Skip to main content

Configure a Google Cloud NetApp Volumes backend

Contributors netapp-aruldeepa

You can now configure Google Cloud NetApp Volumes as the backend for Trident. You can attach NFS volumes using a Google Cloud NetApp Volumes backend.

Google Cloud NetApp Volumes driver details

Trident provides the google-cloud-netapp-volumes driver to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).

Driver Protocol volumeMode Access modes supported File systems supported

google-cloud-netapp-volumes

NFS

Filesystem

RWO, ROX, RWX, RWOP

nfs

Cloud identity for GKE

Cloud identity enables Kubernetes pods to access Google Cloud resources by authenticating as a workload identity instead of by providing explicit Google Cloud credentials.

To take advantage of cloud identity in Google Cloud, you must have:

  • A Kubernetes cluster deployed using GKE.

  • Workload identity configured on the GKE cluster and GKE MetaData Server configured on the node pools.

  • A GCP Service account with the Google Cloud NetApp Volumes Admin (roles/netapp.admin) role or a custom role.

  • Trident installed that includes the cloudProvider to specify "GCP" and cloudIdentity specifying the new GCP service account. An example is given below.

    Trident operator

    To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to "GCP" and set cloudIdentity to iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com.

    For example:

    apiVersion: trident.netapp.io/v1
    kind: TridentOrchestrator
    metadata:
      name: trident
    spec:
      debug: true
      namespace: trident
      imagePullPolicy: IfNotPresent
      cloudProvider: "GCP"
      cloudIdentity: 'iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com'
    Helm

    Set the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:

    export CP="GCP"
    export ANNOTATION="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"

    The following example installs Trident and sets cloudProvider to GCP using the environment variable $CP and sets the cloudIdentity using the environment variable $ANNOTATION:

    helm install trident trident-operator-100.2406.0.tgz --set cloudProvider=$CP --set cloudIdentity="$ANNOTATION"
    tridentctl

    Set the values for cloud provider and cloud identity flags using the following environment variables:

    export CP="GCP"
    export ANNOTATION="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"

    The following example installs Trident and sets the cloud-provider flag to $CP, and cloud-identity to $ANNOTATION:

    tridentctl install --cloud-provider=$CP --cloud-identity="$ANNOTATION" -n trident