Releases: NetApp/trident
Releases · NetApp/trident
v25.02.0
Changes since v24.10.0
Trident
Fixes:
- Kubernetes: Fixed missing node IP addresses from automatic export policies (Issue #965).
- Kubernetes: Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
- Kubernetes: Fixed backend config credentials to support all available AWS ARN partitions (Issue #913).
- Kubernetes: Added option to disable the auto configurator reconciliation in the Trident operator (Issue #924).
- Kubernetes: Added securityContext for csi-resizer container (Issue #976).
- Fixed Zonal Flex pools for GCNV driver.
Enhancements:
- Kubernetes: Added support for ONTAP ASA r2 for iSCSI.
- Added Fibre Channel support on ONTAP-SAN driver.
- Added NVMe LUKS support.
- Kubernetes: Added support for force detach for ONTAP-NAS volumes during Non-Graceful Node Shutdown scenarios.
New ONTAP-NAS volumes will now utilize per-volume export policies managed by Trident. Provided an
upgrade path for existing volumes to transition to the new export policy model on unpublish without affecting active
workloads. - Openshift: Added support for automatic iSCSI node preparation for RHCOS on ROSA clusters.
- Kubernetes: Added support for cross namespace volume cloning.
- Kubernetes: Added cloneFromSnapshot PVC annotation.
- Kubernetes: Added automatic backend configuration for EKS add-on and helm based installation for AWS FSxN.
- Kubernetes: Added support for Kubernetes 1.32.
- Switched to scratch image for all base images.
- Kubernetes: Enhanced iSCSI self-healing to initiate scans by exact host, channel, target and LUN ID.
- Added support for SMB volumes with GCNV driver.
- Allow ONTAP volumes to skip recovery queue on deletion.
- Added support to override default images using SHAs instead of tags.
- Added image-pull-secrets flag to tridentctl installer.
- Openshift: Added support for Openshift Virtualization for ONTAP drivers.
Trident Protect
You are required to install the new Trident protect module to unlock these capabilities. Read more to get started.
Fixes:
- Improved the management of temporary volumes to skip the ONTAP Volume Recovery Queue.
- Security Context Constraint (SCC) annotations are now restored to original values.
- Improved Restore efficiency with support for parallel operations.
- Enhanced support for Execution Hook timeouts for larger applications.
Enhancements:
- New: Added Backup and Restore support for KubeVirt / OpenShift Virtualization VMs for both volumeMode: File
and volumeMode: Block (raw device) storage, to already available storage replication through AppMirrorRelationship. - Capability to control freeze behaviour at application level for KubeVirt environments.
- Support for configuring AutoSupport proxy connections.
- Ability to define a secret for data mover encryption (Kopia / Restic).
- Ability to manually run an execution hook.
- Ability to configure Security Context Constraints (SCCs) during Trident protect installation.
- Support for configuring node selector and affinity rules during Trident protect installation.
- Support for HTTP / HTTPS egress proxy for AppVault objects.
- SESSION_TOKEN support added to AWS S3 AppVault credentials.
- Extended ResourceFilter to allow exclusion of Cluster Scoped Resources.
- Support for AWS Session Token in S3 AppVault credentials.
- Added support for resource collection after pre-snapshot execution hook.
v24.10.1
Changes since v24.10.0
Fixes:
- Fixed missing node IP addresses from automatic export policies (Issue #965).
- Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
- Updated Trident and Trident-ASUP dependencies to address CVE-2024-45337 and CVE-2024-45310.
- Removed logouts for intermittently unhealthy non-CHAP portals during iSCSI self-healing (Issue #961).
Enhancements:
- Kubernetes: Added support for Kubernetes 1.32.
- Added iSCSI connection state discovery and logging when iSCSI sessions should be logged in but are not (Issue #961).
v24.10.0
Changes since v24.06.0
Coming soon: Trident’s new features for Kubernetes-native:
- Data protection
- Disaster recovery
- Application mobility
- Data migration
You are required to install the new Trident protect module to unlock these capabilities.
Fixes:
- Added support for Windows Server 2019.
- Kubernetes: Fixed Rancher admission webhook preventing Trident Helm installations (Issue #839).
- Kubernetes: Fixed Affinity key in Helm chart values (Issue #898).
- Kubernetes: Fixed tridentControllerPluginNodeSelector/tridentNodePluginNodeSelector won't work with "true"
value (Issue #899). - Kubernetes: Delete ephemeral snapshots created during cloning (Issue #901).
- Fixed
go mod tidyin Trident repo (Issue #767).
Enhancements:
- Kubernetes: Added new flag
--k8s_api_qpsto installers to set the QPS value used by Trident to communicate
with the Kubernetes API server. - Kubernetes: Added
--node-prepflag to installers for automatic management of storage protocol dependencies
on Kubernetes cluster nodes. Tested and verified compatibility with Amazon Linux 2023 iSCSI storage protocol. - Kubernetes: Added support for force detach for ONTAP-NAS-Economy NFS volumes during Non-Graceful Node Shutdown
scenarios. - Kubernetes: New ONTAP-NAS-Economy NFS volumes will use per-qtree export policies when using
autoExportPolicy
backend option. Qtrees will only be mapped to node restrictive export policies at time of publish to improve
access control and security. Existing qtrees will be switched to the new export policy model when Trident
unpublishes the volume from all nodes to do so without impacting active workloads. - Google Cloud NetApp Volumes driver is now generally available for NFS volumes and supports zone-aware provisioning.
- GCP Workload Identity will be used as Cloud Identity for Google Cloud NetApp Volumes with GKE.
- Added
formatOptionsconfiguration parameter to ONTAP-SAN and ONTAP-SAN-Economy drivers to allow users to specify LUN format options. - Reduced Azure NetApp Files minimum volume size to 50 GiB. Azure new minimum size expected to GA in November.
- Added
denyNewVolumePoolsconfiguration parameter to restrict ONTAP-NAS-Economy and ONTAP-SAN-Economy drivers to
preexisting Flexvol pools. - Added detection for the addition or removal of aggregates from the SVM across all ONTAP drivers.
- Added 18 MiB overhead for iSCSI LUKS LUNs to ensure reported PVC size is usable.
- Improved node stage and unstage error handling for iSCSI ONTAP-SAN and ONTAP-SAN-Economy to allow unstage to remove devices.
- Added a custom role generator allowing customers to create a minimalistic role for Trident in ONTAP.
- Added additional logging for troubleshooting
lsscsi(Issue #792).
Experimental Enhancements:
- Added tech preview for Fibre Channel support on ONTAP-SAN driver.
Deprecations:
- Kubernetes: Updated minimum supported Kubernetes to 1.25.
- Kubernetes: Removed support for Pod Security Policy.
v24.06.1
v24.06.0
Changes since v24.02.0
- IMPORTANT: The 'limitVolumeSize' parameter now limits qtree/LUN sizes in the ONTAP economy drivers. Use the new 'limitVolumePoolSize'
parameter to control Flexvol sizes in those drivers. (Issue #341).
Known Issues:
- IMPORTANT: Support for Windows Server 2019 has been removed, and Trident will not install on nodes running this version. If your cluster includes Windows Server 2019 nodes, please refrain from upgrading to Astra Trident 24.06. Support will be reinstated in a future release.
Fixes:
- Fixed Trident installation failures due to stale transactions.
- Fixed tridentctl to ignore warning messages from Kubernetes (Issue #892).
- Changed Trident controller SecurityContextConstraint priority to 0 (Issue #887).
- ONTAP drivers now accept volume sizes below 20MiB (Issue#885).
- Prevent shrinking of Flexvols during resize operation for the ONTAP-SAN driver.
- Fixed ANF volume import failure with NFS v4.1.
Enhancements:
- Kubernetes: Trident DaemonSet will now clean zombie mounts and residual tracking files at startup (Issue #883).
- Kubernetes: Added PVC annotation
trident.netapp.io/luksEncryptionfor dynamically importing LUKS volumes (Issue #849). - Kubernetes: Added topology awareness to ANF driver.
- iSCSI self-healing will now initiate SCSI scans by exact LUN ID if deprecated igroups are in use (Issue #883).
- Operations such as Clone and Resize are now allowed even when the backend is in suspended mode.
- User-configured log settings for the Trident controller can now be propagated to Trident node pods.
- Trident defaults to use REST instead of ZAPI for ONTAP versions 9.15.1 and later.
- Added support for custom volume names and metadata (labels) on the ONTAP storage backends.
- Added tech preview driver for Google Cloud NetApp Volumes.
- Enhanced the azure-netapp-files (ANF) driver to automatically enable the snapshot directory by default when the NFS mount options are set to use NFS version 4.x.
- Added Bottlerocket support for NFS volumes.
Deprecations:
- Removed support for EOL Windows server 2019.
v24.02.0
Changes since v23.10.0
Fixes:
- Fixed ACP warning messages when ACP is not enabled (Issue #866).
- Added a 10-second delay before performing a clone split during snapshot delete for ONTAP drivers, when a clone is associated with the snapshot.
Enhancements:
- Kubernetes: Added support for Kubernetes 1.29.
- Added ability to configure and disable iSCSI self-healing (Issue #864).
- Added support for Cloud Identity.
- AKS with ANF - Azure Workload Identity will be used as Cloud Identity
- EKS with FSxN - AWS IAM role will be used as Cloud Identity
- Added FSx personality to ONTAP drivers to enable integration with IAM and SecretsManager, and to enable Trident to delete FSx volumes with backups (Issue #453).
- Trident can be installed as an EKS add-on via the EKS console.
Deprecations:
- Removed in-toto attestations framework from multi-platform image manifests.
Known Issues:
- Helm: The
trident-autosupportimage in the Helm chart was not updated to 24.02. To use the 24.02 ASUP image add--set tridentAutosupportImageTag=24.02to the helm install command. A fix will be included in the next patch release. Note: there will not be a patch release for 24.02, this will be fixed in the next release, 24.06.
v23.10.0
Changes since v23.07.0
Fixes:
- Fixed volume expansion if a new requested size is smaller than the total volume size for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #834).
- Fixed volume size to display only usable size of the volume during import for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #722).
- Fixed FlexVol name conversion for ONTAP-NAS-Economy.
- Fixed Trident initialization issue on a windows node when node is rebooted.
Enhancements:
- Kubernetes: Added support for Kubernetes 1.28.
- Added support for using Azure Managed Identities (AMI) with azure-netapp-files storage driver.
- Added support for NVMe over TCP for the ONTAP-SAN driver.
- Added ability to pause the provisioning of a volume when backend is set to suspended state by user (Issue #558).
Other advanced storage management/provisioning/access features available in Astra Control include:
- Read-only clones
- Snapshot Restore
- Support for Kerberos in-flight encryption
- Volume Replication
Please refer to Astra Control Documentation for details on these features.
Deprecations:
- Kubernetes: Updated minimum supported Kubernetes to 1.23.
v23.07.1
v23.07.0
Changes since v23.04.0
Fixes:
- Kubernetes: Fixed Trident upgrade to disregard old pods stuck in terminating state (Issue #740).
- Kubernetes: Added toleration to "transient-trident-version-pod" definition (Issue #795).
- Fixed ONTAP ZAPI requests to ensure LUN serial numbers are queried when getting LUN attributes to identify and fix ghost iSCSI devices during Node Staging operations.
- Fixed error handling in storage driver code (Issue #816).
- Fixed quota resize when using ONTAP drivers with use-rest=true.
- Fixed LUN clone creation in ontap-san-economy.
- Revert publish info field from
rawDevicePathtodevicePath; added logic to populate and recover (in some cases)
devicePathfield.
Enhancements:
- Kubernetes: Added support for importing pre-provisioned snapshots.
- Kubernetes: Minimized deployment and daemonset linux permissions (Issue #817).
- No longer reporting the state field for "online" volumes and snapshots.
- Updates the backend state if the ONTAP backend is offline (Issues #801, #543).
- LUN Serial Number is always retrieved and published during the ControllerVolumePublish workflow.
- Added additional logic to verify iSCSI multipath device serial number and size.
- Additional verification for iSCSI volumes to ensure correct multipath device is unstaged.
Experimental Enhancements:
- Added tech preview support for NVMe over TCP for the ONTAP-SAN driver.
Deprecations:
- Kubernetes: Removed support for v1beta1 snapshots.
- Kubernetes: Removed support for pre-CSI volumes and storage classes.
- Kubernetes: Updated minimum supported Kubernetes to 1.22.
v23.04.0
Changes since v23.01.0
- IMPORTANT: Force volume detach for ONTAP-SAN-* volumes is only supported with Kubernetes versions which have enabled the Non-Graceful Node Shutdown feature gate.
Force detach must be enabled at install time via--enable-force-detachTrident installer flag.
Fixes:
- Fixed Trident Operator to use IPv6 localhost for installation when specified in spec.
- Fixed Trident Operator cluster role permissions to be in sync with the bundle permissions (Issue #799).
- Fixed issue with attaching raw block volume on multiple nodes in RWX mode.
- Fixed FlexGroup cloning support and volume import for SMB volumes.
- Fixed issue where Trident controller could not shut down immediately (Issue #811).
- Added fix to list all igroup names associated with a specified LUN provisioned with ontap-san-* drivers.
- Added a fix to allow external processes to run to completion.
- Fixed compilation error for s390 architecture (Issue #537).
- Fixed incorrect logging level during volume mount operations (Issue #781).
- Fixed potential type assertion error (Issue #802).
Enhancements:
- Kubernetes: Added support for Kubernetes 1.27.
- Kubernetes: Added support for importing LUKS volumes.
- Kubernetes: Added support for ReadWriteOncePod PVC access mode.
- Kubernetes: Added support for force detach for ONTAP-SAN-* volumes during Non-Graceful Node Shutdown scenarios.
- Kubernetes: All ONTAP-SAN-* volumes will now use per-node igroups. LUNs will only be mapped to igroups while actively
published to those nodes to improve our security posture. Existing volumes will be opportunistically switched to
the new igroup scheme when Trident determines it is safe to do so without impacting active workloads (Issue #758). - Kubernetes: Improved Trident security by cleaning up unused Trident-managed igroups from ONTAP-SAN-* backends.
- Added support for SMB volumes with Amazon FSx to the ontap-nas-economy and ontap-nas-flexgroup storage drivers.
- Added support for SMB volumes with on-prem to the ontap-nas, ontap-nas-economy and ontap-nas-flexgroup storage drivers.
- Added support for creation of SMB shares through Trident for on-prem and Amazon FSx.
- Added support for linux/arm64 nodes (Issue #732).
- Improved Trident shutdown procedure by deactivating API servers first (Issue #811).
- Added cross-platform build support for Windows and linux/arm64 hosts to Makefile; see BUILD.md.
Deprecations:
- Kubernetes: Backend-scoped igroups will no longer be created when configuring ontap-san and ontap-san-economy drivers (Issue #758).