v24.02.0

Changes since v23.10.0

Fixes:

• Fixed ACP warning messages when ACP is not enabled (Issue #866).
• Added a 10-second delay before performing a clone split during snapshot delete for ONTAP drivers, when a clone is associated with the snapshot.

Enhancements:

• Kubernetes: Added support for Kubernetes 1.29.
• Added ability to configure and disable iSCSI self-healing (Issue #864).
• Added support for Cloud Identity.
  • AKS with ANF - Azure Workload Identity will be used as Cloud Identity
  • EKS with FSxN - AWS IAM role will be used as Cloud Identity
• Added FSx personality to ONTAP drivers to enable integration with IAM and SecretsManager, and to enable Trident to delete FSx volumes with backups (Issue #453).
• Trident can be installed as an EKS add-on via the EKS console.

Deprecations:

• Removed in-toto attestations framework from multi-platform image manifests.

Known Issues:

• Helm: The trident-autosupport image in the Helm chart was not updated to 24.02. To use the 24.02 ASUP image add --set tridentAutosupportImageTag=24.02 to the helm install command. A fix will be included in the next patch release. Note: there will not be a patch release for 24.02, this will be fixed in the next release, 24.06.

v23.10.0

Changes since v23.07.0

Fixes:

• Fixed volume expansion if a new requested size is smaller than the total volume size for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #834).
• Fixed volume size to display only usable size of the volume during import for ontap-nas and ontap-nas-flexgroup storage drivers (Issue #722).
• Fixed FlexVol name conversion for ONTAP-NAS-Economy.
• Fixed Trident initialization issue on a windows node when node is rebooted.

Enhancements:

• Kubernetes: Added support for Kubernetes 1.28.
• Added support for using Azure Managed Identities (AMI) with azure-netapp-files storage driver.
• Added support for NVMe over TCP for the ONTAP-SAN driver.
• Added ability to pause the provisioning of a volume when backend is set to suspended state by user (Issue #558).

Other advanced storage management/provisioning/access features available in Astra Control include:

• Read-only clones
• Snapshot Restore
• Support for Kerberos in-flight encryption
• Volume Replication

Please refer to Astra Control Documentation for details on these features.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to 1.23.

v23.07.1

Changes since v23.07.0

Fixes:

• Kubernetes: Fixed daemonset deletion to support zero-downtime upgrades (Issue #740).

v23.07.0

Changes since v23.04.0

Fixes:

• Kubernetes: Fixed Trident upgrade to disregard old pods stuck in terminating state (Issue #740).
• Kubernetes: Added toleration to "transient-trident-version-pod" definition (Issue #795).
• Fixed ONTAP ZAPI requests to ensure LUN serial numbers are queried when getting LUN attributes to identify and fix ghost iSCSI devices during Node Staging operations.
• Fixed error handling in storage driver code (Issue #816).
• Fixed quota resize when using ONTAP drivers with use-rest=true.
• Fixed LUN clone creation in ontap-san-economy.
• Revert publish info field from rawDevicePath to devicePath; added logic to populate and recover (in some cases)
  devicePath field.

Enhancements:

• Kubernetes: Added support for importing pre-provisioned snapshots.
• Kubernetes: Minimized deployment and daemonset linux permissions (Issue #817).
• No longer reporting the state field for "online" volumes and snapshots.
• Updates the backend state if the ONTAP backend is offline (Issues #801, #543).
• LUN Serial Number is always retrieved and published during the ControllerVolumePublish workflow.
• Added additional logic to verify iSCSI multipath device serial number and size.
• Additional verification for iSCSI volumes to ensure correct multipath device is unstaged.

Experimental Enhancements:

• Added tech preview support for NVMe over TCP for the ONTAP-SAN driver.

Deprecations:

• Kubernetes: Removed support for v1beta1 snapshots.
• Kubernetes: Removed support for pre-CSI volumes and storage classes.
• Kubernetes: Updated minimum supported Kubernetes to 1.22.

v23.04.0

Changes since v23.01.0

• IMPORTANT: Force volume detach for ONTAP-SAN-* volumes is only supported with Kubernetes versions which have enabled the Non-Graceful Node Shutdown feature gate.
  Force detach must be enabled at install time via --enable-force-detach Trident installer flag.

Fixes:

• Fixed Trident Operator to use IPv6 localhost for installation when specified in spec.
• Fixed Trident Operator cluster role permissions to be in sync with the bundle permissions (Issue #799).
• Fixed issue with attaching raw block volume on multiple nodes in RWX mode.
• Fixed FlexGroup cloning support and volume import for SMB volumes.
• Fixed issue where Trident controller could not shut down immediately (Issue #811).
• Added fix to list all igroup names associated with a specified LUN provisioned with ontap-san-* drivers.
• Added a fix to allow external processes to run to completion.
• Fixed compilation error for s390 architecture (Issue #537).
• Fixed incorrect logging level during volume mount operations (Issue #781).
• Fixed potential type assertion error (Issue #802).

Enhancements:

• Kubernetes: Added support for Kubernetes 1.27.
• Kubernetes: Added support for importing LUKS volumes.
• Kubernetes: Added support for ReadWriteOncePod PVC access mode.
• Kubernetes: Added support for force detach for ONTAP-SAN-* volumes during Non-Graceful Node Shutdown scenarios.
• Kubernetes: All ONTAP-SAN-* volumes will now use per-node igroups. LUNs will only be mapped to igroups while actively
  published to those nodes to improve our security posture. Existing volumes will be opportunistically switched to
  the new igroup scheme when Trident determines it is safe to do so without impacting active workloads (Issue #758).
• Kubernetes: Improved Trident security by cleaning up unused Trident-managed igroups from ONTAP-SAN-* backends.
• Added support for SMB volumes with Amazon FSx to the ontap-nas-economy and ontap-nas-flexgroup storage drivers.
• Added support for SMB volumes with on-prem to the ontap-nas, ontap-nas-economy and ontap-nas-flexgroup storage drivers.
• Added support for creation of SMB shares through Trident for on-prem and Amazon FSx.
• Added support for linux/arm64 nodes (Issue #732).
• Improved Trident shutdown procedure by deactivating API servers first (Issue #811).
• Added cross-platform build support for Windows and linux/arm64 hosts to Makefile; see BUILD.md.

Deprecations:

• Kubernetes: Backend-scoped igroups will no longer be created when configuring ontap-san and ontap-san-economy drivers (Issue #758).

v23.01.1

Changes since v23.01.0

Fixes:

• Fixed Trident Operator to use IPv6 localhost for installation when specified in spec.
• Fixed Trident Operator cluster role permissions to be in sync with the bundle permissions (Issue #799).
• Added a fix to allow external processes to run to completion.
• Fixed issue with attaching raw block volume on multiple nodes in RWX mode.
• Fixed FlexGroup cloning support and volume import for SMB volumes.

v23.01.0

Changes since v22.10.0

• IMPORTANT: Kubernetes 1.26 is now supported in Trident. Please upgrade Trident prior to upgrading Kubernetes.

Fixes:

• Kubernetes: Added options to exclude Pod Security Policy creation to fix Trident installations via Helm (Issues #783, #794).

Enhancements

• Kubernetes: Added support for Kubernetes 1.26.
• Kubernetes: Improved overall Trident RBAC resource utilization (Issue #757).
• Kubernetes: Added automation to detect and fix broken or stale iSCSI sessions on host nodes.
• Kubernetes: Added support for expanding LUKS encrypted volumes.
• Kubernetes: Added credential rotation support for LUKS encrypted volumes.
• Added support for SMB volumes with Amazon FSx to the ontap-nas storage driver.
• Added support for NTFS permissions when using SMB volumes.
• Added support for storage pools for GCP volumes with CVS service level.
• Added support for optional use of flexgroupAggregateList when creating FlexGroups with the ontap-nas-flexgroup storage driver.
• Improved performance for the ontap-nas-economy storage driver when managing multiple FlexVols.
• Enabled dataLIF updates for all ONTAP NAS storage drivers.
• Updated the Trident Deployment and DaemonSet naming convention to reflect the host node OS.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to 1.21.
• Data LIFs should no longer be specified when configuring ontap-san or ontap-san-economy drivers.

v22.10.0

Changes since v22.07.0

• IMPORTANT: Kubernetes 1.25 is now supported in Trident. Please upgrade Trident prior to upgrading Kubernetes.
• IMPORTANT: Trident will now strictly enforce the use of multipathing configuration in SAN environments, with a recommended value of find_multipaths: no in multipath.conf file. Use of non-multipathing configuration or use of find_multipaths: yes or find_multipaths: smart value in multipath.conf file will result in mount failures. Trident has recommended the use of find_multipaths: no since the 21.07 release.

Fixes:

• Fixed issue specific to ONTAP backend created using credentials field failing to come online during 22.07.0
  upgrade (Issue #759)
• Docker: Fixed an issue causing the Docker volume plugin to fail to start in some environments (Issues #548, #760).
• Fixed SLM issue specific to ONTAP SAN backends to ensure only subset of data LIFs belonging to reporting nodes are published.
• Fixed performance issue where unnecessary scans for iSCSI LUNs happened when attaching a volume.
• Removed granular retries within Trident's iSCSI workflow to fail fast and reduce external retry intervals.
• Fixed issue where an error was returned when flushing an iSCSI device when the corresponding multipath device was already flushed.

Enhancements

• Kubernetes: Added support for Kubernetes 1.25.
  • Added new operator yaml (bundle_post_1_25.yaml) without a PodSecurityPolicy to support Kubernetes 1.25.
• Kubernetes: Added a separate ServiceAccount, ClusterRole, and ClusterRoleBinding for the Trident Deployment and DaemonSet to allow future permissions enhancements.
• Kubernetes: Added support for cross-namespace volume sharing.
• All Trident ontap-* storage drivers now work with the ONTAP REST API.
• Added support for LUKS-encrypted volumes for ontap-san and ontap-san-economy storage drivers.
• Added support for Windows Server 2019 nodes.
• Added support for SMB volumes on Windows nodes through the azure-netapp-files storage driver.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to 1.20.
• Removed Astra Data Store (ADS) driver.
• Removed support for yes and smart options for find_multipaths when configuring worker node multipathing for iSCSI.

v22.07.0

Changes since v22.04.0

Fixes:

• Kubernetes: Fixed issue to handle boolean and number values for node selector when configuring Trident with Helm or the Trident Operator. (Issue #700)
• Kubernetes: Fixed issue in handling errors from non-CHAP path, so that kubelet will retry if it fails. (Issue #736)

Enhancements

• Kubernetes: Transition from k8s.gcr.io to registry.k8s.io as default registry for CSI images.
• Kubernetes: ONTAP-SAN volumes will now use per-node igroups and only map LUNs to igroups while actively
  published to those nodes to improve our security posture. Existing volumes will be opportunistically switched to
  the new igroup scheme when Trident determines it is safe to do so without impacting active workloads.
• Kubernetes: Included a ResourceQuota with Trident installations to ensure Trident DaemonSet is scheduled when PriorityClass consumption is limited by default.
• Added support for Network Features to ANF driver. (Issue #717)
• Added tech preview automatic MetroCluster switchover detection to ONTAP drivers. (Issue #228)
• Kubernetes: Do not allow any volume plugins to be used by operator pods. (Issue #606)
• Kubernetes: Added support for Pod Security Standards.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to 1.19.
• Astra Data Store (ADS) driver updated to v1beta1 CRDs, so this version of Trident requires ADS 22.5.0 or later.
• Backend config no longer allows multiple authentication types in single config.

Removals

• AWS CVS driver (deprecated since 22.04) has been removed.
• Kubernetes: Removed unnecessary SYS_ADMIN capability from node pods.
• Kubernetes: Reduces nodeprep down to simple host info and active service discovery to do a best-effort
  confirmation that NFS/iSCSI services are available on worker nodes.

v22.04.0

Changes since v22.01.0

Fixes:

• Improved parsing of iSCSI initiator names. (Issue #681)
• Fixed issue where CSI storage class parameters weren't allowed. (Issue #598)
• Fixed duplicate key declaration in Trident CRD. (Issue #671)
• Fixed inaccurate CSI Snapshot logs. (Issue #629)
• Fixed issue with unpublishing volumes on deleted nodes. (Issue #691)
• Added handling of filesystem inconsistencies on block devices. (Issue #656)
• Fixed issue pulling auto-support images when setting the imageRegistry flag during installation. (Issue #715)
• Fixed issue where ANF driver failed to clone a volume with multiple export rules.
• Fixed panic when accessing nil fields for aggregate space in ONTAP API responses.

Enhancements

• Inbound connections to Trident's secure endpoints now require a minimum of TLS 1.3. (Issue #698)
• Trident now adds HSTS headers to responses from its secure endpoints.
• Trident now attempts to enable the Azure NetApp Files unix permissions feature automatically.
• Kubernetes Trident daemonset now runs at system-node-critical priority class. (Issue #694)

Removals

• ESeries driver (disabled since 21.07) has been removed.