Skip to main content
NetApp Knowledge Base

Enforcing Kubernetes limitVolumeSize Policy with Trident: Aggregate Visibility Limitations for SVM-Scoped Roles in ONTAP

  1. Last updated
  2. Save as PDF
Views:
8
Visibility:
Public
Votes:
0
Category:
trident-openshift
Specialty:
SNAPX
Last Updated:

Applies to

  • Astra Trident (Kubernetes CSI driver)
  • Trident deployments using SVM-scoped roles (e.g., vsadmin)

Issue

When attempting to enforce Kubernetes storage policies such as limitVolumeSize (e.g., restricting PVCs to 400Gi and limiting to 40 volumes per SVM) using Trident with an SVM-scoped ONTAP role (like vsadmin), Trident cannot access aggregate-level capacity information. This prevents the use of Trident’s limitAggregateUsage feature, which would dynamically prevent provisioning when aggregate usage exceeds a threshold.

Example log/behavior:

  • Trident cannot retrieve aggregate capacity details.
  • Attempts to create a custom ONTAP role with aggregate visibility for an SVM-scoped user fail.
  • No error is thrown for limitVolumeSize enforcement, but limitAggregateUsage is non-functional.
  • Reference: GitHub Issue #822

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.