This lab was developed with our partner, NetApp. Your personal information may be shared with NetApp, the lab sponsor, if you have opted-in to receive product updates, announcements, and offers in your Account Profile.

GSP1309

Overview

Netapp Trident enables consumption and management of storage resources across all popular NetApp storage platforms, including Google Cloud NetApp Volumes. Trident is a Container Storage Interface (CSI) compliant dynamic storage orchestrator that natively integrates with Kubernetes. Trident runs as a single Controller Pod plus a Node Pod on each worker node in the cluster.

In this lab you will learn how to create persistent volumes in Google Kubernetes Engine using Google Cloud NetApp Volumes.

Objectives

In this lab you will learn how to:

• Deploy NetApp Trident.
• Configure the requirements.
• Create a Persistent Volume Claim.

Prerequisites

• A basic understanding of Google Kubernetes Engine.
• A basic understanding of Google Cloud NetApp Volumes.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This Qwiklabs hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

What you need

To complete this lab, you need:

• Access to a standard internet browser (Chrome browser recommended).
• Time to complete the lab.

Note: If you already have your own personal Google Cloud account or project, do not use it for this lab.

Note: If you are using a Pixelbook, open an Incognito window to run this lab.

How to start your lab and sign in to the Google Cloud Console

1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is a panel populated with the temporary credentials that you must use for this lab.

   

2. Copy the username, and then click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.

   

   Tip: Open the tabs in separate windows, side-by-side.

3. In the Sign in page, paste the username that you copied from the Connection Details panel. Then copy and paste the password.

   Important: You must use the credentials from the Connection Details panel. Do not use your Qwiklabs credentials. If you have your own Google Cloud account, do not use it for this lab (avoids incurring charges).

4. Click through the subsequent pages:

   • Accept the terms and conditions.
   • Do not add recovery options or two-factor authentication (because this is a temporary account).
   • Do not sign up for free trials.

After a few moments, the Cloud Console opens in this tab.

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.

Click Continue.

It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

You can list the active account name with this command:

gcloud auth list

(Output)

Credentialed accounts: - <myaccount>@<mydomain>.com (active)

(Example output)

Credentialed accounts: - google1623327_student@qwiklabs.net

You can list the project ID with this command:

gcloud config list project

(Output)

[core] project = <project_ID>

(Example output)

[core] project = qwiklabs-gcp-44776a13dea667a6

Task 1. Deploy NetApp Trident

1. Connect to the Kubernetes Cluster

Open the Kubernetes Engine console and verify that there is an existing kubernetes cluster running.

Open a Google Cloud Shell and run the below command to connect to the kubernetes cluster.

gcloud container clusters get-credentials cluster1 --region {{{ project_0.default_region|REGION}}} --project {{{ project_0.project_id|PROJECT ID}}}

You can verify that you have connected properly running the next command.

kubectl get nodes

2. Download and install NetApp Trident

First, download a copy of Trident to your local computer that has kubectl installed and has kubectl access to your Kubernetes cluster.

wget https://github.com/NetApp/trident/releases/download/v25.02.0/trident-installer-25.02.0.tar.gz

Be sure to unzip the file after download and go to the directory.

tar -xf trident-installer-25.02.0.tar.gz cd trident-installer

Next, install the custom resource definition (CRD) for the Trident orchestrator custom resource (CR). The YAML file for the CRD is included in the bundle you just downloaded.

kubectl create -f deploy/crds/trident.netapp.io_tridentorchestrators_crd_post1.16.yaml

Next, create the trident namespace and deploy the operator along with the service account and role-based access control (RBAC) for the operator.

kubectl create ns trident kubectl create -f deploy/bundle_post_1_25.yaml

You should now see the operator appear in your cluster.

kubectl get pods -n trident

Wait until the trident operator pod is running like the below example.

kubectl get pods -n trident NAME READY STATUS RESTARTS AGE trident-operator-f495b989d-72sw7 1/1 Running 0 18s

Deploy the Trident orchestrator CR.

kubectl apply -f deploy/crds/tridentorchestrator_cr.yaml

This resource will deploy several pods: a controller pod and a pod on each worker node.

kubectl get pods -n trident

Wait until the trident controller pods are running like the below example.

kubectl get pods -n trident NAME READY STATUS RESTARTS AGE trident-controller-5b75bc54cd-k69xp 6/6 Running 0 26s trident-node-linux-2wsn7 1/2 Running 0 25s trident-node-linux-pjx4l 1/2 Running 0 25s trident-node-linux-zvrf7 1/2 Running 0 25s trident-operator-f495b989d-72sw7 1/1 Running 0 116s

Click Check my progress to verify that you've performed the above task. Install Trident

Task 2. Configure the requirements

1. Create a Google Cloud service account

gcloud iam service-accounts create netapp-trident --description="Service account for NetApp Trident" --display-name="NetApp Trident"

And attach the netapp admin permissions to the new service account.

gcloud projects add-iam-policy-binding {{{ project_0.project_id|PROJECT ID}}} --member="serviceAccount:netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com" --role=roles/netapp.admin

Go to the IAM & Admin console, and click on the Service Accounts section. Click on the service account 'netapp-trident' that you has just created, click on the KEYS tab, and click on ADD KEY > Create new key. Select the JSON format to download it.

2. Create a Kubernetes secret

A secret is an object that contains a small amount of sensitive data such as a password, a token, or a key.

Create a new file gcnv-secret.yaml in the Cloud Shell, copy the below yaml file and include the private_key_id and private_key replacing the '<-- Include here -->' text with the values of the service account json file.

apiVersion: v1 kind: Secret metadata: name: gcnv-secret type: Opaque stringData: private_key_id: "<-- Include here -->" private_key: "<-- Include here -->"

The gcnv-secret.yaml file should look similar to the below one.

Create and verify the Kubernetes secret using the next commands.

kubectl create -f gcnv-secret.yaml -n trident kubectl get secrets -n trident

Click Check my progress to verify that you've performed the above task. Create a secret

3. Create a Kubernetes backend

A backend defines the relationship between Trident and a storage system. It tells Trident how to communicate with that storage system and how Trident should provision volumes from it.

Get and copy the project number running the next command from the Cloud Shell.

gcloud projects describe --format='value(projectNumber)' $(gcloud config get-value project)

Create a new file gcnv-backend-zonal-flex.yaml in the Cloud Shell, copy the below yaml file and include the client_id replacing the '<-- Include here -->' text with the value of the service account json file, and include the project number replacing the '<-- Include here -->' text that you just got in the previous step.

apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: gcnv-zonal-flex spec: version: 1 storageDriverName: google-cloud-netapp-volumes backendName: gcnv-zonal-flex projectNumber: '<-- Include here -->' location: {{{ project_0.default_zone|ZONE}}} apiKey: type: service_account project_id: {{{ project_0.project_id|PROJECT ID}}} client_email: netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com client_id: '<-- Include here -->' auth_uri: https://accounts.google.com/o/oauth2/auth token_uri: https://oauth2.googleapis.com/token auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com credentials: name: gcnv-secret storage: - labels: performance: flex availability: zonal serviceLevel: flex

Create and verify the Kubernetes backend using the next commands.

kubectl create -f gcnv-backend-zonal-flex.yaml -n trident kubectl get tridentbackendconfig -n trident

Click Check my progress to verify that you've performed the above task. Create a backend

4. Create a Kubernetes Storage Class

A Kuberetes StorageClass provides a way for administrators to describe the classes of storage they offer. Different classes might map to quality-of-service levels, or to backup policies, or to arbitrary policies determined by the cluster administrators.

Create a new file gcnv-storageclass-zonal-flex.yaml in the Cloud Shell, copy the below yaml file.

apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: gcnv-zonal-flex provisioner: csi.trident.netapp.io parameters: backendType: "google-cloud-netapp-volumes" selector: "performance=flex; availability=zonal" allowVolumeExpansion: true

Create and verify the Kubernetes Storage Class using the next commands.

kubectl create -f gcnv-storageclass-zonal-flex.yaml kubectl get sc

Click Check my progress to verify that you've performed the above task. Create a storage class

Task 3. Create a Persistent Volume Claim

A Persistent Volume (PV) is a physical storage resource provisioned by the cluster administrator on a Kubernetes cluster. The Persistent Volume Claim (PVC) is a request for access to the Persistent Volume on the cluster.

Open the NetApp Volumes console and verify that there is a existing Storage Pool running.

Create a new file gcnv-pvc-zonal-flex.yaml in the Cloud Shell, copy the below yaml file.

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-zonal-flex spec: accessModes: - ReadWriteMany storageClassName: gcnv-zonal-flex resources: requests: storage: 1Gi

Create and verify the Kubernetes Persistent Volume Claim using the next commands.

kubectl create -f gcnv-pvc-zonal-flex.yaml kubectl get pvc

Open the Google Cloud NetApp Volumes console and verify that there is a new volume created similar like the below.

Verify the Kubernetes Persistent Volume using the next command.

kubectl get pv

Click Check my progress to verify that you've performed the above task. Create a volume

Congratulations!

You have learned how to create a Kuberentes persistent volume dynamically with Google Cloud NetApp Volumes from Google Kubernetes Engine using NetApp Trident.

Next steps / Learn more

Be sure to check out the official NetApp Volumes documentation:

• NetApp Volumes documentation

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual last updated April 15, 2025

Manual Last tested April 15, 2025

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.