895d055 update tools override - torirevilla

31a680c Added support for NASType values to be accepted... - arnavs7

dc6e70f 22.07 Update Changelog - torirevilla

74df8b9 22.07 Update Changelog - torirevilla

I think we need to add instructions on selecting Trident for "Project Name" and to use "https://github.com/NetApp/trident" for the "Project Website" field.

@juliantap, just one change

Added.

adfae76 Remove deprecated docs directory - adkerr

6bbe3d7 Update ASUP version - torirevilla
549e4ab anf smb volume provisioning - prajwalv-netapp

1db81b0 Update CONTRIBUTING.md for online CCLA submission - gnarl

4129cf4 Notice file for Trident and ASUP - torirevilla

a957050 Update ASUP version - torirevilla

Describe the bug
After doing upgrade Fedora CoreOS to ver 36.20220716.3.1 the Node-CSI driver still connecting.

time="2022-08-02T14:24:57Z" level=warning msg="Could not update Trident controller with node registration, will retry." error="could not log into the Trident CSI Controller: error communicating with Trident CS
I Controller; Put "https://10.233.51.147:34571/trident/v1/node/l8101\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" increment=10.4962...

Describe the bug

After install of the trident, while provisioning the volume in pod, we are getting below error in pod events.

tridentorchestrator/trident Failed to install Trident; err: failed to create the Trident DaemonSet; failed to create or patch Trident daemonset; could not patch Trident DaemonSet; daemonsets.apps "trident-csi" is forbidden: non-admin user "trident:trident-operator" [service account "trident:trident-csi"]. The configured privileged attributes access for...

Describe the bug
We have openshift cluster. We try to install trident. After the installation, we do see only 1 pod is up for Csi pod. Hence the node where we are going to use the pod is not able to get the volume from trident csi.

Pod error:
Events:
Type Reason Age From Message

Normal Scheduled 55s default-sched...

Describe the bug
Trident appears to ignore node taints and its daemonset deploy pods on all nodes rather than the nodes without a NoSchedule taint such as:

spec:
  taints:
  - effect: NoSchedule
    key: juju.is/kubernetes-control-plane
    value: "true

The issue appeared when upgrading Charmed Kubernetes from v1.23 to v1.24. The puzzling bit is the daemonset definition has the following node selector:

Node-Selector:  kubernetes.io/arch=amd64,ku...

Describe the bug
We use Openshift 4.10. pv and pvc are fine and bounded. We are able to mount the volume on the worker nodes manually however when we try to mount using openshift it is giving below error.

MountVolume.SetUp failed for volume "pvc-73701811-3298-4a7d-914f-bac813442324" : rpc error: code = Internal desc = error mounting NFS volume netappip:/trident_qtree_pool_openshift_prd_QBHALDTHGT/openshift_prd_pvc_73701811_3298_4a7d_914f_bac813442324 on mountpoint /var/lib/kubele...

Describe the bug

"Username is specified in both config and secret ..." and similar warning messages are incorrectly logged after updating Trident v22.07.0.

time="2022-08-01T01:42:13Z" level=warning msg="clientPrivateKey is specified in both config and secret; overriding from secret."
time="2022-08-01T01:42:13Z" level=warning msg="Username is specified in both config and secret; overriding from secret."
time="2022-08-01T01:42:13Z" level=warning msg="Password is specified in bo...

We see the trident-csi not starting up with this error messages in the log:

Warning  Unhealthy  6m36s (x10 over 7m21s)  kubelet            Startup probe failed: Get "https://10.9.96.45:17546/liveness": remote error: tls: protocol version not supported

2022/08/09 09:35:21 http: TLS handshake error from 10.9.96.45:48986: tls: client offered only unsupported versions: [303]

$ oc get csv  -n openshift-cnv
NAME                                       DISPLAY               ...

Describe the solution you'd like
We have removed many RBAC permissions from Trident. The biggest improvements IMO are:

• Separating out daemonset RBACs and reducing it to zero
• Reducing Secret permissions to only the trident namespace

We have also been able to reduce many permissions because we don't use the operator to deploy and instead manually deploy the Trident controller and daemonset. Consider making these improvements and also separating out the operator to have its own set...

Describe the solution you'd like
Trident 22.07 introduced the feature of per-node igroup for the ONTAP-SAN driver. We would like to have this feature for the ONTAP-SAN-ECONOMY driver

Describe alternatives you've considered
None

Additional context
We are using on-prem OpenShift 4.6.8 with CoreOS and the ONTAP-SAN-ECONOMY driver. We have reached a high number of PVs in the cluster - about 650+. Due to the way iscsid and multipathd work, each node need to scan all of its dev...

388ad66 Fix nil pointer dereference in OntapAPIREST - reederc42
afa725c Don't use SAN publish enforcement outside CSI - adkerr
49f563e Narrowing the fields we request in the REST que... - ntap-rippy
22dad0e Fixes to make Trident unit tests pass with race... - inianv
6982405 Add test files for relevant packages - jwebster7

8e2926e Makefile: Allow specifying default trident imag... - ameade

Describe the bug
After the upgrade from v21.10.1 (and 22.04.0) to v22.07.0 only the ontap-nas and ontap-nas-economy drivers are stuck in a failed state:

message: Failed to apply the backend update; updating the data plane IP address isn't currently supported

But the IP address wasn't changed.

ONTAP SAN drivers (ontap-san, ontap-san-economy) don't have these problem.

Trident-main Logs:

time="2022-08-16T07:10:33Z" level=error msg="error syncing backend con...

I wanted to update the Trident plugin from 20.07 to 22.07, but I encountered errors which I can't easily fix.

Environment

• Trident version: 20.07
• Trident installation flags used: docker plugin install --grant-all-permissions --alias netapp netapp/trident-plugin:22.04 config=/etc/netappdvp/netapp.jsonl
• Container runtime: Docker 20.10.12
• OS: Ubuntu 20.04.4
• NetApp backend types: ONTAP

To Reproduce

docker plugin disable -f netapp:latest
docker plugin rm n...

Describe the solution you'd like
Right now topology labels need to be present before trident starts.
But in our case (using capi/metal³) that is not always the case, sometimes the topology labels take longer than trident to appear.
Thus i propoe that trident should adopt to new topology labels that become available shortly after trident starts.

52d3b37 Removes SCC fields that Trident daemonset does ... - reederc42
4b04481 Idempotent CRD Management - jwebster7
4efb1ae Correcting the debug comments to reflect approp... - mravi-na
7efa0a4 Helm and Operator Trident installation for Wind... - arnavs7

Describe the bug
It looks like this bug https://github.com/NetApp/trident/issues/691 or a similar bug is introduced in Trident after the 22.01.1 release. Both the 22.04.0 and the 22.07.0 releases suffer from the same behavior.

Environment
Vanilla Kubernetes 1.21.12 deployed to AWS using kOps 1.23.1

Trident version: [e.g. 19.10]
22.04.0 and 22.07.1
Trident installation flags used: [e.g. -d -n trident --use-custom-yaml]
helm install -n kube-netapp trident .\trident-operat...

Describe the solution you'd like
Support snapshots on ontap-nas-economy driver, in order to use Astra Control Center.

Describe alternatives you've considered
None.

Additional context
Due to the nature of K8s, we can easily reach hundreds and thousands of PVs, while using the Astra Trident + ONTAP solution. Because of this, we almost always have to use the ontap-nas-economy (mostly) and the ontap-san-economy (sometimes). This, in turn, make using Astra Control Center as a ...

df5b511 100% unit test coverage for github.com/netapp/t... - jwebster7
915c998 Adds force unstage volume to remove volume with... - reederc42
1c0b686 Unit test github.com/netapp/trident/storage_dri... - jwebster7
28b2f9d ANF SMB Volume Snapshot and Cloning (#1045) - arnavs7

418b9eb Enable NAE encrypted volumes in Trident - sphadnis007
064efe2 LUKS encrypted volume provisioning - ameade

Describe the bug
Importing an ontapnas volume after a simulated restore of the underlying QTree makes trident-main panic.

Environment

• Trident version: 22.04.0
• Container runtime: containerd github.com/containerd/containerd v1.6.6 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
• Kubernetes version: 1.24.4
• Kubernetes orchestrator: kubeadm
• Kubernetes enabled feature gates: n/a
• OS: Debian 11
• NetApp backend types: ONTAP0 NAS
• Other: Volumes are mounted t...

c7e412e Added unit tests for frontend/common module - sphadnis007
7140a88 Use the pools luks attribute and not the driver... - ameade

Describe the solution you'd like
The Helm template for the operator deployment should allow to configure resources requests and limits for the container as it defined as best practices in Docker CIS Benchmark. And it would be better is default values are defined with sane values.

Describe alternatives you've considered
I didn't find any alternatives.

Additional context

• http...

a96993a Added unit tests for logger, metrics and operat... - prajwalv-netapp

309f4b0 Allow trident to import SMB volume. (#1051) - arnavs7

2e61d8a Adds support for Kubernetes 1.25 and does not i... - reederc42

Trying to use tridentctl to generate manifests (tridentctl install -n sys-trident --generate-custom-yaml) in order to update trident in one of our clusters that run Kubernetes 1.24.4 and I get the following logs:

INFO Created Kubernetes clients.                   namespace=default version=v1.24.4                                                                                                                        
ERRO Kubernetes version 1.24.4 is an unsupported Kubernetes version;...

f1ef672 iSCSI fixes and improved iSCSI workflow comments - VinayKumarHavanur
edf9b30 Combine chap & non-chap work flows - mravi-na
cda3f1c iSCSI improvements: - VinayKumarHavanur
4095ae5 Remove unsupported non-multipath config and blo... - VinayKumarHavanur
12e85b1 Fix to add default NASType as NFS - arnavs7

95f4316 ONTAP SAN Economy driver migration from ZAPI on... - nazneeninc

2451037 Trid 11563 split operator bundle yaml 1 25 (#1061) - kjaxdev

Describe the bug
When running go mod tidy on the stable branch, a diff is generated.

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 22.07
• Trident installation flags used: N/A
• Container runtime: N/A
• Kubernetes version: N/A
• Kubernetes orchestrator: N/A
• Kubernetes enabled feature gates: N/A
• OS: N/A
• NetApp backend types: N/A
• Other:

To Reproduce
Steps to reproduce the behavior:

11fae2d CSI controller API Rest unit test changes - agagan
92ae291 ANF SMB volume publishing - prajwalv-netapp
6e5d420 Split Trident RBAC resources into multiple ones... - inianv
44a821e Update trident version to 22.10 - ameade

4d075e9 CSI controller API Rest unit test changes (#1072) - agagan

Describe the bug
After the upgrade from v21.10.0 to v22.07.0 only the ontap-nas drivers are stuck in a failed state:

message: Failed to apply the backend update; updating the data plane IP address isn't currently supported

But the IP address wasn't changed. It looks like Issue #759.

But I use the cert-based authentication:

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 22.07.0
• Trident inst...

bca28f6 anf smb improvements - prajwalv-netapp

Is it possible to manually set the volume name a PersistentVolumeClaim will create a PersistentVolume with?

The use case I have for this is making clones using the trident.netapp.io/cloneFromPVC annotation. This requires me to know the Persistent Volume's name. Since the name is randomly generated this is slightly more tedious. I can track it down by looking at the spec.claimRef.name on the volume, but it feels like there should be a simpler option.

Describe the bug
I noticed that on my k8s nodes, some volumes are mounted via paths like /dev/mapper/mpathd and some are mounted by paths like /dev/dm-2. I can't see any pattern in which case /dev/mapper/mpathn and which case /dev/dm-n is use. I have only one storage class for san volumes at the moment.

I'm not really sure if this is actually a problem or what is the real difference between the 2, but I read at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/...

2b615c4 changing ONTAP REST API volume.encryption.enabl... - ntap-rippy
bc7ad66 Reduced GCP CVS-SO minimum volume size to 100 GiB - clintonk
f5b9dbd Updated Trident's 3rd-party dependencies for 22... - clintonk
ee1461b Ensure only SLM LIFs are published during Contr... - ntap-arorar

1cbf442 Allow the attachment and formatting of LUKS enc... - ameade
b69aef9 Updated minimum supported Kubernetes version to... - clintonk

Describe the bug
We are in a kubernetes environment and when using the following command

cat <<EOF | kubectl exec -n trident -it trident-csi-xxx -- tridentctl import volume ontap-san trident_pvc_23c1a0aa_61a4_439a_bfa6_5f992d013935_5646 -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    meta.helm.sh/release-name: xxx
    meta.helm.sh/release-namespace: xxx
  labels:
    app.kubernetes.io/component: xxx
    app.kubernetes.io/instance: xxx
    ap...

dc79cfc The frontend CSI helper plain unit test impleme... - agagan

182d402 Add UT coverage to storage/factory - arnavs7

0e44e7d Removed Astra Data Store (ADS) driver - clintonk
7842b3f Simplifying the docker plugin mode logic for lo... - ntap-rippy
3ce83fd Remove astrads from unittests - ameade

Describe the bug
Our on-prem clusters can't access registries on the internet like registry.k8s.io directly. We have mirrors in our local registry though.
So I though I use a custom values.yaml and set trident-operator.imageRegistry.
The problem is, the helm chart (and operator) does not handle the path of the images properly then.
If I set imageRegistry to 'myregistry.com/netapp' the netapp/* images are found but the registry.k8s.io/sig-storage/* images are not.
If I set imageRegist...

ff395ce Additional storage class unit test to improve t... - agagan

Describe the bug
When I create a PVC for a Pod with the following securityContext.

securityContext:
    fsGroup: 1000
    runAsUser: 1000

The pod is not running as a root container.
When we now login to the container and try to create a file inside the mounted volume we get the following issue.

bash-4.4$ ls -l /var/data/
total 4
drwxrwxrwx 2 nobody 4294967294 4096 Oct 12 10:09 kpi
bash-4.4$ ls -l /var/data/kpi/
total 0
bash-4.4$ id
uid=1000...

9635330 Cross-namespace volume sharing - clintonk
1a108db Fix for duplicate iSCSI sessions. - VinayKumarHavanur
1d50366 Remove serviceAccount when Trident Orchestrator... - benclark0

b1d12e8 service discovery for windows nodes - prajwalv-netapp

85d98c1 Update bundle_post_1_25.yaml to include cluster... - benclark0

dc65277 Remove PSP api rules from post_125 bundle yaml.... - kjaxdev
6732da1 Use Windows daemonset path - reederc42

6732da1 Use Windows daemonset path - reederc42
3eee2e2 Update Trident RBAC resource names per new nami... - inianv

849c054 Changes for path separator fix - prajwalv-netapp

Change description

The helm chart has a parameter imageRegistry which is used to set an alternative registry url for trident and csi sidecar images which can cause an issue for some installations. That registry has to contain images from two different sources.
This change keeps imageRegistry for the csi sidecar images and adds tridentImageRegistry to use for mirrored trident images.
It tries to do the same for the cli with an addition trident-image-registry parameter

Project tra...

9180842 stable/v22.10 - Bellizzi, David
5523e5c Revert "Remove PSP api rules from post_125 bund... - kjaxdev
3a7c477 Changes for path separator fix - prajwalv-netapp
ef2ebbe Corrected daemonSet120YAMLTemplateWindows with ... - sphadnis007

Describe the solution you'd like
Currently the helm char automatically deploys the tridentorchestrator crd in the same namespace as the operator.
In our cluster we currently have the tridentorchestrator and operator deployed in seperate namespace.
(we have all operators in the same namespace and the application they manage in a different 1.

We would like a option to deploy the tridentorchestrator in a different namespace,
or the option to not deploy the tridentorchestrator with hel...

Support priorityClassName

Change description

Support custom labels and PriorityClassName on operator pod

Project tracking

https://github.com/NetApp/trident/issues/719

Do any added TODOs have an issue in the backlog?

No

Did you add unit tests? Why not?

Could not find test on helm chart.
Deployed the chart on our own test cluster.

Does this code need functional testing?

No

Is a code review walkthrough needed? why or why not?

No, not that complica...

Change description

Allows overriding the namespace of the orchestrator if you need it to be deployed to a namespace other than the namespace the operator is deployed in.

Project tracking

#775

Do any added TODOs have an issue in the backlog?

No

Did you add unit tests? Why not?

No. minor change in helm chart, deploys correctly to private cluster

Does this code need functional testing?

No.

Is a code review walkthrough needed? why or why not?

No.

...

bae9b20 Corrected daemonSet120YAMLTemplateWindows with ... - sphadnis007
e428670 The issue Flexgroup REST driver fails to create... - agagan

e177758 Add force detach feature flag - benpresnell
97f8a20 Revert: Remove PSP api rules from post_125 bund... - kjaxdev
ab63623 Update changelog and readme for 22.10 - jwebster7

4c5a200 update changelog and readme - jwebster7

Install failed; could not delete pod security policy; the server could not find the requested resource. Resolve the issue; use 'tridentctl uninstall' to clean up; and try again.

https://kubernetes.io/docs/concepts/security/pod-security-policy/

Change description

See https://github.com/kubernetes/kubernetes/issues/89477, https://github.com/kubernetes/kubernetes/issues/89477#issuecomment-603911496.

Project tracking

Do any added TODOs have an issue in the backlog?

Did you add unit tests? Why not?

Does this code need functional testing?

Is a code review walkthrough needed? why or why not?

Should additional test coverage be executed in addition to pre-merge?

Does this code need a...

d783d5e Tidies Go modules - reederc42
a1311d3 Update changelog and readme for 22.10 - jwebster7
9ff1ec1 Update ASUP version to 22.10 - jwebster7

e0353f0 Updates notices for v22.10 - reederc42

Change description

Project tracking

Do any added TODOs have an issue in the backlog?

Did you add unit tests? Why not?

Does this code need functional testing?

Is a code review walkthrough needed? why or why not?

Should additional test coverage be executed in addition to pre-merge?

Does this code need a note in the changelog?

Does this code require documentation changes?

Additional Information

Describe the bug

I would like to change a log level from error to warning in CheckMountOptions().
I found the error messege in trident log(v22.10.0).

time="2022-11-07T03:21:02Z" level=error msg="checking mount options failed; mismatch in mount option: bind, this might cause mount failure" requestID=c8d856be-1fff-4926-8770-7a5bbeb4ed0c requestSource=CSI source=/dev/dm-4 target=/var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices/publish/pvc-831fab01-891d-463c-a51a-6d08aa468...

3fb6008 tridentctl tvpub commands - clintonk
a8bd114 Node bookkeeping for force detach - benpresnell
99b1dd7 Bump asup version to 22.10 - jwebster7
3a6df2f Adding ability to track owning flexvol for econ... - bhatnag
8e69fb4 make nodeUnstageSMBVolume use the new tracking ... - benpresnell

a1b7ff4 Reduce privileges for Trident RBAC resources - inianv

ab26110 Update trident version to 23.01 - benclark0

Describe the bug
On hub.docker.com the trident releases 99.99 and 99.99.99 appeared.
https://hub.docker.com/r/netapp/trident-operator/tags?page=1&name=99.99

Image link is this: https://hub.docker.com/layers/netapp/trident-operator/99.99/images/sha256-e149ba58aa0ce87566fee9c4c79b4c65907c1d113833478817af969a7806e856?context=explore

This would be quite a large version jump and there is also no matching github release for that. So i assume it was pushed in error.

However since ...

In the rare cases when trident-operator 22.07.0 runs on kubernetes 1.25 (with PodSecurityPolicies deprecated), helm upgrade to 22.10 fails with the following message:
'Error: UPGRADE FAILED: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "tridentoperatorpods" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
ensure CRDs are installed first"'

Not sure fix for this will be worth it as I doubt t...

c037dae Addition to change log for Improved performance... - bhatnag
97b38fc Updating tridenctl image registry helper text - sphadnis007

Describe the solution you'd like
AWS EKS Anywhere bundles Bottlerocket OS for kubernetes nodes. We wanted to use astra trident for our EKS-A cluster with bottlerocket os nodes when we realized that it was not possible due to trident host prerequisites. We opened a ticket about the issue with the AWS team as well.
Would be nice if w...

Describe the Error
We have a cluster, that is using the trident as a storage solution for PersistentVolumes. Unfortunately, we often get an error that looks like this one here

Unable to attach or mount volumes: unmounted volumes=[xxx], unattached volumes=[xxx]: timed out waiting for the condition

or

 Multi-Attach error for volume "pvc-xxx" Volume is already exclusively attached to one node and can't be attached to another

Usually it happens after we drain nodes f...

0e2d373 Added support for flexgroupAggregateList to spe... - ntap-rippy

0842e66 Adds rate limiter and middleware to api server - reederc42

00b2ac4 Work around ONTAP pagination bug in vserver-sho... - clintonk
c89de8b Rename Trident pod, deployment, daemonsets per ... - inianv
1888bf5 Added fix for nil pointer dereference in Triden... - arnavs7

2195a0f Fix RBAC permissions for ASUP sidecar to access... - inianv

fc6ac1d Volume publication rw cache - jwebster7

b8c452c Allow Helm/Operator to configure the imagePullP... - agagan

Trident is not automatically getting information from SVM on which aggregate volumes has to be deployed. Pod must manually be restarted to get the new aggr-list information from the SVM. Please implement an automatic polling from this data.

If it helps you prioritise this request, you can add Bank Julius Baer & Co. Ltd. as a company which needs this urgently for the upcoming lifecycle next year.

Describe the bug
During update from 22.07.0 to 22.10.0 I face a segfault error in the log. We use trident to manage volumes on solidfire storage via ISCSI from kubernetes. We do not use the operator, we have our own helm chart.

here is the log:

`trident-6cff996fdb-khggp trident time="2022-12-05T14:31:21+01:00" level=info msg="Running Trident storage orchestrator." binary=/bin/trident build_time="Mon Oct 31 16:03:20 EDT 2022" version=22.10.0
trident-6cff996fdb-khggp trident time="...

11e7a7c Add audit logger - benpresnell
e8adb05 busybox:1.34.1 has a breaking change for buildi... - ntap-rippy
aca64e4 Using uclibc instead per https://github.com/doc... - ntap-rippy

Describe the bug
In our environment we've run into the issue reported in #514, but we're already running v22.01.1, which should contain the fix.

After further investigation we believe that this is caused, because we've configured the discard mount option in our StorageClass, which seems to cause the nouuid option to not be added anymore.

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 22.01.1
• Trident i...

Describe the bug
Please see https://jfrog.atlassian.net/browse/RTFACT-21534 which describes what's happening in a good way. Besides the point that this behavior should be fixed in Artifactory anyway, we should think about whether adding an index file to https://netapp.github.io/trident-helm-chart/ would be a good idea to avoid hitting this bug.

To Reproduce
curl -v https://netapp.github.io/trident-helm-chart => shouldn't return an Error 404

Expected behavior
curl -v ...

Looks all right!

The documentation Deploying with the Trident Operator mentions tridentctl is multiple places, like in the "Creating a Trident Backend" section.

But if I install a TridentOrchestrator object, I have a CRD named TridendBackend. Is it possible to configure a backend using the kubernetes api only? Or do I really need to use tridentctl, even with the operator?

Thank you

1714077 Remove cluster role and roleBinding while upgra... - inianv
41e1c03 Enabled dataLIF update for all ONTAP NAS backends - sphadnis007

Change description

Link to graph driver storage is broken. I don't know what it should be so i put in a comment

Project tracking

Do any added TODOs have an issue in the backlog?

Did you add unit tests? Why not?

Does this code need functional testing?

Is a code review walkthrough needed? why or why not?

Should additional test coverage be executed in addition to pre-merge?

Does this code need a note in the changelog?

D...

Describe the bug
I noticed today that Trident 22.10 uses lsscsi (maybe even before that) but RHEL CoreOS Nodes dont have this binary installed neither is it possible to install it on those nodes. Sofar i have not noticed any issues on my Cluster (3 so far) but i think it could be confusing a lot of users while searching for errors (thats how i stumbeled upon it).

Environment
Non-prod Env, big Netapp Customer in Germany

• Trident version: 22.10
• Trident installation flags us...

Describe the bug
After resizing a ReadWriteMany volume that was mounted by two different pods on two different nodes, I got the following errors:

Kubelet:

Jan 04 10:30:44 k8s-node01.k8s.renci.org kubelet[5323]: E0104 10:30:44.712926    5323 operation_generator.go:2033] NodeExpandVolume.NodeExpandVolume failed for volume "pvc-adaa39c9-43fa-46bd-a94e-17c2252a747b" (UniqueName: "kubernetes.io/csi/csi.trident.netapp.io^pvc-adaa39c9-43fa-46bd-a94e-17c2252a747b") pod "apsviz-geoserver...

7390685 Bump maximum supported k8s version to 1.26 - porrua
dfd2558 Updated Trident to use new Azure SDK for Go - clintonk
870de34 iSCSI self healing thread creation and configur... - VinayKumarHavanur
ecf9f9c iSCSI selh-healing: Defining in memory map, sel... - mravi-na
9b43a7a Implementation of iSCSI self healing action. - VinayKumarHavanur

ee233f9 Adding Storage pools support for GCP volumes wi... - bhatnag

Describe the bug
Currently the chart doesnt survive an upgrade of k8s 1.24.x to 1.25 due to PodSecurityPolicies

Helm upgrade failed: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "tridentoperatorpods" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
ensure CRDs are installed first

Environment
Provide accurate information about the environment to help us reproduce the...

When all nodes in the k8s cluster have taints (e.g. cattle.io/os: linux for rke) the transient-trident-version-pod fails to start as the pod is not created with any tolerations.

It appears that the yaml for the pod is missing the tolerations in https://github.com/NetApp/trident/blob/master/cli/k8s_client/yaml_factory.go

The following requires tolerations to be added

const tridentVersionPodYAML = `---
apiVersion: v1
kind: Pod
metadata:
name: {NAME}
{LABELS}
{OWNER_REF}
...

8a07bec Consider the LIFs in down state during iSCSI vo... - VinayKumarHavanur
78da861 Log a warning if DataLIF is provided in backend... - mravi-na
c5a81d6 Enable volume expansion for LUKS encrypted volumes - simrins
7160d85 Updated Trident's 3rd-party dependencies for 23... - clintonk
65c656e Rotate LUKS passphrase during NodePublishVolume - ameade

Describe the solution you'd like
We've seen that trident supports now Windows Container in Azure, https://github.com/NetApp/trident/issues/165
But it is also necessary to support NetApp - ontap on-premises.

This very useful for us, because we offer Openshift Hybrid Cluster on-premises for our customer.
They use Linux and Windows Container and at the Moment we cannot offer any NetApp storage for Windows in our Cluster.

Openshift only supports Windows Server 2022 onprem.

4913266 Fix to capture ANF Subvolumes error messages - ntap-arorar
7693a9a Fixing a bug preventing clone of imported volum... - bhatnag

a1fcad9 Changes to support FSx SMB volume provisioning ... - prajwalv-netapp
61678dc Changes to allow unix permission with mixed sec... - agagan

2d1f538 Implementation to exclude pod security policy - VinayKumarHavanur

8e46e8f Luks backchannel - ameade

Hi,

all our existing NFS PVCs have reset the UID and GID from all files and directories to 99 instead of the UID of the container user.

Setup:
Openshift 4.10 with kubernetes v1.23.12+8a6bfe4
Red Hat Enterprise Linux CoreOS 410
Trident 22.01.0

Storageclass:

`kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: file-no-backup
provisioner: csi.trident.netapp.io
parameters:
backendType: ontap-nas-economy
selector: netapp=xxx-xxxx-trident0
reclaimPolicy: D...

b327113 Fix potential nil dereference in VolumeModifyUn... - agagan
8841bc0 Workflow-based trace logging - benpresnell

99e17a5 stable/v23.01 - Bellizzi, David
c07cf4d Fix potential nil dereference in VolumeModifyUn... - ameade
5d091f1 changelog for 23.01 - jwebster7

Describe the bug
We experienced downtime in one of our production clusters when the tridentorchestrator failed with the error message:

 Failed to install Trident; err: command terminated with exit code 1; Error: could not get version: Trident initialization failed; error attempting to clean up volume pvc-a075216f-4f29-47bc-99c6-e52782c1e8c6 from backend fsx01-k8sXX-san: error checking for existing volume: API status: failed, Reason: Volume name: The first character must be a...

77e0cac Update changelog v23.01.0 - jwebster7
b4ad2b3 Increasing the code coverage for ontap_common.go - bhatnag
a4d3c52 fixing broken unit tests for ontap_common_test.go - bhatnag

7855b18 Update ASUP version - jwebster7
e35bf40 Update changelog for 23.01 - jwebster7
37b01b8 Updates notice files for Trident and ASUP - reederc42

Describe the bug

Installing new trident version v23.01.0

• trident-operator starts but errors with

time="2023-02-01T11:28:27Z" level=error msg="Object creation failed." err="clusterroles.rbac.authorization.k8s.io \"trident-controller\" is forbidden: user \"system:serviceaccount:trident:trident-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:trident\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroup...

Describe the solution you'd like

Today, we don't have any solution that allows the Trident administrator to limit the amount of storage capacity a Kubernetes user/administrator can provision.
We want to add a new backend option that, if defined, sets a value that the sum of all PVCs should never exceed.
This option could be considered as a storage quota.

Describe alternatives you've considered
As an alternative, we can add a new option to limit the number of volumes that can...

In order to be able to manage Netapp Trident persistent volumes, the Trident backend should be online.

If for some reason we lose the connection between the Trident controller and the NetApp SVM even for a few seconds, the backend will go to a failed state and will never go back online by itself, even if the connection is restored.

To resume an online state for the backend, we need to evacuate or recreate the controller replica set in order to refresh the configuration.

We like to ha...

Describe the bug

We hit the following error in our environment just once.

time="2023-02-01T02:04:48Z" level=fatal msg="could not perform assertion: hybridControllerFrontend.(controllerhelpers.ControllerHelper)"

As I can see the trident log, the process exited by the fatal error and then the trident container was restarted successfully.

hybridControllerFrontend could be nil if a temporary error(e.g. fa...

Describe the bug

With v23.01.0 new code was introduced here which calls multipath -C /dev-dm....

We are using centos7 Nodes with multipath-tools v0.4.9 (05/33, 2016), this version has no -C switch.

This leads to problems when mounting an iscsi volume, here some logs of the trident pod:

~❯ kubectl -n trident logs trident-node-linux-vw4t2
Defaulted container "trident-main" out of: t...

86a9713 Update ASUP version - jwebster7
74f3f25 Unit Test coverage for GCP api code - VinayKumarHavanur
3252a6d Added unit tests for GCP driver - sphadnis007
458d4ba Set log layer in core contexts - clintonk
6acc674 Added Unit Test coverage for ONTAP SAN Economy ... - arnavs7

Describe the solution you'd like

Docker 23.0.0 is released with patch notes and includes support for CSI volumes via https://github.com/moby/moby/pull/41982.

csi-plugins-for-docker-swarm is tracking the progress of various CSI drivers in adding this support.

Is Docker CSI compatibility planned for NetApp Trident?

a3aca40 Fix to ensure Operator's bundle and cluster rol... - ntap-arorar
afb725a Minor fixes - clintonk
89c28c4 Fix for Trident install crash when it cannot co... - arnavs7
bbcbe0a Fixed Trident Operator to use IPv6 localhost fo... - torirevilla

Describe the solution you'd like
Add the availibilty to add tag from pvc to a NetApp Volume

Additional context
We wants to add tag on NetApp Volume to manage it easily. On NetApp I see that we can use tag on volume creation https://docs.netapp.com/us-en/ontap/fabricpool/assign-new-tag-volume-creation-task.html but cannot find anything else on Astra Trident documentation.

Regards

b723ace Fixed Trident Operator to use IPv6 localhost fo... - torirevilla
06aad50 Fix to ensure Operator's bundle and cluster rol... - ntap-arorar
07156fc Fix to support cloning and import of SMB volumes. - prajwalv-netapp
d9b4744 Avoid context from K8S to execCommand - mravi-na

655432e Avoid context from K8S to execCommand - mravi-na
c8c2a4f Fix to support cloning and import of SMB volumes. - prajwalv-netapp
eb50b8a VR REST changes (#1173) - ntap-rippy

Will the dependency on OS binaries such as mount and mkdir, Trident cannot be used with more sophisticated/progressive operating systems like Talos. Will this dependency be lifted at some point?

Describe the solution you'd like

Configuring NFSv3 or NFSv4 on ONTAP can quite complex task and very easily lead to misconfigurations on a multitude of places (host, ontap svcm, trident).

In many cases people just might be wants just NFSv4 to work as NFSv3. When it comes to Kerberos, not many customers i worked with use this, if they do then its because the security team mandates it. But this is perhaps another story.

In many cases there are two parties involved, the devops team ...

With ONTAP 9.12.1 and higher, NFSv4.1, and Linux changes that are in RHEL 8.7 or 9.1 and higher, there are fixes to support running Kafka over NFS. There are some details about this at https://www.netapp.com/blog/simplify-apache-kafka-confluent/.

In order to enable this functionality in ONTAP, there is a new volume setting in 9.12.1 called "-is-preserve-unlink-enabled", which must be set to "true". The ask is for Trident to provide a way for this setting to be enabled so that PVCs for Ka...

Describe the bug
A clear and concise description of what the bug is.

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: [e.g. 19.10]
• Trident installation flags used: [e.g. -d -n trident --use-custom-yaml]
• Container runtime: [e.g. Docker 19.03.1-CE]
• Kubernetes version: [e.g. 1.15.1]
• Kubernetes orchestrator: [e.g. OpenShift v3.11, Rancher v2.3.3]
• Kubernetes enabled feature gates: [e.g. CSINodeInfo]...

4a3534c Enable import of LUKS volumes for ontap-san - ameade

2bfbc22 Avoid context from K8S while invoking external ... - mravi-na

Describe the solution you'd like
The ability to perform snapshot/clone operations (specifically creating a Volume Snapshot) on a volume that Trident will not try to delete at any point. E.g., being able to take a snapshot of a Volume that has been imported with the --no-manage flag.

The --no-manage flag isn't explicitly necessary, but the feature we want from that flag is to prevent Trident from deleting the backing storage if the Trident volume were to be deleted. We want to be a...

Describe the bug

We occasionally have a problem that specific nodes cannot attach Trident volumes. Once it happens, it never recovers until recreating Trident Node pods.

In this situation, pods with Trident volumes get stuck in the ContainerCreating state with the following error.

Warning FailedAttachVolume 14s (x22 over 29m) attachdetach-controller AttachVolume.Attach failed for volume "pvc-310c1228-7477-4fe0-8601-e85365d42d10" : rpc error: code = NotFound desc = node...

fefadd9 Implementation to map all the required pernode ... - VinayKumarHavanur
98c0d9a Changes to support arm64 - prajwalv-netapp

Describe the bug
We regularly see iscsi devices with 2 failed paths on our worker nodes. In some cases, the device is active on another worker (possible because the pod moved) but in other cases the device does not exist anymore. We therefore suspect that trident operator fails to clean-up unnecessary iscsi devices on the workers.

Output of multipath -ll command:
3600a0980383147586e5d536f7839776d dm-12 NETAPP,LUN C-Mode
size=50G features='3 queue_if_no_path pg_init_retries 50' h...

fed3edf Avoid context from K8S while invoking external ... - mravi-na
136fe18 Implementation to map all the required per node... - VinayKumarHavanur
fb8b4da Update Changelog for 23.01.1 - torirevilla

ccf9830 Fix stale localVolumeHandle in TMR after SVM na... - torirevilla
4154b18 Eliminated possibility of stuck transactions - clintonk
d11d0c6 Fixed potential type assertion issues in ONTAP ... - clintonk

c657991 23.01.1 version bump - torirevilla

Describe the bug
We are doing DR exercices that involves importing a volume multiple times in our OpenShift. When we delete the PVC from OpenShift, the volumes stays, which is ok. When we delete the volume, it cannot be imported again.
We found that there is also a TridentVolume resource that stays dangling, so we deleted it. Still the import is not working.
So last resort we recycled all the pods of Trident and then the volume was imported.

Environment

• Trident version: 2...

ad517c4 Notice file for Trident - torirevilla

Describe the bug
Volume size cannot be updated to a new size.

Environment

• Trident version: 23.01
• Trident installation flags used:
• Container runtime: Docker CE 20.10.16
• Kubernetes version: N/A
• Kubernetes orchestrator: N/A
• Kubernetes enabled feature gates: N/A
• OS: AmazonLinux2
• NetApp backend types: AWS FSx

To Reproduce
Steps to reproduce the behavior:

1. Install docker yum -y install docker
2. Create Trident config file gp01.json

    ...

trident operator deployment doesn't provide a mechanism to customize the readinessProbe and livelinessProbe values. (Based on the feedback that we have received from NetApp support, confirmed via documentation as well)

• Documentation link below contains the customization options that are available currently.
  https://docs.netapp.com/us-en/trident-2207/trident-get-started/kubernetes-customize-deploy.html

• Documentation for tridentctl based deployment here allows more customizations.
  h...

Describe the bug

We found the following error handlings missing in the code of the storage drivers. Though we've never encountered problems from these in production, I would like to report this just in case.

1. err from clientAPI.ExportRuleList() in reconcileExportPolicyRules().

https://github.com/NetApp/trident/blob/37b01b8ee97fe50d19d7aeeabebb01411a85fb05/storage_drivers/ontap/ontap_common.go#L363-L365
2. err from c.ExportPolicyList() in ExportPolicyGetByName().

...

Describe the bug
Upgrade of trident in Rancher UI via helmchart from 22.10.0 to 23.01.1 failed

Environment
Rancher 2.7.1, RKE2 v1.24.9+rke2r2

• Trident version: 23.01.1
• Trident installation flags used:
  ** yaml **
  affinity: {}
  deploymentAnnotations: {}
  imagePullPolicy: IfNotPresent
  imagePullSecrets: null
  imageRegistry: registry.k8s.io/sig-storage
  kubeletDir: ''
  nodeSelector: {}
  operatorDebug: true
  operatorImage: docker.io/netapp/trident-operator:23.01.1
  operatorI...

5565b73 Force detach for ontap-san - jwebster7
7a2d0d7 Add --kubeconfig option to tridentctl - arnavs7
00e9406 Allow node access reconciliation loop to exit i... - ameade
7a11e72 Stop HTTPs frontend as early as possible on Tri... - ameade
90fe14e Rest updates for 9 12 1 (#1255) - ntap-rippy

24b97e3 Generate the mock function for the interfaces O... - agagan

cd92152 Use svm UUID instead of name (#1270) - ntap-rippy

4810786 Fix for RWX volume attachment to pod failing af... - arnavs7

d63c6ca Add generalized name for crd yaml file as we no... - ameade

9bca396 Checking in NVME related Zapi files to Trident - bhatnag
fe28774 Generic controller handlers for CRs - ameade
13412e6 Change logic to determine if a device is alread... - ameade

d0d7b4b Rename node publication state flags - jwebster7

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability re...

0be226b Truncate lengthy per-node igroups - jwebster7
ffdbd7e Allow ReadWriteOncePod access mode for PVCs - ameade

e8c1b09 Fixes single platform operator image tag - reederc42

22d1b4e Updated 3rd-party dependencies for 23.04.0 release - clintonk

Describe the bug
A clear and concise description of what the bug is.

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 23.01.1
• Trident installation flags used: Using Helm
• Container runtime: containerd
• Kubernetes version: 1.23
• Kubernetes orchestrator: EKS 1.23
• Kubernetes enabled feature gates: [e.g. CSINodeInfo]
• OS: Amazon Linux
• NetApp backend types: [e.g. CVS for AWS, ONTAP AFF 9.5, HCI 1....

I have some trident backends for which I would like to introduce new attributes to limit the size of the volumes that are generated. The parameters in question are the following: limitAggregateUsage and limitVolumeSize. Could there be any impact or disruption as far as the pods present?

I guess not, but would like to confirm.
Thanks

ab72373 Updating the minimum version for ONTAP REST sup... - ntap-rippy

a98e529 Get publications by node during delete volume - jwebster7
17cde81 Added fix to list all the iSCSI igroup names as... - agagan
bbdc1c4 Refactor CRD controller to use common handlers - ameade
15a2878 Switching ZAPI call parameters (#1306) - ntap-rippy

b3dad27 All ontap-san-* volumes use per-node igroups, a... - reederc42
1b32a06 stable/v23.04 - bassplay3r

0b419b0 cherry-pick changes from master changelog - jwebster7

0580d7f fix issue number - jwebster7
a92981b note about build - reederc42
d84ce5a collapse SMB entries into one; add arm64 issue ... - jwebster7

efade41 adjust SMB share support entry - jwebster7
c7df4b7 adjust SMB entries once more - jwebster7

95e2277 fix space in nas-economy driver - jwebster7
ba8da68 adjust arm64 support entry - jwebster7
e263fcd Revert "adjust arm64 support entry" - jwebster7
1c65548 adjust arm64 entry - jwebster7
98726d5 adjust arm entry again - jwebster7

5ce2d98 Update changelog for 23.04 - jwebster7

1f5192c fix unmanaged import for SAN drivers - reederc42

08aa639 Notice files and ASUP bump to 23.04 - torirevilla

b3dad27 All ontap-san-* volumes use per-node igroups, a... - reederc42
13bc889 Update changelog for 23.04 - jwebster7
370c0e6 fix unmanaged import for SAN drivers - reederc42

Describe the solution you'd like
Currently the helm charts are only distributed in legacy format.
We would like to see them also getting distributed as OCI charts as some registries stared to deprecate the legacy format already
Describe alternatives you've considered

Additional context
https://helm.sh/docs/topics/registries/

Describe the solution you'd like
limitAggregateUsage currently won't work if credentials do not have cluster admin permissions. It does makes sense that it needs cluster permissions but cluster admin seems like a lot of permissions when the SVM is specifically done for this.

Maybe some cluster-viewer role?

Describe alternatives you've considered
None with out current practiices.

Additional context
N/A

eaedb6c Increase Code Coverage of ONTAP NAS FlexGroup D... - agagan
1d4a902 Improve log tracing in frontends - clintonk
458db05 Reconcile backend state - mravi-na

9845d2e The fix for reducing the ONTAP-NAS-Flexgroup UT... - agagan

Trying to deploy backend-tbc-ontap-san.yaml but it's throwing some errors with Problem initializing storage driver 'ontap-san'

PFB YAML FILE of backend-tbc-ontap-san.yaml:

apiVersion: v1
kind: Secret
metadata:
name: backend-fsx-ontap-san-secret
type: Opaque
stringData:
username: ZnN4YWRtaW4=
password: cHJpbWVmb2N1c0AyMDIwJA==

apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
name: backend-fsx-ontap-san
spec:
version: 1
storageDriverName...

Can you please add recommended (or estimates) values for the CPU and memory request and limit for the Helm chart?

This would help by providing base values to be used in capacity estimates.

4c9a2c2 Add errors package - jwebster7
7221bdc deprecated ioutil pkg code moved to appropriate... - mravi-na
4750064 Add command interface - jwebster7
30dba61 Switching to YAML safe loading in these develop... - ntap-rippy

This is a security research, please do not approve, thank you. edulpa

40e0cd2 TridentActionMirrorUpdate CRD and controller - torirevilla
f484dad Added support for create/delete and publish/unp... - bhatnag
dd1b459 Narrowing the check (#1347) - ntap-rippy

Change description

Add optional podDisruptionBudget to deployment

Project tracking

n/a

Do any added TODOs have an issue in the backlog?

n/a

Did you add unit tests? Why not?

n/a - Helm chart change

Does this code need functional testing?

No, tested locally

Is a code review walkthrough needed? why or why not?

No, small change

Should additional test coverage be executed in addition to pre-merge?

No

Does this code need a note in the c...

7200dc5 UTs for nvme_linux.go and some minor code impro... - bhatnag
610c1dd Refactor reconcile type errors - ameade

38dde4c Refactor not found errors - jwebster7

0972c44 Removed obsolete installer code - clintonk
2131aca Increase Code Coverage of ONTAP SAN Driver - agagan

721e447 Remove obsolete pre-CSI code - clintonk

e3527b7 TRID 12247 ONTAP NAS Qtree Unit Tests (#1326) - aparna0508

Describe the bug
Hello, we've update our Trident to 23.04 and enabled Windows Support.
Because of Windows doesn't support NFS we have created a new backend with SMB and a StorageClass which is using the new backend.
Creating a new share works without any problem, but if we want to mount the share within Windows Container, we got following error message:
MountVolume.MountDevice failed for volume "pvc-5832aba1-54ff-4040-9ec0-bbed6a2b4056" : rpc error: code = Internal desc = error mo...

Compare changes

0fe529e Refactor found errors - jwebster7

45fc576 NVMe snap and clone - bhatnag

Describe the bug
We're using the latest helm version 23.4.0 to rollout the trident operator with windows support.
In Openshift it is necessary to set tolerations in the Windows DaemonSet that Pods gets started.

We tried following config in the values.yaml:

tridentNodePluginTolerations:
  - operator: Exists
    effect: NoExecute
  - operator: Exists
    effect: NoSchedule

But the toleration will only be set in the Linux DaemonSet and not in the Windows DaemonSet.
...

Change description

feat: support azure manged identity credentials

Project tracking

N/A

Do any added TODOs have an issue in the backlog?

N/A

Did you add unit tests? Why not?

No ut for the entire function.

Does this code need functional testing?

Is a code review walkthrough needed? why or why not?

Should additional test coverage be executed in addition to pre-merge?

Does this code need a note in the changelog?

feat(Azure): su...

in this case, ClientID is actually userAssignedIdentityID in azure.json?

Yes, they are the same

we could keep this change if end user only provides userAssignedIdentityID in backend secret, and for best convenience, we should leverage /etc/kubernetes/azure.json to get userAssignedIdentityID since it's already there on every AKS cluster.

3527955 Added in-place snapshot restore feature - clintonk
9b5cadf Corrected NVMe subsystem connect - sphadnis007

d3c5474 NVMe volume import - bhatnag

1b645ad Drops all Linux capabilities from containers; n... - reederc42

6ccf1ea Implement mirror update - torirevilla

what if AZURE_CREDENTIAL_FILE not defined? default value should be /etc/kubernetes/azure.json

the logic should be if backend secret is defined, then only use backend secret to get credentials, if not, then use /etc/kubernetes/azure.json by default.

the azure.json could also contain service principal in clientID and clientSecret, so the logic could be: if backend secret is not defined, then parse azure.jjson file to get credentials.

Yes, however, I didn't find any avalaible method in cloud-provider-azure that can parse the credential file and return corresponding credential. I will see if I can make it in cloud-provider-azure SDK.

OK, currect logic is just the opposite.

The AZURE_CREDENTIAL_FILE env is injected by trident operator, it won't be empty if it is deployed on AKS, otherwise it is not running on AKS.

the cloud provider config parsing using old sdk is here: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/470a363a5dbb295bd1123d9cf8cb0e34ac87b032/pkg/provider/config/azure_auth.go#L95, the parsing logic should be the same

maybe we could leverage the sdk 2 parsing code directly: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/470a363a5dbb295bd1123d9cf8cb0e34ac87b032/pkg/azclient/auth.go
cc @MartinForReal

Yes, I've made some changes to the code. However, there seems like some problems when using go-armbalancer, without it everything is ok. I'm investigating in it.

e2e12f8 Trident upgrade to continue even if pods from t... - agagan

977441d REST fixes for quota resize (#1361) - ntap-rippy

add a comment about the auth logic here.

use managed identity credential: ClientID is the managed identity ID

I think the logic is covered in https://github.com/kubernetes-sigs/cloud-provider-azure/blob/e1e1b0f37fea5383db5191595c9327cbc35c44a5/pkg/azclient/auth.go#L120

This clientSecret and clientID are from an external configuration if user configured explicitly, not from azure.json. If users rely on azure.json for authentication, we uses authProvider.GetAzIdentity() to get credential.

clientid client secret can be assigned to authconfig struct and then we can create auth provider using this config...

That's right, I've made changes to the PR.

more graceful way is return authProvider.GetAzIdentity()

de86e2c Fixing extraction of NVMe namespace Name and cr... - bhatnag

Change description

feat: Incoporate azure resources

Create netapp account, capability pool, and subnet when they are not found.

Project tracking

Do any added TODOs have an issue in the backlog?

Did you add unit tests? Why not?

Does this code need functional testing?

Is a code review walkthrough needed? why or why not?

Should additional test coverage be executed in addition to pre-merge?

Does this code need a note in the c...

could you add more details in the PR description? .e.g.
currently we need to create netapp account, netapp volumes, configure vnet, what will this PR do?
https://learn.microsoft.com/en-us/azure/aks/azure-netapp-files-nfs

also there is smb volume, how to deal with that?

3a85520 NAS Eco: create and Delete Qtree snapshots. - VinayKumarHavanur
655d9b4 Fixed ANF driver to try all eligible capacity p... - clintonk

Describe the bug
I install Trident using Kustomize by creating a kustomization.yaml file like this:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/NetApp/trident/deploy?ref=v22.10.0
- snapshot-class.yaml
- trident-storage-classes.yaml
- trident-orchestrator.yaml

This works since Kustomize supports fetching the root kustomization.yaml file from a git repo at a specific path and ref. However, the file MUST be named "kustomi...

0cefdf6 Adding extra checks for existence before use (#... - ntap-rippy

Describe the bug
Hello,
we've created a Trident SMB Backend with storageDriverName "ontap-nas-economy".

apiVersion: trident.netapp.io/v1
kind: TridentBackendConfig
metadata:
  name: backend-tbc-ontap-nas-economy-smb-s-mu40-trident0
  namespace: trident
spec:
  credentials:
    name: trident-backend
  dataLIF: 10.0.3.27
  labels:
    netapp: S-MU40-trident0-smb
  managementLIF: 10.0.3.25
  nasType: smb
  storageDriverName: ontap-nas-economy
  svm: S-MU40-trident0
...

f9c1958 Allow volume replication within a single SVM - torirevilla

e20f1da Move Trident to Go 1.20 (#1368) - ntap-rippy

5826e5c Support mounting RO snapshots in ANF - prajwalv-netapp

1152424 Support snapshot import - coffeefreak101

1c1fedd The trident operator install fails when taints ... - agagan

Describe the bug
I have no debug log when i set debug=true with docker plugin in trident version 23.04.

Environment
OS: Debian 11
Docker: docker-ce:24.0.2-1~debian.11~bullseye
Trident: 23.04
Netapp backend ONTAP 9.11

To Reproduce

• docker plugin install netapp/trident-plugin:23:04 --alias netapp debug=true
• journalctl -u docker

Expected behavior

I'm suppose too some level=debug on logs.

Additional context

I saw [this line](https://githu...

Describe the bug
Fails to expand PVC if the new requested size is smaller than the total volume size.
This should be calculated on the DataSize instead (= Volume size - SnapshotReserve)

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 22.10
• Trident installation flags used: Default install through Helm
• Container runtime: [e.g. Docker 19.03.1-CE]
• Kubernetes version: v1.25.8+37a9a08
• Kubernetes orche...

0df8ac7 Use more efficient snapshot lookups; by name, r... - ntap-rippy
6d30a16 allows controller to run as root and allows dae... - reederc42

b2bad7d Adding another check for FlexGroup clone existe... - ntap-rippy

75dd05c Mask display of volume/snapshot state if 'oniline' - mravi-na

7f1cf4d Release sync VR relationship during reestablish - torirevilla

3a5f29a NVMe self healing - sphadnis007

Change description

This change explicitly sets the namespace in the commands suggested in the chart's NOTES.txt file, which are rendered upon installation.
Before this change, the namespace was not included so the commands would generally not work without modification.

Did you add unit tests? Why not?

No, this is a trivial change and a change to what basically amounts to documentation, nonetheless.

Does this code need functional testing?

No.

Is a code rev...

b6dc968 NAS Economy snapshot restore in Read-Only mode. - VinayKumarHavanur

let's first merge https://github.com/NetApp/trident/pull/829 first since this PR depends on that PR, and also provide a feature flag to decide whether doing following things automatically, by default it's true, and user could disable it if there is sth. wrong:

Create a netapp account
Create capacity pool
Create subnet and delegate to Azure NetApp Files

strings.EqualsFold

and also could you provide an example how to set this cloudProvider

Describe the bug
tridentctl reports state of backend volume as online when it isn't.

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 23.01.1
• Trident installation flags used: default Helm install
• Container runtime: cri-o://1.24.5-2.rhaos4.11.gitb007cb6.el8
• Kubernetes version: v1.24.12+8f6c8a6
• Kubernetes orchestrator: OpenShift 4.11.35
• Kubernetes enabled feature gates:
• OS: Red Hat Enterprise ...

ee2d974 Modify SCC allowed capabilities for OCP 4.13 (#... - porrua

I added a value named cloudProvider in helm/trident-operator/values.yaml. Deploy with helm option --set cloudProvider=.

Describe the bug
There exists duplicate entries for the namespace resource in the trident-operator ClusterRole:

https://github.com/NetApp/trident/blob/ee2d9743551c82635d411da878389ffbd9f5f655/helm/trident-operator/templates/clusterrole.yaml#L10-L16

https://github.com/NetApp/trident/blob/ee2d9743551c82635d411da878389ffbd9f5f655/helm/trident-operator/templates/clusterrole.yaml#L244-L250

This makes it harder than necessary to review what permissions are granted to the applicati...

Describe the bug
After configuring the trident operator in openshift (4.13) and the ontap netapps, we are unable to mount the volume in any pod. The PVC and PV are succesfully created, but the pod description provides the following error messages:
oc describe pod x

  Normal   SuccessfulAttachVolume  11m                    attachdetach-controller  AttachVolume.Attach succeeded for volume "pvc-249dbf83-410c-4421-929e-a8b3c93119db"
  Warning  FailedMount             3m21s (x4 ...

Describe the bug

When installing the Trident operator from the Helm chart in a Kubernetes cluster managed by Rancher, the operator fails because it is unable to add the PSA label pod-security.kubernetes.io/enforce: privileged on its installation namespace. This is because Rancher has a special admission webhook in place for setting PSA labels, which must be granted to the ServiceAccount, on top of all the other RBAC rules it needs.

Environment

• Trident version: 23.04.0
• ...

Change description

In Rancher, it is not enough to have patch permissions for a namespace in order to set PSA labels.
It is also required to have the updatepsa permission on the projects resource, as outlined
here.

This rule allows the Trident operator to set the PSA label pod-security.kubernetes.io/enforce: privileged on its installation namespace in Rancher.

Project tracking

I have no insight to your interna...

Describe the bug

After uninstalling the Trident operator (using Helm), I find that there are multiple CR and CRDs left. This is pretty annoying since the lingering resources still have finalizers on them preventing them from being deleted. So before I can delete the namespace to remove the resources, I have to edit each resource and clear its finalizer manually. I can thereafter remove the namespace ...

I've installed trident via helm chart with values.yml

excludePodSecurityPolicy: true

But the trident-operator pod is still creating them

level=info msg="A Trident pod security policy was found by label." podSecurityPolicy=trident-node-linux
level=debug msg="Patching Trident Pod security policy." podSecurityPolicy=trident-node-linux
W0706 14:02:52.097195 1 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0706 14:02:5...

c2683f9 Skips single platform retagging if images are n... - reederc42
db499f3 Fixing NVMe bugs - bhatnag

205b6a8 Support for RO clone in ONTAP-NAS - prajwalv-netapp

9b8f3df Add LUN Serial Number Check - ntap-arorar

833ed19 Added support for backend state update for NVMe... - sphadnis007

Compare changes

561e2cb OsType cannot be specified in a LUN clone POST ... - ntap-rippy

62f1f80 Fixing this REST call, the initiator name needs... - ntap-rippy