v25.06.3

Changes since v25.06.2

Trident

Fixes:

• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.
• Kubernetes: Fixed an issue with duplicate subsystem names occurring due to long hostnames for ONTAP NVMe driver.

v25.10.0

Changes since v25.06.0

Trident

Fixes:

• Kubernetes: Fixed an issue where multiple attempts to close a LUKS device resulted in failures to detach volumes.
• Kubernetes: Fixed CSI node-driver-registrar container name inconsistency by standardizing Linux DaemonSet to node-driver-registrar to match Windows DaemonSet and container image naming.
• Openshift: Fixed Trident node pod not starting on Windows nodes in Openshift due to SCC having allowHostDirVolumePlugin set to false (Issue #950)
• Kubernetes: Fixed an issue where export policies for legacy qtrees were not properly upgraded.
• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.
• Kubernetes: Fixed an issue where NQNs were not checked before they are unmapped from Subsystems.
• Openshift: Fixed an issue where iSCSI node prep failed with OCP 4.19.
• Kubernetes: Block cloning of volume across different storage classes.
• Increased timeout when cloning a volume using SolidFire backends (Issue #1008).
• Fixed Kubernetes API QPS not being set via Helm (Issue #975).
• Fixed inability to mount a Persistent Volume Claim (PVC) based on a snapshot of an NVMe based XFS filesystem PVC on the same Kubernetes node.
• Fixed UUID change issue after host/Docker restart in NDVP mode by adding unique/shared subsystem names per backend (e.g., netappdvp_subsystem).
• Fixed mount errors for iSCSI volumes during Trident upgrade from versions prior to 23.10 to 24.10 and above, resolving "invalid SANType" issue.
• Fixed issue where Trident backend state was not transitioning to online/offline without restarting the Trident controller.
• Fixed snapshots not being cleaned up on volume clone failures.
• Fixed failure to unstage volume when its device path was changed by the kernel.
• Fixed failure to unstage volume due to LUKS device already closed.
• Fixed issue where slow storage operations were leading to ContextDeadline errors.
• Trident Operator will wait for configurable k8s-timeout to check Trident version.

Enhancements:

• Kubernetes: Added support for CSI Volume Group Snapshots with v1beta1 Volume Group Snapshot Kubernetes APIs for ONTAP-NAS NFS and ONTAP-SAN-Economy drivers, in addition to ONTAP-SAN (iSCSI and FC).
• Added option for Trident controller to use host networking via helm, operator and tridentctl (Issue #858).
• Kubernetes: Added support for automated workload failover with force volume detach for the ONTAP-NAS and ONTAP-NAS-Economy (excluding SMB in both NAS drivers), and the ONTAP-SAN and ONTAP-SAN-Economy drivers.
• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for FCP volumes.
• Kubernetes: Added ONTAP AFX support for ONTAP NAS NFS driver.
• Kubernetes: Added support for configuring CPU and memory resource requests and limits for Trident containers via TridentOrchestrator CR and Helm chart values. (Issues #1000, #927, #853, #592, #110).
• Kubernetes: Added FC support for ASAr2 personality.
• Kubernetes: Added option to serve Prometheus metrics with HTTPS, instead of HTTP.
• Kubernetes: Added an option --no-rename when importing a volume to keep the original name but let Trident manage its lifecycle.
• Kubernetes: Trident deployment now runs at system-cluster-critical priority class.
• Added manual QoS support to the ANF driver, making it production-ready in 25.10; this experimental enhancement was introduced in 25.06.

Experimental Enhancements:

NOTE: Not for use in production environments.

• [Tech Preview] Added support for concurrency for ONTAP-NAS (NFS only) and ONTAP-SAN (NVMe for unified ONTAP 9), in addition to the existing Tech Preview for the ONTAP-SAN driver (iSCSI and FCP protocols in unified ONTAP 9).

Trident Protect

Enhancements:

• Added annotations to Schedule and Backup CR's to control various Snapshot CR timeouts: protect.trident.netapp.io/snapshot-completion-timeout, protect.trident.netapp.io/volume-snapshots-ready-to-use-timeout, protect.trident.netapp.io/volume-snapshots-created-timeout
• Added annotation to Schedule CR to configure PVC bind timeout, which will be used by Backup CR: protect.trident.netapp.io/pvc-bind-timeout-sec
• Improving tridentctl-protect backup and snapshot listings to add a new field to indicate execution hook failures

v25.06.2

Changes since v25.06.1

Trident

Fixes:

• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.

v25.06.1

IMPORTANT: For customers using SolidFire, please do not upgrade to 25.06.1 due to a known issue when unpublishing volumes. 25.06.2 will be released soon to address this issue.

Changes since v25.06.0

Trident

Fixes:

• Kubernetes: Fixed an issue where NQNs were not checked before they are unmapped from Subsystems.
• Kubernetes: Fixed an issue where multiple attempts to close a LUKS device resulted in failures to detach volumes.
• Kubernetes: Fixed iSCSI volume unstage when the device path has changed since its creation.
• Increased timeout when cloning a volume using SolidFire backends (Issue #1008).
• Openshift: Fixed an issue where iSCSI node prep failed with OCP 4.19.
• Kubernetes: Block cloning of volume across different storage classes.

v25.06.0

Changes since v25.02.0

Trident

Fixes:

• Kubernetes: Fixed an issue with CSI NodeExpandVolume where multipath devices could be left with incongruent sizes when underlying SCSI disk(s) are unavailable.
• Kubernetes: Fixed failure to clean up duplicate export policies for ONTAP-NAS and ONTAP-NAS-Economy drivers.
• Kubernetes: Fixed GCNV volumes defaulting to NFSv3 when nfsMountOptions is unset; now both NFSv3 and NFSv4 protocols are supported. If nfsMountOptions is not provided, the host’s default NFS version (NFSv3 or NFSv4) will be used.
• Kubernetes: Fixed deployment issue when installing Trident using Kustomize (Issue #831).
• Kubernetes: Fixed missing export policies for PVCs created from snapshots (Issue #1016).
• Kubernetes: Fixed issue where the ANF volume sizes are not automatically aligned to 1 GiB increments.
• Kubernetes: Fixed issue when using NFSv3 with Bottlerocket.
• Fixed timeout when cloning a volume using SolidFire backends (Issue #1008).
• Fixed issue with ONTAP-NAS-Economy volumes expanding up to 300 TB despite resize failures.
• Fixed issue where clone split operations were being done synchronously when using ONTAP REST API.

Enhancements:

• Kubernetes: Added support for CSI Volume Group Snapshots with v1beta1 Volume Group Snapshot Kubernetes APIs for ONTAP-SAN iSCSI driver.
• Kubernetes: Added support for ONTAP ASA r2 for NVMe/TCP in addition to iSCSI.
• Kubernetes: Added secure SMB support for ONTAP-NAS and ONTAP-NAS-Economy volumes. Active Directory users and groups may now be used with SMB volumes for enhanced security.
• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for iSCSI volumes.
• Kubernetes: Added --allow-discards when opening LUKS volumes to allow discard/TRIM commands for space reclamation.
• Kubernetes: Enhanced performance when formatting LUKS-encrypted volumes.
• Kubernetes: Enhanced LUKS cleanup for failed but partially formatted LUKS devices.
• Kubernetes: Enhanced Trident node idempotency for NVMe volume attach and detach.
• Kubernetes: Added internalID field to the Trident volume config for ONTAP-SAN-Economy driver.
• Kubernetes: Added support for volume replication with SnapMirror for NVMe backends.

Experimental Enhancements:

NOTE: Not for use in production environments.

• [Tech Preview] Enabled concurrent Trident controller operations via the --enable-concurrency feature flag. This allows controller operations to run in parallel, improving performance for busy or large environments.
  NOTE: This feature is experimental and currently supports limited parallel workflows with the ONTAP-SAN driver (iSCSI and FCP protocols).
• [Tech Preview] Added manual QOS support with the ANF driver.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to v1.27.

Trident Protect

You are required to install the new Trident protect module to unlock these capabilities. Read more to get started.

Fixes:

• Fixed bug where snapshot annotation values from previous snapshots were being applied to newer snapshots. All snapshot annotations are applied correctly now.
• Defining by default a secret for data mover encryption (Kopia / Restic), if not is custom defined.
• Added improved validation and error messages for S3 appvault creation.
• AppMirrorRelationship (AMR) now only replicates PVs in the Bound state, to avoid failed attempts.
• Fixed issue where errors were displayed when getting appvaultcontent on an appvault with large number of backups.
• KubeVirt VMSnapshots are excluded from restore and failover operations to avoid failures.
• Fixed issue with Kopia where snapshots were being removed prematurely due to Kopia default retention schedule overriding what was set by the user in the schedule.

Enhancements:

• Enhancing restore times, providing the option to do more frequent full backups.
• Improved granularity of application definition and selective restore with Group-Version-Kind (GVK) filtering.
• Efficient resync and reverse replication when using AppMirrorRelationship (AMR) with SnapMirror, to avoid full PVC replication.
• Added ability to use EKS Pod Identity to create AppVault buckets, removing the need to specify a secret with the bucket credentials for EKS clusters.
• Providing the ability to skip restoring labels and annotations in the restore namespace, if needed.
• AppMirrorRelationship (AMR) will now check for source PVC expansion and perform the appropriate expansion on the destination PVC as needed.
• Adding support for replication with AMR and SnapMirror for NVMe/TCP backends.

v25.02.1

Changes since v25.02.0

Fixes:

• Kubernetes: Fixed an issue in the trident-operator where sidecar image names and versions were incorrectly populated when using a non-default image registry (Issue #983).
• Kubernetes: Fixed the issue where multipath sessions fail to recover during an ONTAP failover giveback (Issue #961).

v25.02.0

Changes since v24.10.0

Trident

Fixes:

• Kubernetes: Fixed missing node IP addresses from automatic export policies (Issue #965).
• Kubernetes: Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
• Kubernetes: Fixed backend config credentials to support all available AWS ARN partitions (Issue #913).
• Kubernetes: Added option to disable the auto configurator reconciliation in the Trident operator (Issue #924).
• Kubernetes: Added securityContext for csi-resizer container (Issue #976).
• Fixed Zonal Flex pools for GCNV driver.

Enhancements:

• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for NFS and SMB volumes.
• Kubernetes: Added support for ONTAP ASA r2 for iSCSI.
• Added Fibre Channel support on ONTAP-SAN driver.
• Added NVMe LUKS support.
• Kubernetes: Added support for force detach for ONTAP-NAS volumes during Non-Graceful Node Shutdown scenarios.
  New ONTAP-NAS volumes will now utilize per-volume export policies managed by Trident. Provided an
  upgrade path for existing volumes to transition to the new export policy model on unpublish without affecting active
  workloads.
• Openshift: Added support for automatic iSCSI node preparation for RHCOS on ROSA clusters.
• Kubernetes: Added support for cross namespace volume cloning.
• Kubernetes: Added cloneFromSnapshot PVC annotation.
• Kubernetes: Added automatic backend configuration for EKS add-on and helm based installation for AWS FSxN.
• Kubernetes: Added support for Kubernetes 1.32.
• Switched to scratch image for all base images.
• Kubernetes: Enhanced iSCSI self-healing to initiate scans by exact host, channel, target and LUN ID.
• Added support for SMB volumes with GCNV driver.
• Allow ONTAP volumes to skip recovery queue on deletion.
• Added support to override default images using SHAs instead of tags.
• Added image-pull-secrets flag to tridentctl installer.
• Openshift: Enhanced qualification for Openshift Virtualization for ONTAP drivers.

Trident Protect

You are required to install the new Trident protect module to unlock these capabilities. Read more to get started.

Fixes:

• Improved the management of temporary volumes to skip the ONTAP Volume Recovery Queue.
• Security Context Constraint (SCC) annotations are now restored to original values.
• Improved Restore efficiency with support for parallel operations.
• Enhanced support for Execution Hook timeouts for larger applications.

Enhancements:

• New: Added Backup and Restore support for KubeVirt / OpenShift Virtualization VMs for both volumeMode: File
  and volumeMode: Block (raw device) storage, to already available storage replication through AppMirrorRelationship.
• Capability to control freeze behaviour at application level for KubeVirt environments.
• Support for configuring AutoSupport proxy connections.
• Ability to define a secret for data mover encryption (Kopia / Restic).
• Ability to manually run an execution hook.
• Ability to configure Security Context Constraints (SCCs) during Trident protect installation.
• Support for configuring node selector and affinity rules during Trident protect installation.
• Support for HTTP / HTTPS egress proxy for AppVault objects.
• SESSION_TOKEN support added to AWS S3 AppVault credentials.
• Extended ResourceFilter to allow exclusion of Cluster Scoped Resources.
• Support for AWS Session Token in S3 AppVault credentials.
• Added support for resource collection after pre-snapshot execution hook.

v24.10.1

Changes since v24.10.0

Fixes:

• Fixed missing node IP addresses from automatic export policies (Issue #965).
• Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
• Updated Trident and Trident-ASUP dependencies to address CVE-2024-45337 and CVE-2024-45310.
• Removed logouts for intermittently unhealthy non-CHAP portals during iSCSI self-healing (Issue #961).

Enhancements:

• Kubernetes: Added support for Kubernetes 1.32.
• Added iSCSI connection state discovery and logging when iSCSI sessions should be logged in but are not (Issue #961).

v24.10.0

Changes since v24.06.0

Coming soon: Trident’s new features for Kubernetes-native:

• Data protection
• Disaster recovery
• Application mobility
• Data migration

You are required to install the new Trident protect module to unlock these capabilities.

Fixes:

• Added support for Windows Server 2019.
• Kubernetes: Fixed Rancher admission webhook preventing Trident Helm installations (Issue #839).
• Kubernetes: Fixed Affinity key in Helm chart values (Issue #898).
• Kubernetes: Fixed tridentControllerPluginNodeSelector/tridentNodePluginNodeSelector won't work with "true"
  value (Issue #899).
• Kubernetes: Delete ephemeral snapshots created during cloning (Issue #901).
• Fixed go mod tidyin Trident repo (Issue #767).

Enhancements:

• Kubernetes: Added new flag --k8s_api_qps to installers to set the QPS value used by Trident to communicate
  with the Kubernetes API server.
• Kubernetes: Added --node-prep flag to installers for automatic management of storage protocol dependencies
  on Kubernetes cluster nodes. Tested and verified compatibility with Amazon Linux 2023 iSCSI storage protocol.
• Kubernetes: Added support for force detach for ONTAP-NAS-Economy NFS volumes during Non-Graceful Node Shutdown
  scenarios.
• Kubernetes: New ONTAP-NAS-Economy NFS volumes will use per-qtree export policies when using autoExportPolicy
  backend option. Qtrees will only be mapped to node restrictive export policies at time of publish to improve
  access control and security. Existing qtrees will be switched to the new export policy model when Trident
  unpublishes the volume from all nodes to do so without impacting active workloads.
• Google Cloud NetApp Volumes driver is now generally available for NFS volumes and supports zone-aware provisioning.
• GCP Workload Identity will be used as Cloud Identity for Google Cloud NetApp Volumes with GKE.
• Added formatOptions configuration parameter to ONTAP-SAN and ONTAP-SAN-Economy drivers to allow users to specify LUN format options.
• Reduced Azure NetApp Files minimum volume size to 50 GiB. Azure new minimum size expected to GA in November.
• Added denyNewVolumePools configuration parameter to restrict ONTAP-NAS-Economy and ONTAP-SAN-Economy drivers to
  preexisting Flexvol pools.
• Added detection for the addition or removal of aggregates from the SVM across all ONTAP drivers.
• Added 18 MiB overhead for iSCSI LUKS LUNs to ensure reported PVC size is usable.
• Improved node stage and unstage error handling for iSCSI ONTAP-SAN and ONTAP-SAN-Economy to allow unstage to remove devices.
• Added a custom role generator allowing customers to create a minimalistic role for Trident in ONTAP.
• Added additional logging for troubleshooting lsscsi (Issue #792).

Experimental Enhancements:

• Added tech preview for Fibre Channel support on ONTAP-SAN driver.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to 1.25.
• Kubernetes: Removed support for Pod Security Policy.

v24.06.1

Changes since v24.06.0

Enhancements:

• Kubernetes: Added support for Kubernetes 1.30.

Fixes:

• Added support for Windows Server 2019.