ONTAP SAN Backend Configuration¶
| Parameter | Description | Default |
|---|---|---|
| version | Always 1 | |
| storageDriverName | “ontap-nas”, “ontap-nas-economy”, “ontap-nas-flexgroup”, “ontap-san”, “ontap-san-economy” | |
| backendName | Custom name for the storage backend | Driver name + “_” + dataLIF |
| managementLIF | IP address of a cluster or SVM management LIF | “10.0.0.1”, “[2001:1234:abcd::fefe]” |
| dataLIF | IP address of protocol LIF. Use square brackets for IPv6. Once set this cannot be updated | Derived by the SVM unless specified |
| useCHAP | Use CHAP to authenticate iSCSI for ONTAP SAN drivers [Boolean] | false |
| chapInitiatorSecret | CHAP initiator secret. Required if useCHAP=true |
“” |
| labels | Set of arbitrary JSON-formatted labels to apply on volumes. | “” |
| chapTargetInitiatorSecret | CHAP target initiator secret. Required if useCHAP=true |
“” |
| chapUsername | Inbound username. Required if useCHAP=true |
“” |
| chapTargetUsername | Target username. Required if useCHAP=true |
“” |
| clientCertificate | Base64-encoded value of client certificate. Used for certificate-based auth. | “” |
| clientPrivateKey | Base64-encoded value of client private key. Used for certificate-based auth. | “” |
| trustedCACertificate | Base64-encoded value of trusted CA certificate. Optional. Used for certificate-based auth. | “” |
| username | Username to connect to the cluster/SVM. Used for credential-based auth. | |
| password | Password to connect to the cluster/SVM. Used for credential-based auth. | |
| svm | Storage virtual machine to use | Derived if an SVM managementLIF is specified |
| igroupName | Name of the igroup for SAN volumes to use | “trident” |
| username | Username to connect to the cluster/SVM | |
| password | Password to connect to the cluster/SVM | |
| storagePrefix | Prefix used when provisioning new volumes in the SVM. Once set this cannot be updated | “trident” |
| limitAggregateUsage | Fail provisioning if usage is above this percentage | “” (not enforced by default) |
| limitVolumeSize | Fail provisioning if requested volume size is above this value for the economy driver | “” (not enforced by default) |
| lunsPerFlexvol | Maximum LUNs per Flexvol, must be in range [50, 200] | “100” |
| debugTraceFlags | Debug flags to use when troubleshooting. E.g.: {“api”:false, “method”:true} | null |
To communicate with the ONTAP cluster, Trident must be provided with authentication parameters. This could be the username/password to a security login (OR) an installed certificate. This is fully documented in the Authentication Guide.
Warning
Do not use debugTraceFlags unless you are troubleshooting and require a
detailed log dump.
For the ontap-san* drivers, the default is to use all data LIF IPs from
the SVM and to use iSCSI multipath. Specifying an IP address for the dataLIF
for the ontap-san* drivers forces them to disable multipath and use only the
specified address.
Note
When creating a backend, remember that the dataLIF and storagePrefix
cannot be modified after creation. To update these parameters you will need
to create a new backend.
The igroupName is set to an igroup that is already created on the ONTAP cluster.
CSI Trident will automatically populate the igroup with node IQNs as volumes are
created and attached. Similarly, node removals from the Kubernetes cluster will
result in deleting the IQNs from the igroup.
Warning
While igroupName can be updated for a backend, it is important to remember
that the new igroup will only be used for all volumes created henceforth.
Existing volumes will continue to use the old igroup. Updating igroupName
is not recommended unless the old igroup will still remain untouched on the
storage cluster.
A fully-qualified domain name (FQDN) can be specified for the managementLIF
option.
The managementLIF for all ONTAP drivers can
also be set to IPv6 addresses. Make sure to install Trident with the
--use-ipv6 flag. Care must be taken to define the managementLIF
IPv6 address within square brackets.
Warning
When using IPv6 addresses, make sure the managementLIF and dataLIF
[if included in your backend defition] are defined
within square brackets, such as [28e8:d9fb:a825:b7bf:69a8:d02f:9e7b:3555].
If the dataLIF is not provided, Trident will fetch the IPv6 data LIFs
from the SVM.
To enable the ontap-san* drivers to use CHAP, set the useCHAP parameter to
true in your backend definition. Trident will then configure and use
bidirectional CHAP as the default authentication for the SVM given in the backend.
The CHAP with ONTAP SAN drivers
section explains how this works.
For the ontap-san-economy driver, the limitVolumeSize
option will also restrict the maximum size of
the volumes it manages for qtrees and LUNs.
Note
Trident sets provisioning labels in the “Comments” field of all volumes
created using the ontap-san driver. For each volume created, the “Comments”
field on the FlexVol will be populated with all labels present on the storage
pool it is placed in. Storage admins can define labels per storage pool and
group all volumes created in a storage pool. This provides a convenient way of
differentiating volumes based on a set of customizable labels that are
provided in the backend configuration.
You can control how each volume is provisioned by default using these options in a special section of the configuration. For an example, see the configuration examples below.
| Parameter | Description | Default |
|---|---|---|
| spaceAllocation | Space-allocation for LUNs | “true” |
| spaceReserve | Space reservation mode; “none” (thin) or “volume” (thick) | “none” |
| snapshotPolicy | Snapshot policy to use | “none” |
| qosPolicy | QoS policy group to assign for volumes created.
Choose one of qosPolicy or adaptiveQosPolicy per
storage pool/backend. |
“” |
| adaptiveQosPolicy | Adaptive QoS policy group to assign for volumes created.
Choose one of qosPolicy or
adaptiveQosPolicy per storage pool/backend. |
“” |
| snapshotReserve | Percentage of volume reserved for snapshots | “0” if snapshotPolicy is “none”, else “” |
| splitOnClone | Split a clone from its parent upon creation | “false” |
| encryption | Enable NetApp volume encryption | “false” |
| securityStyle | Security style for new volumes | “unix” |
| tieringPolicy | Tiering policy to use | “none”; “snapshot-only” for pre-ONTAP 9.5 SVM-DR configuration |
Note
Using QoS policy groups with Trident requires ONTAP 9.8 or later. It is recommended to use a non-shared QoS policy group and ensure the policy group is applied to each constituent individually. A shared QoS policy group will enforce the ceiling for the total throughput of all workloads.
Here’s an example with defaults defined:
{
"version": 1,
"storageDriverName": "ontap-san",
"managementLIF": "10.0.0.1",
"dataLIF": "10.0.0.2",
"svm": "trident_svm",
"username": "admin",
"password": "password",
"labels": {"k8scluster": "dev2", "backend": "dev2-sanbackend"},
"storagePrefix": "alternate-trident",
"igroupName": "custom",
"debugTraceFlags": {"api":false, "method":true},
"defaults": {
"spaceReserve": "volume",
"qosPolicy": "standard",
"spaceAllocation": "false",
"snapshotPolicy": "default",
"snapshotReserve": "10"
}
}