This lab was developed with our partner, NetApp. Your personal information may be shared with NetApp, the lab sponsor, if you have opted-in to receive product updates, announcements, and offers in your Account Profile.

GSP1309

Overview

Netapp Trident enables consumption and management of storage resources across all popular NetApp storage platforms, including Google Cloud NetApp Volumes. Trident is a Container Storage Interface (CSI) compliant dynamic storage orchestrator that natively integrates with Kubernetes. Trident runs as a single Controller Pod plus a Node Pod on each worker node in the cluster.

In this lab you will learn how to create persistent volumes in Google Kubernetes Engine using Google Cloud NetApp Volumes.

Objectives

In this lab you will learn how to:

• Deploy NetApp Trident.
• Configure the requirements.
• Create a Persistent Volume Claim.

Prerequisites

• A basic understanding of Google Kubernetes Engine.
• A basic understanding of Google Cloud NetApp Volumes.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This Qwiklabs hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

What you need

To complete this lab, you need:

• Access to a standard internet browser (Chrome browser recommended).
• Time to complete the lab.

Note: If you already have your own personal Google Cloud account or project, do not use it for this lab.

Note: If you are using a Pixelbook, open an Incognito window to run this lab.

How to start your lab and sign in to the Google Cloud Console

1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is a panel populated with the temporary credentials that you must use for this lab.

   

2. Copy the username, and then click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.

   

   Tip: Open the tabs in separate windows, side-by-side.

3. In the Sign in page, paste the username that you copied from the Connection Details panel. Then copy and paste the password.

   Important: You must use the credentials from the Connection Details panel. Do not use your Qwiklabs credentials. If you have your own Google Cloud account, do not use it for this lab (avoids incurring charges).

4. Click through the subsequent pages:

   • Accept the terms and conditions.
   • Do not add recovery options or two-factor authentication (because this is a temporary account).
   • Do not sign up for free trials.

After a few moments, the Cloud Console opens in this tab.

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.

Click Continue.

It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

You can list the active account name with this command:

gcloud auth list

(Output)

Credentialed accounts: - <myaccount>@<mydomain>.com (active)

(Example output)

Credentialed accounts: - google1623327_student@qwiklabs.net

You can list the project ID with this command:

gcloud config list project

(Output)

[core] project = <project_ID>

(Example output)

[core] project = qwiklabs-gcp-44776a13dea667a6

Task 1. Deploy NetApp Trident

Connect to the Kubernetes Cluster

1. In the Google Cloud console, navigate to the Kubernetes Engine → Clusters page. A Kubernetes cluster has already been created for this lab.

2. Open the Google Cloud Shell () and run the following command to connect to the cluster:

gcloud container clusters get-credentials cluster1 --region {{{ project_0.default_region|REGION}}} --project {{{ project_0.project_id|PROJECT ID}}}

3. Verify the connection by listing the cluster nodes:

kubectl get nodes

Download and install NetApp Trident

1. Download the Trident installer to your Cloud Shell environment:

wget https://github.com/NetApp/trident/releases/download/v25.02.0/trident-installer-25.02.0.tar.gz

2. Extract the installer and navigate to the directory:

tar -xf trident-installer-25.02.0.tar.gz cd trident-installer

3. Install the Trident orchestrator Custom Resource Definition (CRD) using the YAML file provided in the installer folder:

kubectl create -f deploy/crds/trident.netapp.io_tridentorchestrators_crd_post1.16.yaml

4. Create the Trident namespace and deploy the operator, including the service account and role-based access control (RBAC) for the operator:

kubectl create ns trident kubectl create -f deploy/bundle_post_1_25.yaml

5. Verify that the operator is running in your cluster:

kubectl get pods -n trident

• Wait until the operator pod status shows as Running, as shown in the example below:

NAME READY STATUS RESTARTS AGE trident-operator-f495b989d-72sw7 1/1 Running 0 18s

6. Deploy the Trident orchestrator CR:

kubectl apply -f deploy/crds/tridentorchestrator_cr.yaml Note: This resource deploys several pods. It includes a controller pod and a pod on each worker node.

7. Verify that the Trident controller pod is running:

kubectl get pods -n trident

• Wait until the Trident controller pod status shows as Running, as shown in the example below:

NAME READY STATUS RESTARTS AGE trident-controller-5b75bc54cd-k69xp 6/6 Running 0 26s trident-node-linux-2wsn7 2/2 Running 0 25s trident-node-linux-pjx4l 2/2 Running 0 25s trident-node-linux-zvrf7 2/2 Running 0 25s trident-operator-f495b989d-72sw7 1/1 Running 0 116s

Click Check my progress to verify that you've performed the above task. Install Trident

Task 2. Configure the requirements

Create and configure a Google Cloud service account

1. Create the service account:

   gcloud iam service-accounts create netapp-trident --description="Service account for NetApp Trident" --display-name="NetApp Trident"

2. Assign the netapp admin permissions to the service account:

   gcloud projects add-iam-policy-binding {{{ project_0.project_id|PROJECT ID}}} --member="serviceAccount:netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com" --role=roles/netapp.admin

3. In the Google Cloud console, navigate to the IAM & Admin → Service Accounts page.

4. Click the service account netapp-trident. This is the service account that you just created.

5. Click the Keys tab, then click Add Key → Create new key.

6. Select the JSON format, then click Create to generate and download the key. You will use this file later in the lab.

Create a Kubernetes secret

A secret is an object that contains a small amount of sensitive data such as a password, a token, or a key.

1. In the Cloud Shell, create and open the gcnv-secret.yaml file:

touch gcnv-secret.yaml cloudshell edit gcnv-secret.yaml

2. Copy the following YAML content into the file. Replace the placeholder text with the private_key_id and private_key from your downloaded JSON file:

apiVersion: v1 kind: Secret metadata: name: gcnv-secret type: Opaque stringData: private_key_id: "<-- Include here -->" private_key: "<-- Include here -->"

3. Click Open Terminal () at the top right of the editor window to return to the Cloud Shell.

4. Create the Kubernetes secret:

kubectl create -f gcnv-secret.yaml -n trident

5. Verify the Kubernetes secret:

kubectl get secrets -n trident

Click Check my progress to verify that you've performed the above task. Create a secret

Create a Kubernetes backend

A backend defines the relationship between Trident and a storage system. It tells Trident how to communicate with that storage system and how Trident should provision volumes from it.

1. Retrieve and copy the project number by running the following command:

gcloud projects describe --format='value(projectNumber)' $(gcloud config get-value project) Note: Save this number, you will need it to configure the Kubernetes backend.

2. Create and open the gcnv-backend-zonal-flex.yaml file:

touch gcnv-backend-zonal-flex.yaml cloudshell edit gcnv-backend-zonal-flex.yaml

3. Copy the following YAML content into the file and replace the placeholders for projectNumber with your saved project number and client_id with the value from your JSON file:

apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: gcnv-zonal-flex spec: version: 1 storageDriverName: google-cloud-netapp-volumes backendName: gcnv-zonal-flex projectNumber: '<-- Include here -->' location: {{{ project_0.default_zone|ZONE}}} apiKey: type: service_account project_id: {{{ project_0.project_id|PROJECT ID}}} client_email: netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com client_id: '<-- Include here -->' auth_uri: https://accounts.google.com/o/oauth2/auth token_uri: https://oauth2.googleapis.com/token auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/netapp-trident@{{{ project_0.project_id|PROJECT ID}}}.iam.gserviceaccount.com credentials: name: gcnv-secret storage: - labels: performance: flex availability: zonal serviceLevel: flex

4. Back in the Cloud Shell, create the Kubernetes backend:

kubectl create -f gcnv-backend-zonal-flex.yaml -n trident

5. Verify the Kubernetes backend:

kubectl get tridentbackendconfig -n trident

Click Check my progress to verify that you've performed the above task. Create a backend

Create a Kubernetes Storage Class

A Kuberetes StorageClass provides a way for administrators to describe the classes of storage they offer. Different classes might map to quality-of-service levels, or to backup policies, or to arbitrary policies determined by the cluster administrators.

1. In the Cloud Shell, create and open the gcnv-storageclass-zonal-flex.yaml file:

touch gcnv-storageclass-zonal-flex.yaml cloudshell edit gcnv-storageclass-zonal-flex.yaml

2. Copy the following YAML content into the file:

apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: gcnv-zonal-flex provisioner: csi.trident.netapp.io parameters: backendType: "google-cloud-netapp-volumes" selector: "performance=flex; availability=zonal" allowVolumeExpansion: true

3. Back in the Cloud Shell, create the Kubernetes Storage Class:

kubectl create -f gcnv-storageclass-zonal-flex.yaml

4. Verify the Kubernetes Storage Class:

kubectl get sc

Click Check my progress to verify that you've performed the above task. Create a storage class

Task 3. Create a Persistent Volume Claim

A Persistent Volume (PV) is a physical storage resource provisioned by the cluster administrator on a Kubernetes cluster. The Persistent Volume Claim (PVC) is a request for access to the Persistent Volume on the cluster.

1. In the Google Cloud console, navigate to the NetApp Volumes → Storage pools page. A storage pool has already been created for this lab.

2. In the Cloud Shell, create and open the gcnv-pvc-zonal-flex.yaml file:

touch gcnv-pvc-zonal-flex.yaml cloudshell edit gcnv-pvc-zonal-flex.yaml

3. Copy the following YAML content into the file:

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-zonal-flex spec: accessModes: - ReadWriteMany storageClassName: gcnv-zonal-flex resources: requests: storage: 1Gi

4. Back in the Cloud Shell, create the Kubernetes Persistent Volume Claim:

kubectl create -f gcnv-pvc-zonal-flex.yaml

5. Verify the Kubernetes Persistent Volume Claim:

kubectl get pvc

6. In the Google Cloud console, navigate to the NetApp Volumes → Volumes page and verify that a new volume (pvc-...) has been created.

7. Back in the Cloud Shell, verify the Kubernetes Persistent Volume:

kubectl get pv

Click Check my progress to verify that you've performed the above task. Create a persistent volume claim

Congratulations!

You have learned how to create a Kuberentes persistent volume dynamically with Google Cloud NetApp Volumes from Google Kubernetes Engine using NetApp Trident.

Next steps / Learn more

Be sure to check out the official NetApp Volumes documentation:

• NetApp Volumes documentation

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual last updated January 14, 2026

Manual Last tested January 14, 2026

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.