#Trident multiple clusters, one svm

Hey everyone,
we are using trident to provide persistent storage to our customers hosted k8s clusters. But lately we ran into some issues, which raised the question if there is a better way to solve our situation.
In general we have multiple customers, which get one svm per customer right now. Depending on the customer the persistent storage is needed in one or more clusters.
To achieve this, we are currently using the same ontap-nas-economy backend config for multiple clusters(everything the same, except the autoExportCIDRs). But now we had the issue that a customer with 3 clusters only had 2 volumes generated and 2 clusters trying to use the same volume, resulting in the overwrite of each others policies and mounting failures as result.
Our first question would be, if there is an option to control which volume a trident instance uses, to prevent the reuse of one volume?
And the second, if there is a better option to seperate clusters within one svm, as we know, that in theory on compromised cluster could access the shares of the other clusters(even in different volumes) as he has full access via the api user.

Many thanks in advance.

Each k8s cluster's backend should have a storagePrefix that is unique to that cluster. This would keep one k8s cluster from use another's volume.

keep in mind that a k8s admin can change the TridentBackendConfig though, so they could (if they wanted) access or disturb other clusters' volumes. That's why it is usually better to separate different clusters into different SVMs

many thanks for your answers! we will try them out and change out backend configs 🙂

Thats execactly what we needed! Thank you!

Regarding the second question and Darkstar's answer, is there an option in netapp to seperate clusters in one svm, by using multiple service users, each scoped to one volume? 🤔