Use Trident with Amazon FSx for NetApp ONTAP
Amazon FSx for NetApp ONTAP is a fully managed AWS service that enables customers to launch and run file systems powered by the NetApp ONTAP storage operating system. FSx for ONTAP enables you to leverage NetApp features, performance, and administrative capabilities you are familiar with, while taking advantage of the simplicity, agility, security, and scalability of storing data on AWS. FSx for ONTAP supports ONTAP file system features and administration APIs.
You can integrate your Amazon FSx for NetApp ONTAP file system with Trident to ensure Kubernetes clusters running in Amazon Elastic Kubernetes Service (EKS) can provision block and file persistent volumes backed by ONTAP.
A file system is the primary resource in Amazon FSx, analogous to an ONTAP cluster on premises. Within each SVM you can create one or multiple volumes, which are data containers that store the files and folders in your file system. With Amazon FSx for NetApp ONTAP, Data ONTAP will be provided as a managed file system in the cloud. The new file system type is called NetApp ONTAP.
Using Trident with Amazon FSx for NetApp ONTAP, you can ensure Kubernetes clusters running in Amazon Elastic Kubernetes Service (EKS) can provision block and file persistent volumes backed by ONTAP.
Requirements
In addition to Trident requirements, to integrate FSx for ONTAP with Trident, you need:
-
An existing Amazon EKS cluster or self-managed Kubernetes cluster with
kubectl
installed. -
An existing Amazon FSx for NetApp ONTAP file system and storage virtual machine (SVM) that is reachable from your cluster's worker nodes.
-
Worker nodes that are prepared for NFS or iSCSI.
Ensure you follow the node preparation steps required for Amazon Linux and Ubuntu Amazon Machine Images (AMIs) depending on your EKS AMI type.
Considerations
-
SMB volumes:
-
SMB volumes are supported using the
ontap-nas
driver only. -
SMB volumes are not supported with Trident EKS add-on.
-
Trident supports SMB volumes mounted to pods running on Windows nodes only. Refer to Prepare to provision SMB volumes for details.
-
-
Prior to Trident 24.02, volumes created on Amazon FSx file systems that have automatic backups enabled, could not be deleted by Trident. To prevent this issue in Trident 24.02 or later, specify the
fsxFilesystemID
, AWSapiRegion
, AWSapikey
, and AWSsecretKey
in the backend configuration file for AWS FSx for ONTAP.If you are specifying an IAM role to Trident, then you can omit specifying the apiRegion
,apiKey
, andsecretKey
fields to Trident explicitly. For more information, refer to FSx for ONTAP configuration options and examples.
Authentication
Trident offers two modes of authentication.
-
Credential-based(Recommended): Stores credentials securely in AWS Secrets Manager. You can use the
fsxadmin
user for your file system or thevsadmin
user configured for your SVM.Trident expects to be run as a vsadmin
SVM user or as a user with a different name that has the same role. Amazon FSx for NetApp ONTAP has anfsxadmin
user that is a limited replacement of the ONTAPadmin
cluster user. We strongly recommend usingvsadmin
with Trident. -
Certificate-based: Trident will communicate with the SVM on your FSx file system using a certificate installed on your SVM.
For details on enabling authentication, refer to the authentication for your driver type: