Our K8 team needs to use the auto export feature since our nodes are dynamic. Is there a way in the config to add in our backup subnet to get added to the export policies through trident when it creates them? i added them manually but it looks like they have been deleted for some reason. so hoping we can just have trident add them in
#auto export policy, add backup subnet
tough rampart
lament jay
as far as I know, when you let Trident manage the export policies, it is going to make sure that it ONLY contains a rule per worker node.
As you noticed, It is not possible to add an extra subnet onto the policy, Trident will clean it up.
if your PVC need to be accessed by both K8S & the backend subnet, you need to switch to manual export policy management
& specify the policy name in the Trident backend
cloud hinge
Did you consider using autoExportCIDRs option? Refer - https://docs.netapp.com/us-en/trident/trident-use/ontap-nas-examples.html#backend-configuration-options
tough rampart
We did try that, added it in out test environment but that didnt change anything. Not sure if we did it right, couldnt find alot of info on it.
Our K8 team said with all the automation and adding/deleting nodes they really cant move to manual export policy management
The only other options i can think of would be to create some sort of ansible automation to pull every export policy every night and check for our entry for out backup subnet, and if its not there add it back in. but idk how i feel about that
lament jay
the autoExportCIDR option can host different subnets, but that is used to find what are the worker nodes public IP@ within these subnets. From there, each rule created will only correspond to a specific worker node
do you have a specific subnet only used by ONTAP + Kubernetes + Backup?
in this case, you could manually create an export policy for the whole subnet...