Hi,

Since the tridentbackendconfig does not specify which service policies on the LIF are requisite for the ontap-nas backend I hope to find clarification here.

• trident backend driver: ontap-nas
• I create a new SVM/Vserver for trident
• new LIF associated with the SVM for data and/or management will be created
• ontap version is 9.12 so we use: service policies on the LIF
• creating new account with svmadmin security role to use in the backend credentials
• only nfs type mounts required for the kubernetes volumes

I gather following service policies are required for the DATA LIF:

• data-core
• data-nfs
• data-fpolicy-client
• management-dns-client
• management-ad-client
• management-ldap-client
• management-ssh
• management-https

Here are my questions:

• the Trident backend config requires also a MANAGEMENT LIF and I'm unsure if I could just reuse the IP of the new dataLIF? Since the dataLIF will have management-https service policy. Will that suffice for Trident to work correctly or do I really need to enter the cluster management IP als managementLIF for the backend? 
• svmadmin security role will avoid Trident interfering with the rest of the cluster?
• is Trident using restapi and does that correspond with management-https service policy?