Skip to main content

Clone volumes across namespaces

Contributors netapp-aruldeepa

Using Trident, you can create new volumes using existing volumes or volumesnapshots from a different namespace inside the same Kubernetes cluster.

Prerequisites

Before cloning volumes, ensure that the source and destination backends are of the same type and have the same storage class.

Quick start

You can set up NFS volume cloning in just a few steps.

One Configure source PVC to clone the volume

The source namespace owner grants permission to access the data in the source PVC.

Two Grant permission to create a CR in the destination namespace

The cluster administrator grants permission to the owner of the destination namespace to create the TridentVolumeReference CR.

Three Create TridentVolumeReference in the destination namespace

The owner of the destination namespace creates the TridentVolumeReference CR to refer to the source PVC.

Four Create the clone PVC in the destination namespace

The owner of the destination namespace creates PVC to clone the PVC from the source namespace.

Configure the source and destination namespaces

To ensure security, cloning volumes across namespaces requires collaboration and action by the source namespace owner, cluster administrator, and destination namespace owner. The user role is designated in each step.

Steps

  1. Source namespace owner: Create the PVC (pvc1) in the source namespace (namespace1) that grants permission to share with the destination namespace (namespace2) using the cloneToNamespace annotation.

    kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc1
  namespace: namespace1
  annotations:
    trident.netapp.io/cloneToNamespace: namespace2
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: trident-csi
  resources:
    requests:
      storage: 100Gi

    Trident creates the PV and its backend NFS storage volume.

    Note

    • You can share the PVC to multiple namespaces using a comma-delimited list. For example, trident.netapp.io/cloneToNamespace: namespace2,namespace3,namespace4.

    • You can share to all namespaces using *. For example, trident.netapp.io/cloneToNamespace: *

    • You can update the PVC to include the cloneToNamespace annotation at any time.

  2. Cluster admin: Create the custom role and kubeconfig to grant permission to the destination namespace owner to create the TridentVolumeReference CR in the destination namespace(namespace2).

  3. Destination namespace owner: Create a TridentVolumeReference CR in the destination namespace that refers to the source namespace pvc1.

    apiVersion: trident.netapp.io/v1
kind: TridentVolumeReference
metadata:
  name: my-first-tvr
  namespace: namespace2
spec:
  pvcName: pvc1
  pvcNamespace: namespace1

  4. Destination namespace owner: Create a PVC (pvc2) in destination namespace (namespace2) using the cloneFromPVC or cloneFromSnapshot, and cloneFromNamespace annotations to designate the source PVC.

    kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  annotations:
    trident.netapp.io/cloneFromPVC: pvc1
    trident.netapp.io/cloneFromNamespace: namespace1
  name: pvc2
  namespace: namespace2
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: trident-csi
  resources:
    requests:
      storage: 100Gi

    == Limitations

    • For PVCs provisioned using ontap-nas-economy drivers, read-only clones are not supported.