#NetworkAttachmentDefinition for Trident in Red Hat OpenShift

I understand that it is necessary to create a NAD (NetworkAttachmentDefinition) and add it as annotation to Trident deployment YAML, if the OpenShift management network is different than the storage network.
So I have a couple of questions about NAD.

• In this case, what type of NetworkAttachmentDefinition should be specified? bridge or ovn-k8s-cni-overlay ?
• Is it necessary to add NAD to all Trident-related Pods such as Trident Node and Trident Operator?

Thank you.

I inquired within NetApp and here is the response from an SME. I hope this is helpful.
...............................................................
If the OpenShift management network is different from the storage network, and you’re deploying Trident in such an environment, then it is necessary to create a NetworkAttachmentDefinition and reference it via an annotation in the Trident deployment YAML.
• Now, type of NetworkAttachmentDefinition: Use the ‘bridge’ plugin here as your storage network is separated from the management network. We should not use ‘own-k8s-cni-overlay’ here as Trident requires access to external storage endpoints, often on a separate VLAN/subnet, which overlay networks don’t support directly.
• It is not necessary to add NAD to all Trident-related pods.
o NAD is needed for trident-controller pod as it needs access to the storage backend
o NAD is required for trident-node pods. For example, if your storage protocol is NFS or iSCSI, then the node pods need direct access to the storage network to mount volumes
o NAD is not needed for trident operator pod as the operator is only responsible for managing the lifecycle of Trident components, and it does not interact with the storage backends directly.

I really appreciate your response! It was very helpful.

I have an addicitonal question:

When adding k8s.v1.cni.cncf.io/networks: <network> to the annotation of trident-node, I was able to find k8s.v1.cni.cncf.io/networks: <network> in the Pod's YAML, but I couldn't confirm any additional NICs within the Pod.
Is this expected behavior?

Thanks,

https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/networking/managing-multiple-networks
This doc implies that you should see them, but I guess it depends on what image you are using for your pod. If it's a base OS image, I would expect them to be visible (based on what I've read. I've not tried it myself.)

hey guys,
i'm struggeling with this at the moment.
Im not sure what is the best-practice config on this.
Do you have any example configs on how to do that?