Configure Red Hat OpenShift Container Platform to allow Trident Storage across a host interface
Environment
Red Hat OpenShift Container Platform using a second network for storage traffic.
This second network is configured on an interface on the cluster nodes and is not a pod network.
Issue
When using the OVNKubernetes network stack, setting hostNetwork to true in the pod configuration does not allow the pods to communicate to the NetApp if using a second network for storage.
Resolution
To allow the Trident controller pods to access a hosts NICs and use the hosts routing table, the SCC that Trident creates meeds to be patched.
The deployment created by Trident also needs patched to use host networking.
After installing Trident in the cluster, patch the trident-controller SCC to allow Pods to access the hosts network and ports and to also allow containers to run in privileged mode.
oc patch scc trident-controller --type=json -p='[
{"op": "replace", "path": "/allowHostNetwork", "value": true},
{"op": "replace", "path": "/allowHostPorts", "value": true},
{"op": "replace", "path": "/allowPrivilegedContainer", "value": true}
]'
After the SCC is patched, patch the Deployment so the Pods it creates can access the host's networking.
First, check the name and state of the current controllers.
$ oc get pods -n trident
NAME READY STATUS RESTARTS AGE
trident-controller-7dbb6d9786-fd849 6/6 Running 0 2m38s
trident-node-linux-x2cwf 2/2 Running 1 (117s ago) 2m38s
Patch the deployment
oc patch deployment trident-controller -n trident --type=json -p='[
{"op": "add", "path": "/spec/template/spec/hostNetwork", "value": true}
]'
Check that the controller pods were recreated by checking if the trident-controller pods changed names.
$ oc get pods -n trident
NAME READY STATUS RESTARTS AGE
trident-controller-757dd947cc-m59sx 6/6 Running 0 47s
trident-node-linux-x2cwf 2/2 Running 1 (6m4s ago) 6m45s
A backend can now be created
$ tridentctl create backend -n trident -f ../trident-backend.json
+----------+----------------+--------------------------------------+--------+------------+---------+
| NAME | STORAGE DRIVER | UUID | STATE | USER-STATE | VOLUMES |
+----------+----------------+--------------------------------------+--------+------------+---------+
| test-svm | ontap-nas | 0919ea3b-13c9-486b-a00f-4685c3b64d44 | online | normal | 0 |
+----------+----------------+--------------------------------------+--------+------------+---------+
Root Cause
The SCC that is created by Trident prevents access to the host networking ports.
Diagnostic Steps
Any PVs created using the backend can be seen using the tridentctl get volumes -n trident command.
$ tridentctl -n trident get volumes
+------------------------------------------+---------+------------------+----------+--------------------------------------+-------+---------+
| NAME | SIZE | STORAGE CLASS | PROTOCOL | BACKEND UUID | STATE | MANAGED |
+------------------------------------------+---------+------------------+----------+--------------------------------------+-------+---------+
| pvc-f4d057c4-b947-41cd-8947-264048441dbf | 300 MiB | trident-test-svm | file | 0919ea3b-13c9-486b-a00f-4685c3b64d44 | | true |
+------------------------------------------+---------+------------------+----------+--------------------------------------+-------+---------+
The volumes created by Trident can be viewed on the NetApp through its SVM.
$ ssh vsadmin@192.168.13.20 volume show
Last login time: 3/25/2024 19:22:16
Vserver Volume Aggregate State Type Size Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
testsvm testsvm_root netapp_01_SAS_1 online RW 1GB 972.2MB 0%
testsvm testhost_pvc_f4d057c4_b947_41cd_8947_264048441dbf FAS2750_syseng_01_SAS_1 online RW 300MB 299.8MB 0%
2 entries were displayed.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.