported annotations

This section lists the supported annotations for configuring various behaviors in the system. If an annotation is not explicitly set by the user, the system will use the default value.

Annotation	Type	Description	Default value
protect.trident.netapp.io/data-mover-timeout-sec	string	The maximum time (in seconds) allowed for data mover operation to be stalled.	"300"
protect.trident.netapp.io/kopia-content-cache-size-limit-mb	string	The maximum size limit (in megabytes) for the Kopia content cache.	"1000"

Annotation

Type

Description

Default value

protect.trident.netapp.io/data-mover-timeout-sec

string

The maximum time (in seconds) allowed for data mover operation to be stalled.

"300"

protect.trident.netapp.io/kopia-content-cache-size-limit-mb