Tech ONTAP Podcast Episode 67: Trident and Kubernetes

Episode 67 - Trident and Kubernetes


Just before the Christmas holiday, NetApp delivered a very special, open source, present: Trident, a storage orchestrator which integrates with Kubernetes for dynamic provisioning of persistent volumes.  Trident is configured to manage one or more storage systems while providing a provisioner for persistent volumes in Kubernetes, natively giving the ability for applications to consume the storage that they need, when they need it, and where they need it.  Additionally, Trident has a REST interface for any application to consume capacity on demand.


This week we welcome Garrett Mueller (@innergy), Technical Director for NetApp, to the podcast to discuss Trident, the goal of the project, and why it’s important for anyone who is using Kubernetes.  If you’re interested in more information about Trident, be sure to look on or visit us in the #containers Slack channel.



If you are new to the podcast, tune into any of our previous episodes to see what you may have missed. You can find Tech ONTAP Podcast episodes on the NetApp Blog.


Each week, the Tech ONTAP Podcast discusses all-things NetApp, interviews subject-matter experts, and provides insights into the storage industry. Follow the hosts on Twitter: Justin Parisi (@NFSDudeAbides), Glenn Sizemore (@glnsize), and Andrew Sullivan (@andrew_NTAP). Subscribe to the podcast on SoundCloudStitcher, or iTunes, or sign-up to receive the Tech OnTap newsletter.


Trident looks neat, but it looks like it requires cluster admin access?

Can it be set to use an SVM?  Our devs are starting to play with openshift/kubernetes and we're not real keen on giving them cluster admin to the cluster that our dev/tes & prod sits on!







At this time Trident does use cluster level permissions to inspect the capabilities of the aggregates assigned to the SVM.  The permissions at the cluster level only need to be read-only, if that helps.


I would recommend creating an issue on GitHub to voice your support for modifying Trident to need only SVM level credentials.  This will help us to determine and prioritize which features are most important.



Thanks Andrew!  that is a more acceptable scenario Smiley Happy  We will have a deeper look then.

It does seem that Trident only supports NAS and iSCSI ONTAP setups. Does it also support FC configs as well?


Hello @lostjackal,


Trident does not support FC connections.  It supports iSCSI for ONTAP (k8s 1.6+ only), E-Series (k8s 1.6+ only), and SolidFire, as well as NFS with ONTAP.


Hope that helps.



Does cluster level readonly rights allow trident to create and delete volumes? 


Hello @Chandlerbing03,


Yes, the user needs the ability to read aggregate level properties, they still need the ability to create volumes at the SVM level.  The list of permissions can be found here.


Note that if you're using ONTAP 9.1+, then an SVM scoped account can be used...not cluster level permissions are needed.  Even pre-9.1, using an account without cluster level permissions won't prevent Trident from working, it just prevents it from collecting some information about the aggregate (and affects the aggr selection process).