Google Cloud NetApp Volumes backend configuration options and examples
Learn about NFS backend configuration options for Google Cloud NetApp Volumes and review configuration examples.
Backend configuration options
Each backend provisions volumes in a single Google Cloud region. To create volumes in other regions, you can define additional backends.
Parameter | Description | Default |
---|---|---|
|
Always 1 |
|
|
Name of the storage driver |
The value of |
|
(Optional) Custom name of the storage backend |
Driver name + "_" + part of API key |
|
Optional parameter used to specify storage pools for volume creation. |
|
|
Google Cloud account project number. The value is found on the Google Cloud portal home page. |
|
|
The Google Cloud location where Trident creates GCNV volumes. When creating cross-region Kubernetes clusters, volumes created in a |
|
|
API key for the Google Cloud service account with the |
|
|
Fine-grained control of NFS mount options. |
"nfsvers=3" |
|
Fail provisioning if the requested volume size is above this value. |
"" (not enforced by default) |
|
The service level of a storage pool and its volumes. |
|
|
Google Cloud network used for GCNV volumes. |
|
|
Debug flags to use when troubleshooting. Example, |
null |
|
Represents a list of regions and zones that are supported by this backend. |
Volume provisioning options
You can control default volume provisioning in the defaults
section of the configuration file.
Parameter | Description | Default |
---|---|---|
|
The export rules for new volumes. Must be a comma-separated list of any combination of IPv4 addresses. |
"0.0.0.0/0" |
|
Access to the |
"true" for NFSv4 |
|
Percentage of volume reserved for snapshots |
"" (accept default of 0) |
|
The unix permissions of new volumes (4 octal digits). |
"" |
Example configurations
The following examples show basic configurations that leave most parameters to default. This is the easiest way to define a backend.
Minimal configuration
This is the absolute minimum backend configuration. With this configuration, Trident discovers all of your storage pools delegated to Google Cloud NetApp Volumes in the configured location, and places new volumes on one of those pools randomly. Because nasType
is omitted, the nfs
default applies and the backend will provision for NFS volumes.
This configuration is ideal when you are just getting started with Google Cloud NetApp Volumes and trying things out, but in practice you will most likely need to provide additional scoping for the volumes you provision.
--- apiVersion: v1 kind: Secret metadata: name: backend-tbc-gcnv-secret type: Opaque stringData: private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec' private_key: | -----BEGIN PRIVATE KEY-----\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m\n XsYg6gyxy4zq7OlwWgLwGa==\n -----END PRIVATE KEY-----\n --- apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-gcnv spec: version: 1 storageDriverName: google-cloud-netapp-volumes projectNumber: '123455380079' location: europe-west6 serviceLevel: premium apiKey: type: service_account project_id: my-gcnv-project client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com client_id: '103346282737811234567' auth_uri: https://accounts.google.com/o/oauth2/auth token_uri: https://oauth2.googleapis.com/token auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com credentials: name: backend-tbc-gcnv-secret
Configuration with StoragePools filter
apiVersion: v1 kind: Secret metadata: name: backend-tbc-gcnv-secret type: Opaque stringData: private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec' private_key: | -----BEGIN PRIVATE KEY----- znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m XsYg6gyxy4zq7OlwWgLwGa== -----END PRIVATE KEY----- --- apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-gcnv spec: version: 1 storageDriverName: google-cloud-netapp-volumes projectNumber: '123455380079' location: europe-west6 serviceLevel: premium storagePools: - premium-pool1-europe-west6 - premium-pool2-europe-west6 apiKey: type: service_account project_id: my-gcnv-project client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com client_id: '103346282737811234567' auth_uri: https://accounts.google.com/o/oauth2/auth token_uri: https://oauth2.googleapis.com/token auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com credentials: name: backend-tbc-gcnv-secret
Virtual pool configuration
This backend configuration defines multiple virtual pools in a single file. Virtual pools are defined in the storage
section. They are useful when you have multiple storage pools supporting different service levels and you want to create storage classes in Kubernetes that represent those. Virtual pool labels are used to differentiate the pools. For instance, in the example below performance
label and serviceLevel
type is used to differentiate virtual pools.
You can also set some default values to be applicable to all virtual pools, and overwrite the default values for individual virtual pools. In the following example, snapshotReserve
and exportRule
serve as defaults for all virtual pools.
For more information, refer to Virtual pools.
--- apiVersion: v1 kind: Secret metadata: name: backend-tbc-gcnv-secret type: Opaque stringData: private_key_id: 'f2cb6ed6d7cc10c453f7d3406fc700c5df0ab9ec' private_key: | -----BEGIN PRIVATE KEY----- znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m znHczZsrrtHisIsAbOguSaPIKeyAZNchRAGzlzZE4jK3bl/qp8B4Kws8zX5ojY9m XsYg6gyxy4zq7OlwWgLwGa== -----END PRIVATE KEY----- --- apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-gcnv spec: version: 1 storageDriverName: google-cloud-netapp-volumes projectNumber: '123455380079' location: europe-west6 apiKey: type: service_account project_id: my-gcnv-project client_email: myproject-prod@my-gcnv-project.iam.gserviceaccount.com client_id: '103346282737811234567' auth_uri: https://accounts.google.com/o/oauth2/auth token_uri: https://oauth2.googleapis.com/token auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/myproject-prod%40my-gcnv-project.iam.gserviceaccount.com credentials: name: backend-tbc-gcnv-secret defaults: snapshotReserve: '10' exportRule: 10.0.0.0/24 storage: - labels: performance: extreme serviceLevel: extreme defaults: snapshotReserve: '5' exportRule: 0.0.0.0/0 - labels: performance: premium serviceLevel: premium - labels: performance: standard serviceLevel: standard
Cloud identity for GKE
apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-gcp-gcnv spec: version: 1 storageDriverName: google-cloud-netapp-volumes projectNumber: '012345678901' network: gcnv-network location: us-west2 serviceLevel: Premium storagePool: pool-premium1
Supported topologies configuration
Trident facilitates provisioning of volumes for workloads based on regions and availability zones. The supportedTopologies
block in this backend configuration is used to provide a list of regions and zones per backend. The region and zone values specified here must match the region and zone values from the labels on each Kubernetes cluster node. These regions and zones represent the list of permissible values that can be provided in a storage class. For storage classes that contain a subset of the regions and zones provided in a backend, Trident creates volumes in the mentioned region and zone.
For more information, refer to Use CSI Topology.
--- version: 1 storageDriverName: google-cloud-netapp-volumes subscriptionID: 9f87c765-4774-fake-ae98-a721add45451 tenantID: 68e4f836-edc1-fake-bff9-b2d865ee56cf clientID: dd043f63-bf8e-fake-8076-8de91e5713aa clientSecret: SECRET location: asia-east1 serviceLevel: flex supportedTopologies: - topology.kubernetes.io/region: asia-east1 topology.kubernetes.io/zone: asia-east1-a - topology.kubernetes.io/region: asia-east1 topology.kubernetes.io/zone: asia-east1-b
What's next?
After you create the backend configuration file, run the following command:
kubectl create -f <backend-file>
To verify that the backend is successfully created, run the following command:
kubectl get tridentbackendconfig NAME BACKEND NAME BACKEND UUID PHASE STATUS backend-tbc-gcnv backend-tbc-gcnv b2fd1ff9-b234-477e-88fd-713913294f65 Bound Success
If the backend creation fails, something is wrong with the backend configuration. You can describe the backend using the kubectl get tridentbackendconfig <backend-name>
command or view the logs to determine the cause by running the following command:
tridentctl logs
After you identify and correct the problem with the configuration file, you can delete the backend and run the create command again.
More examples
Storage class definition examples
The following is a basic StorageClass
definition that refers to the backend above.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: gcnv-nfs-sc provisioner: csi.trident.netapp.io parameters: backendType: "google-cloud-netapp-volumes"
Example definitions using the parameter.selector
field:
Using parameter.selector
you can specify for each StorageClass
the virtual pool that is used to host a volume. The volume will have the aspects defined in the chosen pool.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: extreme-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=extreme" backendType: "google-cloud-netapp-volumes" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: premium-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=premium" backendType: "google-cloud-netapp-volumes" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: standard-sc provisioner: csi.trident.netapp.io parameters: selector: "performance=standard" backendType: "google-cloud-netapp-volumes"
For more details on storage classes, refer to Create a storage class.
PVC definition example
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gcnv-nfs-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 100Gi storageClassName: gcnv-nfs-sc
To verify if the PVC is bound, run the following command:
kubectl get pvc gcnv-nfs-pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE gcnv-nfs-pvc Bound pvc-b00f2414-e229-40e6-9b16-ee03eb79a213 100Gi RWX gcnv-nfs-sc 1m