ONTAP NAS configuration options and examples
Learn to create and use ONTAP NAS drivers with your Trident installation. This section provides backend configuration examples and details for mapping backends to StorageClasses.
Backend configuration options
See the following table for the backend configuration options:
Parameter | Description | Default | ||
---|---|---|---|---|
|
Always 1 |
|||
|
Name of the storage driver |
"ontap-nas", "ontap-nas-economy", "ontap-nas-flexgroup", "ontap-san", "ontap-san-economy" |
||
|
Custom name or the storage backend |
Driver name + "_" + dataLIF |
||
|
IP address of a cluster or SVM management LIF |
“10.0.0.1”, “[2001:1234:abcd::fefe]” |
||
|
IP address of protocol LIF. |
Specified address or derived from SVM, if not specified (not recommended) |
||
|
Storage virtual machine to use |
Derived if an SVM |
||
|
Enable automatic export policy creation and updating [Boolean]. |
false |
||
|
List of CIDRs to filter Kubernetes' node IPs against when |
["0.0.0.0/0", "::/0"]` |
||
|
Set of arbitrary JSON-formatted labels to apply on volumes |
"" |
||
|
Base64-encoded value of client certificate. Used for certificate-based auth |
"" |
||
|
Base64-encoded value of client private key. Used for certificate-based auth |
"" |
||
|
Base64-encoded value of trusted CA certificate. Optional. Used for certificate-based auth |
"" |
||
|
Username to connect to the cluster/SVM. Used for credential-based auth |
|||
|
Password to connect to the cluster/SVM. Used for credential-based auth |
|||
|
Prefix used when provisioning new volumes in the SVM. Cannot be updated after you set it
|
"trident" |
||
|
Aggregate for provisioning (optional; if set, must be assigned to the SVM). For the
|
"" |
||
|
Fail provisioning if usage is above this percentage. |
"" (not enforced by default) |
||
flexgroupAggregateList |
List of aggregates for provisioning (optional; if set, must be assigned to the SVM). All aggregates assigned to the SVM are used to provision a FlexGroup volume. Supported for the ontap-nas-flexgroup storage driver.
|
"" |
||
|
Fail provisioning if requested volume size is above this value. |
"" (not enforced by default) |
||
|
Debug flags to use when troubleshooting. Example, {"api":false, "method":true} |
null |
||
|
Configure NFS or SMB volumes creation. |
|
||
|
Comma-separated list of NFS mount options. |
"" |
||
|
Maximum Qtrees per FlexVol, must be in range [50, 300] |
"200" |
||
|
You can specify one of the following: the name of an SMB share created using the Microsoft Management Console or ONTAP CLI; a name to allow Trident to create the SMB share; or you can leave the parameter blank to prevent common share access to volumes. |
|
||
|
Boolean parameter to use ONTAP REST APIs. |
|
||
|
Maximum requestable FlexVol size when using Qtrees in ontap-nas-economy backend. |
"" (not enforced by default) |
||
|
Restricts |
Backend configuration options for provisioning volumes
You can control default provisioning using these options in the defaults
section of the configuration. For an example, see the configuration examples below.
Parameter | Description | Default |
---|---|---|
|
Space-allocation for Qtrees |
"true" |
|
Space reservation mode; "none" (thin) or "volume" (thick) |
"none" |
|
Snapshot policy to use |
"none" |
|
QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool/backend |
"" |
|
Adaptive QoS policy group to assign for volumes created. Choose one of qosPolicy or adaptiveQosPolicy per storage pool/backend. |
"" |
|
Percentage of volume reserved for snapshots |
"0" if |
|
Split a clone from its parent upon creation |
"false" |
|
Enable NetApp Volume Encryption (NVE) on the new volume; defaults to |
"false" |
|
Tiering policy to use "none" |
"snapshot-only" for pre-ONTAP 9.5 SVM-DR configuration |
|
Mode for new volumes |
"777" for NFS volumes; empty (not applicable) for SMB volumes |
|
Controls access to the |
"true" for NFSv4 |
|
Export policy to use |
"default" |
|
Security style for new volumes. |
NFS default is |
|
Template to create custom volume names. |
"" |
Using QoS policy groups with Trident requires ONTAP 9.8 or later. You should use a non-shared QoS policy group and ensure the policy group is applied to each constituent individually. A shared QoS policy group enforces the ceiling for the total throughput of all workloads. |
Volume provisioning examples
Here's an example with defaults defined:
--- version: 1 storageDriverName: ontap-nas backendName: customBackendName managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 labels: k8scluster: dev1 backend: dev1-nasbackend svm: trident_svm username: cluster-admin password: <password> limitAggregateUsage: 80% limitVolumeSize: 50Gi nfsMountOptions: nfsvers=4 debugTraceFlags: api: false method: true defaults: spaceReserve: volume qosPolicy: premium exportPolicy: myk8scluster snapshotPolicy: default snapshotReserve: '10'
For ontap-nas
and ontap-nas-flexgroups
, Trident now uses a new calculation to ensure that the FlexVol is sized correctly with the snapshotReserve percentage and PVC. When the user requests a PVC, Trident creates the original FlexVol with more space by using the new calculation. This calculation ensures that the user receives the writable space they requested for in the PVC, and not lesser space than what they requested. Before v21.07, when the user requests a PVC (for example, 5GiB), with the snapshotReserve to 50 percent, they get only 2.5GiB of writeable space. This is because what the user requested for is the whole volume and snapshotReserve
is a percentage of that. With Trident 21.07, what the user requests for is the writeable space and Trident defines the snapshotReserve
number as the percentage of the whole volume. This does not apply to ontap-nas-economy
. See the following example to see how this works:
The calculation is as follows:
Total volume size = (PVC requested size) / (1 - (snapshotReserve percentage) / 100)
For snapshotReserve = 50%, and PVC request = 5GiB, the total volume size is 2/.5 = 10GiB and the available size is 5GiB, which is what the user requested in the PVC request. The volume show
command should show results similar to this example:
Existing backends from previous installs will provision volumes as explained above when upgrading Trident. For volumes that you created before upgrading, you should resize their volumes for the change to be observed. For example, a 2GiB PVC with snapshotReserve=50
earlier resulted in a volume that provides 1GiB of writable space. Resizing the volume to 3GiB, for example, provides the application with 3GiB of writable space on a 6 GiB volume.
Minimal configuration examples
The following examples show basic configurations that leave most parameters to default. This is the easiest way to define a backend.
If you are using Amazon FSx on NetApp ONTAP with Trident, the recommendation is to specify DNS names for LIFs instead of IP addresses. |
ONTAP NAS economy example
--- version: 1 storageDriverName: ontap-nas-economy managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs username: vsadmin password: password
ONTAP NAS Flexgroup example
--- version: 1 storageDriverName: ontap-nas-flexgroup managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs username: vsadmin password: password
MetroCluster example
You can configure the backend to avoid having to manually update the backend definition after switchover and switchback during SVM replication and recovery.
For seamless switchover and switchback, specify the SVM using managementLIF
and omit the dataLIF
and svm
parameters. For example:
--- version: 1 storageDriverName: ontap-nas managementLIF: 192.168.1.66 username: vsadmin password: password
SMB volumes example
--- version: 1 backendName: ExampleBackend storageDriverName: ontap-nas managementLIF: 10.0.0.1 nasType: smb securityStyle: ntfs unixPermissions: "" dataLIF: 10.0.0.2 svm: svm_nfs username: vsadmin password: password
Certificate-based authentication example
This is a minimal backend configuration example. clientCertificate
, clientPrivateKey
, and trustedCACertificate
(optional, if using trusted CA) are populated in backend.json
and take the base64-encoded values of the client certificate, private key, and trusted CA certificate, respectively.
--- version: 1 backendName: DefaultNASBackend storageDriverName: ontap-nas managementLIF: 10.0.0.1 dataLIF: 10.0.0.15 svm: nfs_svm clientCertificate: ZXR0ZXJwYXB...ICMgJ3BhcGVyc2 clientPrivateKey: vciwKIyAgZG...0cnksIGRlc2NyaX trustedCACertificate: zcyBbaG...b3Igb3duIGNsYXNz storagePrefix: myPrefix_
Auto export policy example
This example shows you how you can instruct Trident to use dynamic export policies to create and manage the export policy automatically. This works the same for the ontap-nas-economy
and ontap-nas-flexgroup
drivers.
--- version: 1 storageDriverName: ontap-nas managementLIF: 10.0.0.1 dataLIF: 10.0.0.2 svm: svm_nfs labels: k8scluster: test-cluster-east-1a backend: test1-nasbackend autoExportPolicy: true autoExportCIDRs: - 10.0.0.0/24 username: admin password: password nfsMountOptions: nfsvers=4
IPv6 addresses example
This example shows managementLIF
using an IPv6 address.
--- version: 1 storageDriverName: ontap-nas backendName: nas_ipv6_backend managementLIF: "[5c5d:5edf:8f:7657:bef8:109b:1b41:d491]" labels: k8scluster: test-cluster-east-1a backend: test1-ontap-ipv6 svm: nas_ipv6_svm username: vsadmin password: password
Amazon FSx for ONTAP using SMB volumes example
The smbShare
parameter is required for FSx for ONTAP using SMB volumes.
--- version: 1 backendName: SMBBackend storageDriverName: ontap-nas managementLIF: example.mgmt.fqdn.aws.com nasType: smb dataLIF: 10.0.0.15 svm: nfs_svm smbShare: smb-share clientCertificate: ZXR0ZXJwYXB...ICMgJ3BhcGVyc2 clientPrivateKey: vciwKIyAgZG...0cnksIGRlc2NyaX trustedCACertificate: zcyBbaG...b3Igb3duIGNsYXNz storagePrefix: myPrefix_
Backend configuration example with nameTemplate
--- version: 1 storageDriverName: ontap-nas backendName: ontap-nas-backend managementLIF: <ip address> svm: svm0 username: <admin> password: <password> defaults: { "nameTemplate": "{{.volume.Name}}_{{.labels.cluster}}_{{.volume.Namespace}}_{{.volume.RequestName}}" }, "labels": {"cluster": "ClusterA", "PVC": "{{.volume.Namespace}}_{{.volume.RequestName}}"}
Examples of backends with virtual pools
In the sample backend definition files shown below, specific defaults are set for all storage pools, such as spaceReserve
at none, spaceAllocation
at false, and encryption
at false. The virtual pools are defined in the storage section.
Trident sets provisioning labels in the "Comments" field. Comments are set on FlexVol for ontap-nas
or FlexGroup for ontap-nas-flexgroup
. Trident copies all labels present on a virtual pool to the storage volume at provisioning. For convenience, storage administrators can define labels per virtual pool and group volumes by label.
In these examples, some of the storage pools set their own spaceReserve
, spaceAllocation
, and encryption
values, and some pools override the default values.
ONTAP NAS example
--- version: 1 storageDriverName: ontap-nas managementLIF: 10.0.0.1 svm: svm_nfs username: admin password: <password> nfsMountOptions: nfsvers=4 defaults: spaceReserve: none encryption: 'false' qosPolicy: standard labels: store: nas_store k8scluster: prod-cluster-1 region: us_east_1 storage: - labels: app: msoffice cost: '100' zone: us_east_1a defaults: spaceReserve: volume encryption: 'true' unixPermissions: '0755' adaptiveQosPolicy: adaptive-premium - labels: app: slack cost: '75' zone: us_east_1b defaults: spaceReserve: none encryption: 'true' unixPermissions: '0755' - labels: department: legal creditpoints: '5000' zone: us_east_1b defaults: spaceReserve: none encryption: 'true' unixPermissions: '0755' - labels: app: wordpress cost: '50' zone: us_east_1c defaults: spaceReserve: none encryption: 'true' unixPermissions: '0775' - labels: app: mysqldb cost: '25' zone: us_east_1d defaults: spaceReserve: volume encryption: 'false' unixPermissions: '0775'
ONTAP NAS FlexGroup example
--- version: 1 storageDriverName: ontap-nas-flexgroup managementLIF: 10.0.0.1 svm: svm_nfs username: vsadmin password: <password> defaults: spaceReserve: none encryption: 'false' labels: store: flexgroup_store k8scluster: prod-cluster-1 region: us_east_1 storage: - labels: protection: gold creditpoints: '50000' zone: us_east_1a defaults: spaceReserve: volume encryption: 'true' unixPermissions: '0755' - labels: protection: gold creditpoints: '30000' zone: us_east_1b defaults: spaceReserve: none encryption: 'true' unixPermissions: '0755' - labels: protection: silver creditpoints: '20000' zone: us_east_1c defaults: spaceReserve: none encryption: 'true' unixPermissions: '0775' - labels: protection: bronze creditpoints: '10000' zone: us_east_1d defaults: spaceReserve: volume encryption: 'false' unixPermissions: '0775'
ONTAP NAS economy example
--- version: 1 storageDriverName: ontap-nas-economy managementLIF: 10.0.0.1 svm: svm_nfs username: vsadmin password: <password> defaults: spaceReserve: none encryption: 'false' labels: store: nas_economy_store region: us_east_1 storage: - labels: department: finance creditpoints: '6000' zone: us_east_1a defaults: spaceReserve: volume encryption: 'true' unixPermissions: '0755' - labels: protection: bronze creditpoints: '5000' zone: us_east_1b defaults: spaceReserve: none encryption: 'true' unixPermissions: '0755' - labels: department: engineering creditpoints: '3000' zone: us_east_1c defaults: spaceReserve: none encryption: 'true' unixPermissions: '0775' - labels: department: humanresource creditpoints: '2000' zone: us_east_1d defaults: spaceReserve: volume encryption: 'false' unixPermissions: '0775'
Map backends to StorageClasses
The following StorageClass definitions refer to Examples of backends with virtual pools. Using the parameters.selector
field, each StorageClass calls out which virtual pools can be used to host a volume. The volume will have the aspects defined in the chosen virtual pool.
-
The
protection-gold
StorageClass will map to the first and second virtual pool in theontap-nas-flexgroup
backend. These are the only pools offering gold level protection.apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-gold provisioner: csi.trident.netapp.io parameters: selector: "protection=gold" fsType: "ext4"
-
The
protection-not-gold
StorageClass will map to the third and fourth virtual pool in theontap-nas-flexgroup
backend. These are the only pools offering protection level other than gold.apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-not-gold provisioner: csi.trident.netapp.io parameters: selector: "protection!=gold" fsType: "ext4"
-
The
app-mysqldb
StorageClass will map to the fourth virtual pool in theontap-nas
backend. This is the only pool offering storage pool configuration for mysqldb type app.apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: app-mysqldb provisioner: csi.trident.netapp.io parameters: selector: "app=mysqldb" fsType: "ext4"
-
TThe
protection-silver-creditpoints-20k
StorageClass will map to the third virtual pool in theontap-nas-flexgroup
backend. This is the only pool offering silver-level protection and 20000 creditpoints.apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: protection-silver-creditpoints-20k provisioner: csi.trident.netapp.io parameters: selector: "protection=silver; creditpoints=20000" fsType: "ext4"
-
The
creditpoints-5k
StorageClass will map to the third virtual pool in theontap-nas
backend and the second virtual pool in theontap-nas-economy
backend. These are the only pool offerings with 5000 creditpoints.apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: creditpoints-5k provisioner: csi.trident.netapp.io parameters: selector: "creditpoints=5000" fsType: "ext4"
Trident will decide which virtual pool is selected and ensures the storage requirement is met.
Update dataLIF
after initial configuration
You can change the data LIF after initial configuration by running the following command to provide the new backend JSON file with updated data LIF.
tridentctl update backend <backend-name> -f <path-to-backend-json-file-with-updated-dataLIF>
If PVCs are attached to one or multiple pods, you must bring down all corresponding pods and then bring them back up in order to for the new data LIF to take effect. |