Scoped credentials for Harvest | NetApp | Page 1

zenith pier May 21, 2025, 2:59 PM

#

Hello Harvest Dev team,

We are planning to host Harvest in multiple kubernetes clusters.
And we would like to use scoped credentials for each of the harvest instance.
We would like to scope these credentials for only see mtrics which are SVM specific.

We tried to follow these instructions: https://netapp.github.io/harvest/nightly/configure-harvest-basic/
And provided SVM credentials in the harvest config.

But looks like Harvest needs cluster level credentials because we see that it makes calls to cluster endpoint.

How can we configure Harvest to only get SVM specific metrics with SVM credentials and avoid providing cluster level credentials in the cluster config?

Thank you!

vocal heron May 21, 2025, 3:08 PM

#

hi @zenith pier Can you tell us a bit more? Would you prefer a solution that uses REST, ZAPI, or both?

I'm not sure that ONTAP has full support for what's being asked. Have you talked with anyone in ONTAP about this? If ONTAP doesn’t have strong support for SVM scoped requests, it’s not really possible for Harvest to add them so maybe that's the place to start first.

For REST config data, ONTAP includes SVM tunneling support but that doesn't work for REST performance metrics.

In terms of which credentials are needed, using ONTAP's RBAC you can tighten things down quite a bit. It might be possible to use ONTAP's RBAC to achieve your goal of SVM specific metrics, but I'm not sure. That might be a better question for #1063542514780475493

zenith pier May 21, 2025, 3:27 PM

#

Hi @vocal heron !

Thank you for your reply.
Yes, we are looking to use REST api.

We have not spoken with ONTAP folks yet.
And we do need to collect ONTAP performance metrics for specific SVMand volumes owned by that SVM. (think of it one k8s cluster per SVM and one harves instance per cluster).

I'll try asking in ontap-api channel.

thank you!

vocal heron May 21, 2025, 3:35 PM

#

I'll follow along in the conversation there once you post it, and I'll post a few examples in this thread of what works with SVM tunneling and what doesn't.

#

SVM tunneling examples https://github.com/NetApp/harvest/discussions/3656

GitHub

ONTAP SVM tunneling examples · NetApp harvest · Discussion #3656

Using ONTAP's SVM tunneling support REST config without tunneling curl --silent --insecure --netrc-file ~/.curl-helper 'https://10.193.48.154/api/storage/volumes' | jq .num_records Retu...

zenith pier May 21, 2025, 6:28 PM

#

here is the post in ontap-api channel:
https://discord.com/channels/855068651522490400/1374815931196379219

#Scoped credentials for Harvest