Skip to main content

Prepare the worker node

Contributors juliantap

All worker nodes in the Kubernetes cluster must be able to mount the volumes you have provisioned for your pods. To prepare the worker nodes, you must install NFS, iSCSI, or NVMe/TCP tools based on your driver selection.

Selecting the right tools

If you are using a combination of drivers, you should install all required tools for your drivers. Recent versions of RedHat CoreOS have the tools installed by default.

NFS tools

Install the NFS tools if you are using: ontap-nas, ontap-nas-economy, ontap-nas-flexgroup, azure-netapp-files, gcp-cvs.

iSCSI tools

Install the iSCSI tools if you are using: ontap-san, ontap-san-economy, solidfire-san.

NVMe tools

Install the NVMe tools if you are using ontap-san for nonvolatile memory express (NVMe) over TCP (NVMe/TCP) protocol.

Note We recommend ONTAP 9.12 or later for NVMe/TCP.

Node service discovery

Astra Trident attempts to automatically detect if the node can run iSCSI or NFS services.

Note Node service discovery identifies discovered services but does not guarantee services are properly configured. Conversely, the absence of a discovered service does not guarantee the volume mount will fail.
Review events

Astra Trident creates events for the node to identify the discovered services. To review these events, run:

kubectl get event -A --field-selector involvedObject.name=<Kubernetes node name>
Review discovered services

Astra Trident identifies services enabled for each node on the Trident node CR. To view the discovered services, run:

tridentctl get node -o wide -n <Trident namespace>

NFS volumes

Install the NFS tools using the commands for your operating system. Ensure the NFS service is started up during boot time.

RHEL 8+
sudo yum install -y nfs-utils
Ubuntu
sudo apt-get install -y nfs-common
Warning Reboot your worker nodes after installing the NFS tools to prevent failure when attaching volumes to containers.

iSCSI volumes

Astra Trident can automatically establish an iSCSI session, scan LUNs, and discover multipath devices, format them, and mount them to a pod.

iSCSI self-healing capabilities

For ONTAP systems, Astra Trident runs iSCSI self-healing every five minutes to:

  1. Identify the desired iSCSI session state and the current iSCSI session state.

  2. Compare the desired state to the current state to identify needed repairs. Astra Trident determines repair priorities and when to preempt repairs.

  3. Perform repairs required to return the current iSCSI session state to the desired iSCSI session state.

Note Logs of self-healing activity are located in the trident-main container on the respective Daemonset pod. To view logs, you must have set debug to "true" during Astra Trident installation.

Astra Trident iSCSI self-healing capabilities can help prevent:

  • Stale or unhealthy iSCSI sessions that could occur after a network connectivity issue. In the case of a stale session, Astra Trident waits seven minutes before logging out to reestablish the connection with a portal.

    Note For example, if CHAP secrets were rotated on the storage controller and the network loses connectivity, the old (stale) CHAP secrets could persist. Self-healing can recognize this and automatically reestablish the session to apply the updated CHAP secrets.
  • Missing iSCSI sessions

  • Missing LUNs

Install the iSCSI tools

Install the iSCSI tools using the commands for your operating system.

Before you begin
  • Each node in the Kubernetes cluster must have a unique IQN. This is a necessary prerequisite.

  • If using RHCOS version 4.5 or later, or other RHEL-compatible Linux distribution, with the solidfire-san driver and Element OS 12.5 or earlier, ensure that the CHAP authentication algorithm is set to MD5 in /etc/iscsi/iscsid.conf. Secure FIPS-compliant CHAP algorithms SHA1, SHA-256, and SHA3-256 are available with Element 12.7.

    sudo sed -i 's/^\(node.session.auth.chap_algs\).*/\1 = MD5/' /etc/iscsi/iscsid.conf
  • When using worker nodes that run RHEL/RedHat CoreOS with iSCSI PVs, specify the discard mountOption in the StorageClass to perform inline space reclamation. See RedHat documentation.

RHEL 8+
  1. Install the following system packages:

    sudo yum install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath
  2. Check that iscsi-initiator-utils version is 6.2.0.874-2.el7 or later:

    rpm -q iscsi-initiator-utils
  3. Set scanning to manual:

    sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
  4. Enable multipathing:

    sudo mpathconf --enable --with_multipathd y --find_multipaths n
    Note Ensure etc/multipath.conf contains find_multipaths no under defaults.
  5. Ensure that iscsid and multipathd are running:

    sudo systemctl enable --now iscsid multipathd
  6. Enable and start iscsi:

    sudo systemctl enable --now iscsi
Ubuntu
  1. Install the following system packages:

    sudo apt-get install -y open-iscsi lsscsi sg3-utils multipath-tools scsitools
  2. Check that open-iscsi version is 2.0.874-5ubuntu2.10 or later (for bionic) or 2.0.874-7.1ubuntu6.1 or later (for focal):

    dpkg -l open-iscsi
  3. Set scanning to manual:

    sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
  4. Enable multipathing:

    sudo tee /etc/multipath.conf <<-'EOF
    defaults {
        user_friendly_names yes
        find_multipaths no
    }
    EOF
    sudo systemctl enable --now multipath-tools.service
    sudo service multipath-tools restart
    Note Ensure etc/multipath.conf contains find_multipaths no under defaults.
  5. Ensure that open-iscsi and multipath-tools are enabled and running:

    sudo systemctl status multipath-tools
    sudo systemctl enable --now open-iscsi.service
    sudo systemctl status open-iscsi
    Note For Ubuntu 18.04, you must discover target ports with iscsiadm before starting open-iscsi for the iSCSI daemon to start. You can alternatively modify the iscsi service to start iscsid automatically.
Warning Reboot your worker nodes after installing the iSCSI tools to prevent failure when attaching volumes to containers.

NVMe/TCP volumes

Install the NVMe tools using the commands for your operating system.

Note
  • NVMe requires RHEL 9 or later.

  • If the kernel version of your Kubernetes node is too old or if the NVMe package is not available for your kernel version, you might have to update the kernel version of your node to one with the NVMe package.

RHEL 9
sudo yum install nvme-cli
sudo yum install linux-modules-extra-$(uname -r)
sudo modprobe nvme-tcp
Ubuntu
sudo apt install nvme-cli
sudo apt -y install linux-modules-extra-$(uname -r)
sudo modprobe nvme-tcp

Verify installation

After installation, verify that each node in the Kubernetes cluster has a unique NQN using the command:

cat /etc/nvme/hostnqn
Warning Astra Trident modifies the ctrl_device_tmo value to ensure NVMe doesn't give up on the path if it goes down. Do not change this setting.