Skip to main content

Configure Google Cloud NetApp Volumes for NAS workloads

Contributors netapp-aruldeepa joan-ing netapp-mwallis
PDFs

You can configure Google Cloud NetApp Volumes as a backend for Trident to provision file-based storage volumes. Trident can attach NFS and SMB volumes by using a Google Cloud NetApp Volumes backend.

Trident uses separate backends for NAS and SAN workloads in Google Cloud NetApp Volumes. The google-cloud-netapp-volumes backend supports file-based protocols only and cannot be used to provision iSCSI volumes.

To provision iSCSI block volumes, use the google-cloud-netapp-volumes-san backend, which is a separate backend type designed specifically for SAN workloads.

NAS volumes and iSCSI block volumes

Google Cloud NetApp Volumes supports both NAS and block storage, which differ in how applications access and manage data.

NAS volumes provide file-based storage and are accessed through standard file protocols such as NFS or SMB. Volumes are mounted as shared filesystems and support concurrent access from multiple pods or nodes.

iSCSI block volumes provide raw block storage and are accessed as block devices attached to Kubernetes nodes. Block storage is typically used when workloads require block-level access or application-managed I/O behavior.

This applies to the following environments:

  • Trident 26.02 and later

  • Google Kubernetes Engine (GKE)

  • Google Cloud NetApp Volumes NAS pools

  • NFS and SMB workloads

For block (iSCSI) workloads, see Configure block storage (iSCSI).

Google Cloud NetApp Volumes driver details

Trident provides the google-cloud-netapp-volumes driver to provision NAS storage from Google Cloud NetApp Volumes.

The driver supports the following access modes:

  • ReadWriteOnce (RWO)

  • ReadOnlyMany (ROX)

  • ReadWriteMany (RWX)

  • ReadWriteOncePod (RWOP)

Driver Protocol volumeMode Access modes supported File systems supported

google-cloud-netapp-volumes

NFS SMB

Filesystem

RWO, ROX, RWX, RWOP

nfs, smb

Cloud identity for Google Kubernetes Engine

Cloud identity enables Kubernetes workloads to access Google Cloud resources by authenticating as a workload identity instead of using static Google Cloud credentials.

To use cloud identity with Google Cloud NetApp Volumes, you must have:

  • A Kubernetes cluster deployed using Google Kubernetes Engine (GKE)

  • Workload identity enabled on the GKE cluster and the metadata server enabled on the node pools

  • A Google Cloud service account with the Google Cloud NetApp Volumes Admin role (roles/netapp.admin) or an equivalent custom role

  • Trident installed with the cloud provider set to GCP and the cloud identity annotation configured

Trident operator

To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to GCP and cloudIdentity to the GKE service account.

apiVersion: trident.netapp.io/v1
kind: TridentOrchestrator
metadata:
  name: trident
spec:
  namespace: trident
  cloudProvider: "GCP"
  cloudIdentity: "iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"
Helm

Set the cloud provider and cloud identity when installing Trident with Helm.

helm install trident trident-operator-100.6.0.tgz \
  --set cloudProvider=GCP \
  --set cloudIdentity="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"
tridentctl

Install Trident by specifying the cloud provider and cloud identity.

tridentctl install \
  --cloud-provider=GCP \
  --cloud-identity="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com" \
  -n trident

Configure a Trident NAS backend

apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
  name: gcnv-nas
  namespace: trident
spec:
  version: 1
  storageDriverName: google-cloud-netapp-volumes
  projectNumber: "<project-number>"
  location: "<region>"
  sdkTimeout: "600"
  storage:
  - labels:
      cloud: gcp
    network: "<vpc-network>"

Provision NAS volumes

NAS volumes are provisioned using the google-cloud-netapp-volumes backend and support NFS and SMB protocols.

StorageClass for NFS volumes

To provision NFS volumes, set nasType to nfs.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: gcnv-nfs
provisioner: csi.trident.netapp.io
parameters:
  backendType: "google-cloud-netapp-volumes"
  trident.netapp.io/nasType: "nfs"
allowVolumeExpansion: true

StorageClass for SMB volumes

Using nasType, csi.storage.k8s.io/node-stage-secret-name, and csi.storage.k8s.io/node-stage-secret-namespace, you can specify an SMB volume and provide the required Active Directory credentials.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: gcnv-smb
provisioner: csi.trident.netapp.io
parameters:
  backendType: "google-cloud-netapp-volumes"
  trident.netapp.io/nasType: "smb"
  csi.storage.k8s.io/node-stage-secret-name: "smbcreds"
  csi.storage.k8s.io/node-stage-secret-namespace: "default"
allowVolumeExpansion: true

PersistentVolumeClaim example (RWX)

NAS volumes support concurrent access and are commonly provisioned with ReadWriteMany.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gcnv-nas-rwx
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 100Gi
  storageClassName: gcnv-nfs

PersistentVolumeClaim example (RWO)

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gcnv-nas-rwo
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
  storageClassName: gcnv-nfs
Note NAS volumes use volumeMode: Filesystem.