Configure a Google Cloud NetApp Volumes backend
You can now configure Google Cloud NetApp Volumes as the backend for Trident. You can attach NFS volumes using a Google Cloud NetApp Volumes backend.
Google Cloud NetApp Volumes driver details
Trident provides the google-cloud-netapp-volumes
driver to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).
Driver | Protocol | volumeMode | Access modes supported | File systems supported |
---|---|---|---|---|
|
NFS |
Filesystem |
RWO, ROX, RWX, RWOP |
|
Cloud identity for GKE
Cloud identity enables Kubernetes pods to access Google Cloud resources by authenticating as a workload identity instead of by providing explicit Google Cloud credentials.
To take advantage of cloud identity in Google Cloud, you must have:
-
A Kubernetes cluster deployed using GKE.
-
Workload identity configured on the GKE cluster and GKE MetaData Server configured on the node pools.
-
A GCP Service account with the Google Cloud NetApp Volumes Admin (roles/netapp.admin) role or a custom role.
-
Trident installed that includes the cloudProvider to specify "GCP" and cloudIdentity specifying the new GCP service account. An example is given below.
Trident operatorTo install Trident using the Trident operator, edit
tridentorchestrator_cr.yaml
to setcloudProvider
to"GCP"
and setcloudIdentity
toiam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com
.For example:
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "GCP" cloudIdentity: 'iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com'
HelmSet the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:
export CP="GCP"
export ANNOTATION="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"
The following example installs Trident and sets
cloudProvider
to GCP using the environment variable$CP
and sets thecloudIdentity
using the environment variable$ANNOTATION
:helm install trident trident-operator-100.2406.0.tgz --set cloudProvider=$CP --set cloudIdentity="$ANNOTATION"
tridentctl
Set the values for cloud provider and cloud identity flags using the following environment variables:
export CP="GCP"
export ANNOTATION="iam.gke.io/gcp-service-account: cloudvolumes-admin-sa@mygcpproject.iam.gserviceaccount.com"
The following example installs Trident and sets the
cloud-provider
flag to$CP
, andcloud-identity
to$ANNOTATION
:tridentctl install --cloud-provider=$CP --cloud-identity="$ANNOTATION" -n trident