Work with snapshots
Suggest changes
PDFs
Kubernetes volume snapshots of Persistent Volumes (PVs) enable point-in-time copies of volumes. You can create a snapshot of a volume created using Trident, import a snapshot created outside of Trident, create a new volume from an existing snapshot, and recover volume data from snapshots.
Overview
Volume snapshot is supported by ontap-nas, ontap-nas-flexgroup, ontap-san, ontap-san-economy, solidfire-san, azure-netapp-files, and google-cloud-netapp-volumes drivers.
You must have an external snapshot controller and Custom Resource Definitions (CRDs) to work with snapshots. This is the responsibility of the Kubernetes orchestrator (for example: Kubeadm, GKE, OpenShift).
If your Kubernetes distribution does not include the snapshot controller and CRDs, refer to Deploy a volume snapshot controller.
|
Don't create a snapshot controller if creating on-demand volume snapshots in a GKE environment. GKE uses a built-in, hidden snapshot controller. |
Create a volume snapshot
-
Create a
VolumeSnapshotClass. For more information, refer to VolumeSnapshotClass.-
The
driverpoints to the Trident CSI driver. -
deletionPolicycan beDeleteorRetain. When set toRetain, the underlying physical snapshot on the storage cluster is retained even when theVolumeSnapshotobject is deleted.Examplecat snap-sc.yaml
apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: csi-snapclass driver: csi.trident.netapp.io deletionPolicy: Delete
-
-
Create a snapshot of an existing PVC.
Examples-
This example creates a snapshot of an existing PVC.
cat snap.yaml
apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: pvc1-snap spec: volumeSnapshotClassName: csi-snapclass source: persistentVolumeClaimName: pvc1 -
This example creates a volume snapshot object for a PVC named
pvc1and the name of the snapshot is set topvc1-snap. A VolumeSnapshot is analogous to a PVC and is associated with aVolumeSnapshotContentobject that represents the actual snapshot.kubectl create -f snap.yaml volumesnapshot.snapshot.storage.k8s.io/pvc1-snap created kubectl get volumesnapshots NAME AGE pvc1-snap 50s
-
You can identify the
VolumeSnapshotContentobject for thepvc1-snapVolumeSnapshot by describing it. TheSnapshot Content Nameidentifies the VolumeSnapshotContent object which serves this snapshot. TheReady To Useparameter indicates that the snapshot can be used to create a new PVC.kubectl describe volumesnapshots pvc1-snap Name: pvc1-snap Namespace: default ... Spec: Snapshot Class Name: pvc1-snap Snapshot Content Name: snapcontent-e8d8a0ca-9826-11e9-9807-525400f3f660 Source: API Group: Kind: PersistentVolumeClaim Name: pvc1 Status: Creation Time: 2019-06-26T15:27:29Z Ready To Use: true Restore Size: 3Gi ...
-
Create a PVC from a volume snapshot
You can use dataSource to create a PVC using a VolumeSnapshot named <pvc-name> as the source of the data. After the PVC is created, it can be attached to a pod and used just like any other PVC.
|
The PVC will be created in the same backend as the source volume. Refer to KB: Creating a PVC from a Trident PVC Snapshot cannot be created in an alternate backend. |
The following example creates the PVC using pvc1-snap as the data source.
cat pvc-from-snap.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-from-snap
spec:
accessModes:
- ReadWriteOnce
storageClassName: golden
resources:
requests:
storage: 3Gi
dataSource:
name: pvc1-snap
kind: VolumeSnapshot
apiGroup: snapshot.storage.k8s.ioImport a volume snapshot
Trident supports the Kubernetes pre-provisioned snapshot process to enable the cluster administrator to create a VolumeSnapshotContent object and import snapshots created outside of Trident.
Trident must have created or imported the snapshot's parent volume.
-
Cluster admin: Create a
VolumeSnapshotContentobject that references the backend snapshot. This initiates the snapshot workflow in Trident.-
Specify the name of the backend snapshot in
annotationsastrident.netapp.io/internalSnapshotName: <"backend-snapshot-name">. -
Specify
<name-of-parent-volume-in-trident>/<volume-snapshot-content-name>insnapshotHandle. This is the only information provided to Trident by the external snapshotter in theListSnapshotscall.
The <volumeSnapshotContentName>cannot always match the backend snapshot name due to CR naming constraints.ExampleThe following example creates a
VolumeSnapshotContentobject that references backend snapshotsnap-01.apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotContent metadata: name: import-snap-content annotations: trident.netapp.io/internalSnapshotName: "snap-01" # This is the name of the snapshot on the backend spec: deletionPolicy: Retain driver: csi.trident.netapp.io source: snapshotHandle: pvc-f71223b5-23b9-4235-bbfe-e269ac7b84b0/import-snap-content # <import PV name or source PV name>/<volume-snapshot-content-name> volumeSnapshotRef: name: import-snap namespace: default
-
-
Cluster admin: Create the
VolumeSnapshotCR that references theVolumeSnapshotContentobject. This requests access to use theVolumeSnapshotin a given namespace.ExampleThe following example creates a
VolumeSnapshotCR namedimport-snapthat references theVolumeSnapshotContentnamedimport-snap-content.apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: import-snap spec: # volumeSnapshotClassName: csi-snapclass (not required for pre-provisioned or imported snapshots) source: volumeSnapshotContentName: import-snap-content -
Internal processing (no action required): The external snapshotter recognizes the newly created
VolumeSnapshotContentand runs theListSnapshotscall. Trident creates theTridentSnapshot.-
The external snapshotter sets the
VolumeSnapshotContenttoreadyToUseand theVolumeSnapshottotrue. -
Trident returns
readyToUse=true.
-
-
Any user: Create a
PersistentVolumeClaimto reference the newVolumeSnapshot, where thespec.dataSource(orspec.dataSourceRef) name is theVolumeSnapshotname.ExampleThe following example creates a PVC referencing the
VolumeSnapshotnamedimport-snap.apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-from-snap spec: accessModes: - ReadWriteOnce storageClassName: simple-sc resources: requests: storage: 1Gi dataSource: name: import-snap kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io
Recover volume data using snapshots
The snapshot directory is hidden by default to facilitate maximum compatibility of volumes provisioned using the ontap-nas and ontap-nas-economy drivers. Enable the .snapshot directory to recover data from snapshots directly.
Use the volume snapshot restore ONTAP CLI to to restore a volume to a state recorded in a prior snapshot.
cluster1::*> volume snapshot restore -vserver vs0 -volume vol3 -snapshot vol3_snap_archive
|
|
When you restore a snapshot copy, the existing volume configuration is overwritten. Changes made to volume data after the snapshot copy was created are lost. |
In-place volume restoration from a snapshot
Trident provides rapid, in-place volume restoration from a snapshot using the TridentActionSnapshotRestore (TASR) CR. This CR functions as an imperative Kubernetes action and does not persist after the operation completes.
Trident supports snapshot restore on the ontap-san, ontap-san-economy, ontap-nas, ontap-nas-flexgroup, azure-netapp-files, google-cloud-netapp-volumes, and solidfire-san drivers.
You must have a bound PVC and available volume snapshot.
-
Verify the PVC status is bound.
kubectl get pvc -
Verify the volume snapshot is ready to use.
kubectl get vs
-
Create the TASR CR. This example creates a CR for PVC
pvc1and volume snapshotpvc1-snapshot.
The TASR CR must be in a namespace where the PVC & VS exist. cat tasr-pvc1-snapshot.yamlapiVersion: trident.netapp.io/v1 kind: TridentActionSnapshotRestore metadata: name: trident-snap namespace: trident spec: pvcName: pvc1 volumeSnapshotName: pvc1-snapshot -
Apply the CR to restore from the snapshot. This example restores from snapshot
pvc1.kubectl create -f tasr-pvc1-snapshot.yamltridentactionsnapshotrestore.trident.netapp.io/trident-snap created
Trident restores the data from the snapshot. You can verify the snapshot restore status:
kubectl get tasr -o yamlapiVersion: trident.netapp.io/v1
items:
- apiVersion: trident.netapp.io/v1
kind: TridentActionSnapshotRestore
metadata:
creationTimestamp: "2023-04-14T00:20:33Z"
generation: 3
name: trident-snap
namespace: trident
resourceVersion: "3453847"
uid: <uid>
spec:
pvcName: pvc1
volumeSnapshotName: pvc1-snapshot
status:
startTime: "2023-04-14T00:20:34Z"
completionTime: "2023-04-14T00:20:37Z"
state: Succeeded
kind: List
metadata:
resourceVersion: ""|
|
|
Delete a PV with associated snapshots
When deleting a Persistent Volume with associated snapshots, the corresponding Trident volume is updated to a "Deleting state". Remove the volume snapshots to delete the Trident volume.
Deploy a volume snapshot controller
If your Kubernetes distribution does not include the snapshot controller and CRDs, you can deploy them as follows.
-
Create volume snapshot CRDs.
cat snapshot-setup.sh
#!/bin/bash # Create volume snapshot CRDs kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-6.1/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-6.1/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-6.1/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -
Create the snapshot controller.
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-6.1/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yamlkubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-6.1/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
If necessary, open deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yamland updatenamespaceto your namespace.