#Dynamically export policies

In the document, it states "you must ensure that the root junction in your SVM has a precreated export policy with an export rule that permits the node CIDR block (such as the default export policy)" My question is how do I specify this policy for root junction if we don't use the "default"?

I'm not sure I fully follow your question. The rule doesn't have to be named default. It can (and probably should) have a different name. It just needs to exist so that the k8s nodes that need to mount NFS shares from storage have the permission to do so.

Our policy name is ReadOnly. default exists but with no rules. I see in the log provisioning pvc failed because it cannot find any rule in default policy. How do I let trident know it should use ReadOnly, not default?

According to https://docs.netapp.com/us-en/trident/trident-use/ontap-nas-examples.html#backend-configuration-options (assuming you read between the lines correctly) there are two ways to handle this.

1. Set autoExportPolicy and autoExportCIDRs in the backend and let Trident make the export policies it needs.
   or
2. Set exportPolicy (Note that is in the defaults section of the backend, see the example in the documentation for this one.) to be "ReadOnly" instead of taking the default value of "default"

I am using option 1 . what you are saying is that i can use exportPolicy to specify the policy for root junction while using option 1? are options 1 and 2 mutually exclusive?
hmm the export policy for root junction should be the one for rootvol. I don't know why i saw the error message then. Will try to re-produce. Thanks!

Using them together will give you unpredictable results as you have two ways to do the same process. I would highly suggest picking one and sticking with it.