Skip to content

Latest commit

 

History

History
507 lines (346 loc) · 30.8 KB

trident-rn.adoc

File metadata and controls

507 lines (346 loc) · 30.8 KB
sidebar permalink keywords summary
sidebar
trident-rn.html
what's new, new features, enhancements, known issues, resolved issues, troubleshooting
NetApp is continually improving and enhancing its products and services. Here are some of the latest features, enhancements, and bug fixes in the latest version of Trident.

What’s new

Release Notes provide information about new features, enhancements, and bug fixes in the latest version of Trident.

Warning
The tridentctl binary for Linux that is provided in the installer zip file is the tested and supported version. Be aware that the macos binary provided in the /extras part of the zip file is not tested or supported.

What’s new in 24.10

Enhancements

  • Google Cloud NetApp Volumes driver is now generally available for NFS volumes and supports zone-aware provisioning.

  • GCP Workload Identity will be used as Cloud Identity for Google Cloud NetApp Volumes with GKE.

  • Added formatOptions configuration parameter to ONTAP-SAN and ONTAP-SAN-Economy drivers to allow users to specify LUN format options.

  • Reduced Azure NetApp Files minimum volume size to 50 GiB. Azure new minimum size expected to be generally available in November.

  • Added denyNewVolumePools configuration parameter to restrict ONTAP-NAS-Economy and ONTAP-SAN-Economy drivers to preexisting Flexvol pools.

  • Added detection for the addition, removal, or renaming of aggregates from the SVM across all ONTAP drivers.

  • Added 18MiB overhead to LUKS LUNs to ensure reported PVC size is usable.

  • Improved ONTAP-SAN and ONTAP-SAN-Economy node stage and unstage error handling to allow unstage to remove devices after a failed stage.

  • Added a custom role generator allowing customers to create a minimalistic role for Trident in ONTAP.

  • Added additional logging for troubleshooting lsscsi (Issue #792).

Kubernetes

  • Added new Trident features for Kubernetes-native workflows:

  • Added a new flag --k8s_api_qps to installers to set the QPS value used by Trident to communicate with the Kubernetes API server.

  • Added --node-prep flag to installers for automatic management of storage protocol dependencies on Kubernetes cluster nodes. Tested and verified compatibility with Amazon Linux 2023 iSCSI storage protocol

  • Added support for force detach for ONTAP-NAS-Economy volumes during Non-Graceful Node Shutdown scenarios.

  • New ONTAP-NAS-Economy NFS volumes will use per-qtree export policies when using autoExportPolicy backend option. Qtrees will only be mapped to node restrictive export policies at time of publish to improve access control and security. Existing qtrees will be switched to the new export policy model when Trident unpublishes the volume from all nodes to do so without impacting active workloads.

  • Added support for Kubernetes 1.31.

Experimental Enhancements

Fixes

  • Kubernetes:

    • Fixed Rancher admission webhook preventing Trident Helm installations (Issue #839).

    • Fixed Affinity key in helm chart values (Issue #898).

    • Fixed tridentControllerPluginNodeSelector/tridentNodePluginNodeSelector won’t work with "true" value (Issue #899).

    • Deleted ephemeral snapshots created during cloning (Issue #901).

  • Added support for Windows Server 2019.

  • Fixed `go mod tidy`in Trident repo (Issue #767).

Deprecations

  • Kubernetes:

    • Updated minimum supported Kubernetes to 1.25.

    • Removed support for POD Security Policy.

Product rebranding

Beginning with the 24.10 release, Astra Trident is rebranded to Trident (Netapp Trident). This rebranding does not affect any features, platforms supported, or interoperability for Trident.

Changes in 24.06

Enhancements

  • IMPORTANT: The limitVolumeSize parameter now limits qtree/LUN sizes in the ONTAP economy drivers. Use the new limitVolumePoolSize parameter to control Flexvol sizes in those drivers. (Issue #341).

  • Added ability for iSCSI self-healing to initiate SCSI scans by exact LUN ID if deprecated igroups are in use (Issue #883).

  • Added support for volume clone and resize operations to be allowed even when the backend is in suspended mode.

  • Added ability for user-configured log settings for the Trident controller to be propagated to Trident node pods.

  • Added support in Trident to use REST by default instead of ZAPI for ONTAP versions 9.15.1 and later.

  • Added support for custom volume names and metadata on the ONTAP storage backends for new persistent volumes.

  • Enhanced the azure-netapp-files (ANF) driver to automatically enable the snapshot directory by default when the NFS mount options are set to use NFS version 4.x.

  • Added Bottlerocket support for NFS volumes.

  • Added technical preview support for Google Cloud NetApp Volumes.

Kubernetes

  • Added support for Kubernetes 1.30.

  • Added ability for Trident DaemonSet to clean zombie mounts and residual tracking files at startup (Issue #883).

  • Added PVC annotation trident.netapp.io/luksEncryption for dynamically importing LUKS volumes (Issue #849).

  • Added topology awareness to ANF driver.

  • Added support for Windows Server 2022 nodes.

Fixes

  • Fixed Trident installation failures due to stale transactions.

  • Fixed tridentctl to ignore warning messages from Kubernetes (Issue #892).

  • Changed Trident controller SecurityContextConstraint priority to 0 (Issue #887).

  • ONTAP drivers now accept volume sizes below 20MiB (Issue[#885).

  • Fixed Trident to prevent shrinking of Flexvols during resize operation for the ONTAP-SAN driver.

  • Fixed ANF volume import failure with NFS v4.1.

Changes in 24.02

Enhancements

  • Added support for Cloud Identity.

    • AKS with ANF - Azure Workload Identity will be used as Cloud identity.

    • EKS with FSxN - AWS IAM role will be used as Cloud identity.

  • Added support to install Trident as an add-on on EKS cluster from EKS console.

  • Added ability to configure and disable iSCSI self-healing (Issue #864).

  • Added FSx personality to ONTAP drivers to enable integration with AWS IAM and SecretsManager, and to enable Trident to delete FSx volumes with backups (Issue #453).

Kubernetes

  • Added support for Kubernetes 1.29.

Fixes

  • Fixed ACP warning messages, when ACP is not enabled (Issue #866).

  • Added a 10-second delay before performing a clone split during snapshot delete for ONTAP drivers, when a clone is associated with the snapshot.

Deprecations

  • Removed in-toto attestations framework from multi-platform image manifests.

Changes in 23.10

Fixes

  • Fixed volume expansion if a new requested size is smaller than the total volume size for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #834).

  • Fixed volume size to display only usable size of the volume during import for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #722).

  • Fixed FlexVol name conversion for ONTAP-NAS-Economy.

  • Fixed Trident initialization issue on a windows node when node is rebooted.

Enhancements

Kubernetes

Added support for Kubernetes 1.28.

Trident

  • Added support for using Azure Managed Identities (AMI) with azure-netapp-files storage driver.

  • Added support for NVMe over TCP for the ONTAP-SAN driver.

  • Added ability to pause the provisioning of a volume when backend is set to suspended state by user (Issue #558).

Changes in 23.07.1

Kubernetes: Fixed daemonset deletion to support zero-downtime upgrades (Issue #740).

Changes in 23.07

Fixes

Kubernetes

  • Fixed Trident upgrade to disregard old pods stuck in terminating state (Issue #740).

  • Added toleration to "transient-trident-version-pod" definition (Issue #795).

Trident

  • Fixed ONTAP ZAPI requests to ensure LUN serial numbers are queried when getting LUN attributes to identify and fix ghost iSCSI devices during Node Staging operations.

  • Fixed error handling in storage driver code (Issue #816).

  • Fixed quota resize when using ONTAP drivers with use-rest=true.

  • Fixed LUN clone creation in ontap-san-economy.

  • Revert publish info field from rawDevicePath to devicePath; added logic to populate and recover (in some cases) devicePath field.

Enhancements

Kubernetes

  • Added support for importing pre-provisioned snapshots.

  • Minimized deployment and daemonset linux permissions (Issue #817).

Trident

  • No longer reporting the state field for "online" volumes and snapshots.

  • Updates the backend state if the ONTAP backend is offline (Issues #801, #543).

  • LUN Serial Number is always retrieved and published during the ControllerVolumePublish workflow.

  • Added additional logic to verify iSCSI multipath device serial number and size.

  • Additional verification for iSCSI volumes to ensure correct multipath device is unstaged.

Experimental Enhancement

Added tech preview support for NVMe over TCP for the ONTAP-SAN driver.

Documentation

Many organizational and formatting improvements have been made.

Deprecations

Kubernetes

  • Removed support for v1beta1 snapshots.

  • Removed support for pre-CSI volumes and storage classes.

  • Updated minimum supported Kubernetes to 1.22.

Changes in 23.04

Important
Force volume detach for ONTAP-SAN-* volumes is supported only with Kubernetes versions with the Non-Graceful Node Shutdown feature gate enabled. Force detach must be enabled at install time using the --enable-force-detach Trident installer flag.

Fixes

  • Fixed Trident Operator to use IPv6 localhost for installation when specified in spec.

  • Fixed Trident Operator cluster role permissions to be in sync with the bundle permissions (Issue #799).

  • Fixed issue with attaching raw block volume on multiple nodes in RWX mode.

  • Fixed FlexGroup cloning support and volume import for SMB volumes.

  • Fixed issue where Trident controller could not shut down immediately (Issue #811).

  • Added fix to list all igroup names associated with a specified LUN provisioned with ontap-san-* drivers.

  • Added a fix to allow external processes to run to completion.

  • Fixed compilation error for s390 architecture (Issue #537).

  • Fixed incorrect logging level during volume mount operations (Issue #781).

  • Fixed potential type assertion error (Issue #802).

Enhancements

  • Kubernetes:

    • Added support for Kubernetes 1.27.

    • Added support for importing LUKS volumes.

    • Added support for ReadWriteOncePod PVC access mode.

    • Added support for force detach for ONTAP-SAN-* volumes during Non-Graceful Node Shutdown scenarios.

    • All ONTAP-SAN-* volumes will now use per-node igroups. LUNs will only be mapped to igroups while actively published to those nodes to improve our security posture. Existing volumes will be opportunistically switched to the new igroup scheme when Trident determines it is safe to do so without impacting active workloads (Issue #758).

    • Improved Trident security by cleaning up unused Trident-managed igroups from ONTAP-SAN-* backends.

  • Added support for SMB volumes with Amazon FSx to the ontap-nas-economy and ontap-nas-flexgroup storage drivers.

  • Added support for SMB shares with the ontap-nas, ontap-nas-economy and ontap-nas-flexgroup storage drivers.

  • Added support for arm64 nodes (Issue #732).

  • Improved Trident shutdown procedure by deactivating API servers first (Issue #811).

  • Added cross-platform build support for Windows and arm64 hosts to Makefile; see BUILD.md.

Deprecations

Kubernetes: Backend-scoped igroups will no longer be created when configuring ontap-san and ontap-san-economy drivers (Issue #758).

Changes in 23.01.1

Fixes

  • Fixed Trident Operator to use IPv6 localhost for installation when specified in spec.

  • Fixed Trident Operator cluster role permissions to be in sync with the bundle permissions Issue #799.

  • Added a fix to allow external processes to run to completion.

  • Fixed issue with attaching raw block volume on multiple nodes in RWX mode.

  • Fixed FlexGroup cloning support and volume import for SMB volumes.

Changes in 23.01

Important
Kubernetes 1.27 is now supported in Trident. Please upgrade Trident prior to upgrading Kubernetes.

Fixes

  • Kubernetes: Added options to exclude Pod Security Policy creation to fix Trident installations via Helm (Issues #783, #794).

Enhancements

Kubernetes
  • Added support for Kubernetes 1.26.

  • Improved overall Trident RBAC resource utilization (Issue #757).

  • Added automation to detect and fix broken or stale iSCSI sessions on host nodes.

  • Added support for expanding LUKS encrypted volumes.

  • Kubernetes: Added credential rotation support for LUKS encrypted volumes.

Trident
  • Added support for SMB volumes with Amazon FSx for ONTAP to the ontap-nas storage driver.

  • Added support for NTFS permissions when using SMB volumes.

  • Added support for storage pools for GCP volumes with CVS service level.

  • Added support for optional use of flexgroupAggregateList when creating FlexGroups with the ontap-nas-flexgroup storage driver.

  • Improved performance for the ontap-nas-economy storage driver when managing multiple FlexVols.

  • Enabled dataLIF updates for all ONTAP NAS storage drivers.

  • Updated the Trident Deployment and DaemonSet naming convention to reflect the host node OS.

Deprecations

  • Kubernetes: Updated minimum supported Kubernetes to 1.21.

  • Data LIFs should no longer be specified when configuring ontap-san or ontap-san-economy drivers.

Changes in 22.10

You must read the following critical information before upgrading to Trident 22.10.

Warning
Critical information about Trident 22.10
  • Kubernetes 1.25 is now supported in Trident. You must upgrade Trident to 22.10 prior to upgrading to Kubernetes 1.25.

  • Trident now strictly enforces the use of multipathing configuration in SAN environments, with a recommended value of find_multipaths: no in multipath.conf file.

    Use of non-multipathing configuration or use of find_multipaths: yes or find_multipaths: smart value in multipath.conf file will result in mount failures. Trident has recommended the use of find_multipaths: no since the 21.07 release.

Fixes

  • Fixed issue specific to ONTAP backend created using credentials field failing to come online during 22.07.0 upgrade (Issue #759).

  • Docker: Fixed an issue causing the Docker volume plugin to fail to start in some environments (Issue #548 and Issue #760).

  • Fixed SLM issue specific to ONTAP SAN backends to ensure only subset of data LIFs belonging to reporting nodes are published.

  • Fixed performance issue where unnecessary scans for iSCSI LUNs happened when attaching a volume.

  • Removed granular retries within the Trident iSCSI workflow to fail fast and reduce external retry intervals.

  • Fixed issue where an error was returned when flushing an iSCSI device when the corresponding multipath device was already flushed.

Enhancements

  • Kubernetes:

    • Added support for Kubernetes 1.25. You must upgrade Trident to 22.10 prior to upgrading to Kubernetes 1.25.

    • Added a separate ServiceAccount, ClusterRole, and ClusterRoleBinding for the Trident Deployment and DaemonSet to allow future permissions enhancements.

    • Added support for cross-namespace volume sharing.

  • All Trident ontap-* storage drivers now work with the ONTAP REST API.

  • Added new operator yaml (bundle_post_1_25.yaml) without a PodSecurityPolicy to support Kubernetes 1.25.

  • Added support for LUKS-encrypted volumes for ontap-san and ontap-san-economy storage drivers.

  • Added support for Windows Server 2019 nodes.

  • Added support for SMB volumes on Windows nodes through the azure-netapp-files storage driver.

  • Automatic MetroCluster switchover detection for ONTAP drivers is now generally available.

Deprecations

  • Kubernetes: Updated minimum supported Kubernetes to 1.20.

  • Removed Astra Data Store (ADS) driver.

  • Removed support for yes and smart options for find_multipaths when configuring worker node multipathing for iSCSI.

Changes in 22.07

Fixes

Kubernetes

  • Fixed issue to handle boolean and number values for node selector when configuring Trident with Helm or the Trident Operator. (GitHub issue #700)

  • Fixed issue in handling errors from non-CHAP path, so that kubelet will retry if it fails. GitHub issue #736)

Enhancements

  • Transition from k8s.gcr.io to registry.k8s.io as default registry for CSI images

  • ONTAP-SAN volumes will now use per-node igroups and only map LUNs to igroups while actively published to those nodes to improve our security posture. Existing volumes will be opportunistically switched to the new igroup scheme when Trident determines it is safe to do so without impacting active workloads.

  • Included a ResourceQuota with Trident installations to ensure Trident DaemonSet is scheduled when PriorityClass consumption is limited by default.

  • Added support for Network Features to Azure NetApp Files driver. (GitHub issue #717)

  • Added tech preview automatic MetroCluster switchover detection to ONTAP drivers. (GitHub issue #228)

Deprecations

  • Kubernetes: Updated minimum supported Kubernetes to 1.19.

  • Backend config no longer allows multiple authentication types in single config.

Removals

  • AWS CVS driver (deprecated since 22.04) has been removed.

  • Kubernetes

    • Removed unnecessary SYS_ADMIN capability from node pods.

    • Reduces nodeprep down to simple host info and active service discovery to do a best-effort
      confirmation that NFS/iSCSI services are available on worker nodes.

Documentation

A new Pod Security Standards (PSS) section has been added detailing permissions enabled by Trident on installation.

Changes in 22.04

NetApp is continually improving and enhancing its products and services. Here are some of the latest features in Trident. For previous releases, Refer to Earlier versions of documentation.

Important
If you are upgrading from any previous Trident release and use Azure NetApp Files, the location config parameter is now a mandatory, singleton field.

Fixes

  • Improved parsing of iSCSI initiator names. (GitHub issue #681)

  • Fixed issue where CSI storage class parameters weren’t allowed. (GitHub issue #598)

  • Fixed duplicate key declaration in Trident CRD. (GitHub issue #671)

  • Fixed inaccurate CSI Snapshot logs. (GitHub issue #629))

  • Fixed issue with unpublishing volumes on deleted nodes. (GitHub issue #691)

  • Added handling of filesystem inconsistencies on block devices. (GitHub issue #656)

  • Fixed issue pulling auto-support images when setting the imageRegistry flag during installation. (GitHub issue #715)

  • Fixed issue where Azure NetApp Files driver failed to clone a volume with multiple export rules.

Enhancements

  • Inbound connections to Trident’s secure endpoints now require a minimum of TLS 1.3. (GitHub issue #698)

  • Trident now adds HSTS headers to responses from its secure endpoints.

  • Trident now attempts to enable the Azure NetApp Files unix permissions feature automatically.

  • Kubernetes: Trident daemonset now runs at system-node-critical priority class. (GitHub issue #694)

Removals

E-Series driver (disabled since 20.07) has been removed.

Changes in 22.01.1

Fixes

  • Fixed issue with unpublishing volumes on deleted nodes. (GitHub issue #691)

  • Fixed panic when accessing nil fields for aggregate space in ONTAP API responses.

Changes in 22.01.0

Fixes

  • Kubernetes: Increase node registration backoff retry time for large clusters.

  • Fixed issue where azure-netapp-files driver could be confused by multiple resources with the same name.

  • ONTAP SAN IPv6 Data LIFs now work if specified with brackets.

  • Fixed issue where attempting to import an already imported volume returns EOF leaving PVC in pending state. (GitHub issue #489)

  • Fixed issue when Trident performance slows down when > 32 snapshots are created on a SolidFire volume.

  • Replaced SHA-1 with SHA-256 in SSL certificate creation.

  • Fixed Azure NetApp Files driver to allow duplicate resource names and limit operations to a single location.

  • Fixed Azure NetApp Files driver to allow duplicate resource names and limit operations to a single location.

Enhancements

  • Kubernetes enhancements:

    • Added support for Kubernetes 1.23.

    • Add scheduling options for Trident pods when installed via Trident Operator or Helm. (GitHub issue #651)

  • Allow cross-region volumes in GCP driver. (GitHub issue #633)

  • Added support for 'unixPermissions' option to Azure NetApp Files volumes. (GitHub issue #666)

Deprecations

Trident REST interface can listen and serve only at 127.0.0.1 or [::1] addresses

Changes in 21.10.1

Warning
The v21.10.0 release has an issue that can put the Trident controller into a CrashLoopBackOff state when a node is removed and then added back to the Kubernetes cluster. This issue is fixed in v21.10.1 (GitHub issue 669).

Fixes

  • Fixed potential race condition when importing a volume on a GCP CVS backend resulting in failure to import.

  • Fixed an issue that can put the Trident controller into a CrashLoopBackOff state when a node is removed and then added back to the Kubernetes cluster (GitHub issue 669).

  • Fixed issue where SVMs were no longer discovered if no SVM name was specified (GitHub issue 612).

Changes in 21.10.0

Fixes

  • Fixed issue where clones of XFS volumes could not be mounted on the same node as the source volume (GitHub issue 514).

  • Fixed issue where Trident logged a fatal error on shutdown (GitHub issue 597).

  • Kubernetes-related fixes:

    • Return a volume’s used space as the minimum restoreSize when creating snapshots with ontap-nas and ontap-nas-flexgroup drivers (GitHub issue 645).

    • Fixed issue where Failed to expand filesystem error was logged after volume resize (GitHub issue 560).

    • Fixed issue where a pod could get stuck in Terminating state (GitHub issue 572).

    • Fixed the case where an ontap-san-economy FlexVol might be full of snapshot LUNs (GitHub issue 533).

    • Fixed custom YAML installer issue with different image (GitHub issue 613).

    • Fixed snapshot size calculation (GitHub issue 611).

    • Fixed issue where all Trident installers could identify plain Kubernetes as OpenShift (GitHub issue 639).

    • Fixed the Trident operator to stop reconciliation if the Kubernetes API server is unreachable (GitHub issue 599).

Enhancements

  • Added support for unixPermissions option to GCP-CVS Performance volumes.

  • Added support for scale-optimized CVS volumes in GCP in the range 600 GiB to 1 TiB.

  • Kubernetes-related enhancements:

    • Added support for Kubernetes 1.22.

    • Enabled the Trident operator and Helm chart to work with Kubernetes 1.22 (GitHub issue 628).

    • Added operator image to tridentctl images command (GitHub issue 570).

Experimental enhancements

  • Added support for volume replication in the ontap-san driver.

  • Added tech preview REST support for the ontap-nas-flexgroup, ontap-san, and ontap-nas-economy drivers.

Known issues

Known issues identify problems that might prevent you from using the product successfully.

  • When upgrading a Kubernetes cluster from 1.24 to 1.25 or later that has Trident installed, you must update values.yaml to set excludePodSecurityPolicy to true or add --set excludePodSecurityPolicy=true to the helm upgrade command before you can upgrade the cluster.

  • Trident now enforces a blank fsType (fsType="") for volumes that do not have the fsType specified in their StorageClass. When working with Kubernetes 1.17 or later, Trident supports providing a blank fsType for NFS volumes. For iSCSI volumes, you are required to set the fsType on your StorageClass when enforcing an fsGroup using a Security Context.

  • When using a backend across multiple Trident instances, each backend configuration file should have a different storagePrefix value for ONTAP backends or use a different TenantName for SolidFire backends. Trident cannot detect volumes that other instances of Trident have created. Attempting to create an existing volume on either ONTAP or SolidFire backends succeeds, because Trident treats volume creation as an idempotent operation. If storagePrefix or TenantName do not differ, there might be name collisions for volumes created on the same backend.

  • When installing Trident (using tridentctl or the Trident Operator) and using tridentctl to manage Trident, you should ensure the KUBECONFIG environment variable is set. This is necessary to indicate the Kubernetes cluster that tridentctl should work against. When working with multiple Kubernetes environments, you should ensure that the KUBECONFIG file is sourced accurately.

  • To perform online space reclamation for iSCSI PVs, the underlying OS on the worker node might require mount options to be passed to the volume. This is true for RHEL/RedHat CoreOS instances, which require the discard mount option; ensure that the discard mountOption is included in your StorageClass to support online block discard.

  • If you have more than one instance of Trident per Kubernetes cluster, Trident cannot communicate with other instances and cannot discover other volumes that they have created, which leads to unexpected and incorrect behavior if more than one instance runs within a cluster. There should be only one instance of Trident per Kubernetes cluster.

  • If Trident-based StorageClass objects are deleted from Kubernetes while Trident is offline, Trident does not remove the corresponding storage classes from its database when it comes back online. You should delete these storage classes using tridentctl or the REST API.

  • If a user deletes a PV provisioned by Trident before deleting the corresponding PVC, Trident does not automatically delete the backing volume. You should remove the volume via tridentctl or the REST API.

  • ONTAP cannot concurrently provision more than one FlexGroup at a time unless the set of aggregates are unique to each provisioning request.

  • When using Trident over IPv6, you should specify managementLIF and dataLIF in the backend definition within square brackets. For example, [fd20:8b1e:b258:2000:f816:3eff:feec:0].

    Note
    You cannot specify dataLIF on an ONTAP SAN backend. Trident discovers all available iSCSI LIFs and uses them to establish the multipath session.
  • If using the solidfire-san driver with OpenShift 4.5, ensure that the underlying worker nodes use MD5 as the CHAP authentication algorithm. Secure FIPS-compliant CHAP algorithms SHA1, SHA-256, and SHA3-256 are available with Element 12.7.

Find more information