v26.02.1

Changes since v26.02.0

Trident

Fixes:

• Fixed an issue where iSCSI device resize would fail if available paths and portals did not match.
• Fixed an intermittent issue where blkid misidentifies the filesystem type for LUKS devices preventing new volume creations.
• Fixed an issue for GCNV SAN where FLEX UNIFIED ZONAL pools were not able to be used. Now Zonal works as well as Regional.
• Kubernetes: Fixed indentation in tridentactionmirrorupdates k8s CRD YAML (Issue #1120).
• Fixed REST qtree asynchronous delete API call (Issue #1121).
• Enhanced AWS ARN handling to support special regions.
• Kubernetes: Fixed an issue preventing KubeVirt VMs using dataVolumes from failing over using Trident Automated Workload Failover.
• Fixed an issue in the GCNV NAS driver for UNIFIED pools by applying UNIFIED-specific naming and validation and improving fallback volume lookup when InternalID is absent.
• Fixed NVMe/TCP namespace race condition during concurrent volume creation (Issue #1089).
• Fixed controller startup log to correctly report concurrency driver status.
• Fixed handling of suspended backends in concurrent Trident.
• Fixed ControllerPublish to use volume config file system type to avoid using incorrect default file system type.
• Fixed an issue where LUKS publish and stage operations at scale could block Trident controller. Users are now expected to track LUKS passphrases used by volumes.
• Fixed an issue where iSCSI multipath partitions could show up as ghost devices, preventing CSI NodeUnstage operations from succeeding.
• Kubernetes: Fixed an error when attempting to delete an invalid TridentMirrorRelationship CR with trident concurrent core.
• Fixed concurrent clone snapshot when snapshots are executed in the same second.

v26.02.0

Changes since v25.10.0

Trident

IMPORTANT: There is a known issue with the csi-snapshotter sidecar. In all versions of Kubernetes VolumeGroupSnapshots v1beta1 will not allow VolumeSnapshots to become ReadyToUse. There are 2 workarounds:

• Delete VolumeGroupSnapshots CRDs, which will disable VolumeGroupSnapshots, and reinstall Trident.
• Install VolumeGroupSnapshots v1beta2 and snapshot-controller v8.4.0 or later, and reinstall Trident. VolumeGroupSnapshots will not function on Kubernetes versions lower than v1.34.

Fixes:

• Kubernetes: Fixed an issue where unpublishing a read-only clone removed export policy rules from the source volume in ONTAP-NAS, ONTAP-NAS-Economy, and GCNV drivers (Issue #1086).
• Kubernetes: Switched kubectl images from deprecated Bitnami to lightweight Alpine-based variants to prevent pull failures following Bitnami's public image deprecation (Issue #1080).
• Kubernetes: Allow clone across different storage classes if both storage classes are pointing to the same backend (Issue #1104).
• Kubernetes: Fixed node prep failures caused by timeouts in cloud environments with network latencies. Increased timeout values for cloud-based installations
• Kubernetes: Fixed an issue in LUN creation that caused the filesystem type attribute to remain unset when the process entered a retry state
• Kubernetes: Fixed REST API volume lookup to ignore volume state, preventing false negatives during volume queries.
• Kubernetes: Improved Trident controller efficiency for ontap-nas-economy driver when used at scale.
• Kubernetes: Set internalID during LUN import in ontap-san-economy driver.
• Kubernetes: Increased Azure Resource Graph query limits to handle more subnets.
• Kubernetes: Improved CSI and ONTAP clone split timeouts to avoid race conditions with some backup applications (Issues #1098, #1100).
• Kubernetes: Fixed suppression of LUKS error messages (Issue #1069).
• Kubernetes: Fixed handling of stale LUKS mappers for both iSCSI and NVMe protocols. Enhanced cleanup logic prevents mount failures from orphaned device mappers.
• Fixed scale limitations for RWX NVMe volumes.
• Updated package "telemetry/opentelemetry-go" to fix CVE-2026-24051.

Enhancements:

• Kubernetes: Added support for Kubernetes 1.35.
• Kubernetes: Concurrency support for ONTAP-NAS (NFS only), ONTAP-SAN (iSCSI, FCP), ONTAP-SAN (NVMe) and GCNV drivers is now generally available (GA), graduated from Tech Preview.
• Kubernetes: Added support for volume autogrow in Trident based on user-defined Trident AutoGrow Policies.
• Kubernetes: Added support for VolumeGroupSnapshot for ontap-san (NVMe/TCP), in addition to existing support for ontap-nas (NFS), ontap-san (iSCSI and FC), and ontap-san-economy.
• Kubernetes: Enhanced Trident node concurrency for higher scalability of node operations for NVMe volumes.
• Kubernetes: Added support for GCNV NAS volume auto-tiering via PVC annotations (tieringPolicy, tieringMinimumCoolingDays), with pool selection and clone inheritance.
• Kubernetes: Added support for GCNV SAN block (iSCSI) volumes via the google-cloud-netapp-volumes-san driver, including provisioning, per-node host group mapping for LUN access, and clone-from-volume for Flex pools.
• Added support for automatic backend configuration for AWS FSxN drivers.
• Added support for different Azure clouds (e.g. Azure Government, Azure China) and custom cloud configuration for azure-netapp-files (ANF) backends (Issue #632).
• Kubernetes: Trident preserves annotation of existing deployment during upgrade (Issue #1004).

Experimental Enhancements:

NOTE: Not for use in production environments.

• [Tech Preview] Added support for concurrency for ONTAP-NAS-Economy and ONTAP-SAN-Economy drivers.

Trident Protect

Fixes:

• Fixed sorting of Kubernetes resources for restore operations.
• Handled non-unique IDs during restores.
• Fixed cluster name in tridentctl-protect output.
• Fixed Kopia restore errors being ignored.
• Fixed app definition when it has no included PV.
• Fixed restoring of 2 PVCs with same name in 2 different namespaces.

Enhancements:

• Ability to define execHooks in CR spec.
• Added data-mover-timeout-sec annotation to schedule CR.
• Allowed destination app name to be specified during restore operations.
• Allowed schedule to create a snapshot immediately rather than wait for first occurrence.
• Schedules are now disabled during IPR operations and re-enabled when complete.

v25.06.3

Changes since v25.06.2

Trident

Fixes:

• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.
• Kubernetes: Fixed an issue with duplicate subsystem names occurring due to long hostnames for ONTAP NVMe driver.

v25.10.0

Changes since v25.06.0

Trident

Fixes:

• Kubernetes: Fixed an issue where multiple attempts to close a LUKS device resulted in failures to detach volumes.
• Kubernetes: Fixed CSI node-driver-registrar container name inconsistency by standardizing Linux DaemonSet to node-driver-registrar to match Windows DaemonSet and container image naming.
• Openshift: Fixed Trident node pod not starting on Windows nodes in Openshift due to SCC having allowHostDirVolumePlugin set to false (Issue #950)
• Kubernetes: Fixed an issue where export policies for legacy qtrees were not properly upgraded.
• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.
• Kubernetes: Fixed an issue where NQNs were not checked before they are unmapped from Subsystems.
• Openshift: Fixed an issue where iSCSI node prep failed with OCP 4.19.
• Kubernetes: Block cloning of volume across different storage classes.
• Increased timeout when cloning a volume using SolidFire backends (Issue #1008).
• Fixed Kubernetes API QPS not being set via Helm (Issue #975).
• Fixed inability to mount a Persistent Volume Claim (PVC) based on a snapshot of an NVMe based XFS filesystem PVC on the same Kubernetes node.
• Fixed UUID change issue after host/Docker restart in NDVP mode by adding unique/shared subsystem names per backend (e.g., netappdvp_subsystem).
• Fixed mount errors for iSCSI volumes during Trident upgrade from versions prior to 23.10 to 24.10 and above, resolving "invalid SANType" issue.
• Fixed issue where Trident backend state was not transitioning to online/offline without restarting the Trident controller.
• Fixed snapshots not being cleaned up on volume clone failures.
• Fixed failure to unstage volume when its device path was changed by the kernel.
• Fixed failure to unstage volume due to LUKS device already closed.
• Fixed issue where slow storage operations were leading to ContextDeadline errors.
• Trident Operator will wait for configurable k8s-timeout to check Trident version.

Enhancements:

• Kubernetes: Added support for CSI Volume Group Snapshots with v1beta1 Volume Group Snapshot Kubernetes APIs for ONTAP-NAS NFS and ONTAP-SAN-Economy drivers, in addition to ONTAP-SAN (iSCSI and FC).
• Added option for Trident controller to use host networking via helm, operator and tridentctl (Issue #858).
• Kubernetes: Added support for automated workload failover with force volume detach for the ONTAP-NAS and ONTAP-NAS-Economy (excluding SMB in both NAS drivers), and the ONTAP-SAN and ONTAP-SAN-Economy drivers.
• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for FCP volumes.
• Kubernetes: Added ONTAP AFX support for ONTAP NAS NFS driver.
• Kubernetes: Added support for configuring CPU and memory resource requests and limits for Trident containers via TridentOrchestrator CR and Helm chart values. (Issues #1000, #927, #853, #592, #110).
• Kubernetes: Added FC support for ASAr2 personality.
• Kubernetes: Added option to serve Prometheus metrics with HTTPS, instead of HTTP.
• Kubernetes: Added an option --no-rename when importing a volume to keep the original name but let Trident manage its lifecycle.
• Kubernetes: Trident deployment now runs at system-cluster-critical priority class.
• Added manual QoS support to the ANF driver, making it production-ready in 25.10; this experimental enhancement was introduced in 25.06.

Experimental Enhancements:

NOTE: Not for use in production environments.

• [Tech Preview] Added support for concurrency for ONTAP-NAS (NFS only) and ONTAP-SAN (NVMe for unified ONTAP 9), in addition to the existing Tech Preview for the ONTAP-SAN driver (iSCSI and FCP protocols in unified ONTAP 9).

Trident Protect

Enhancements:

• Added annotations to Schedule and Backup CR's to control various Snapshot CR timeouts: protect.trident.netapp.io/snapshot-completion-timeout, protect.trident.netapp.io/volume-snapshots-ready-to-use-timeout, protect.trident.netapp.io/volume-snapshots-created-timeout
• Added annotation to Schedule CR to configure PVC bind timeout, which will be used by Backup CR: protect.trident.netapp.io/pvc-bind-timeout-sec
• Improving tridentctl-protect backup and snapshot listings to add a new field to indicate execution hook failures

v25.06.2

Changes since v25.06.1

Trident

Fixes:

• Kubernetes: Fixed critical issue where incorrect iSCSI devices were discovered when detaching volumes from Kubernetes nodes.

v25.06.1

IMPORTANT: For customers using SolidFire, please do not upgrade to 25.06.1 due to a known issue when unpublishing volumes. 25.06.2 will be released soon to address this issue.

Changes since v25.06.0

Trident

Fixes:

• Kubernetes: Fixed an issue where NQNs were not checked before they are unmapped from Subsystems.
• Kubernetes: Fixed an issue where multiple attempts to close a LUKS device resulted in failures to detach volumes.
• Kubernetes: Fixed iSCSI volume unstage when the device path has changed since its creation.
• Increased timeout when cloning a volume using SolidFire backends (Issue #1008).
• Openshift: Fixed an issue where iSCSI node prep failed with OCP 4.19.
• Kubernetes: Block cloning of volume across different storage classes.

v25.06.0

Changes since v25.02.0

Trident

Fixes:

• Kubernetes: Fixed an issue with CSI NodeExpandVolume where multipath devices could be left with incongruent sizes when underlying SCSI disk(s) are unavailable.
• Kubernetes: Fixed failure to clean up duplicate export policies for ONTAP-NAS and ONTAP-NAS-Economy drivers.
• Kubernetes: Fixed GCNV volumes defaulting to NFSv3 when nfsMountOptions is unset; now both NFSv3 and NFSv4 protocols are supported. If nfsMountOptions is not provided, the host’s default NFS version (NFSv3 or NFSv4) will be used.
• Kubernetes: Fixed deployment issue when installing Trident using Kustomize (Issue #831).
• Kubernetes: Fixed missing export policies for PVCs created from snapshots (Issue #1016).
• Kubernetes: Fixed issue where the ANF volume sizes are not automatically aligned to 1 GiB increments.
• Kubernetes: Fixed issue when using NFSv3 with Bottlerocket.
• Fixed timeout when cloning a volume using SolidFire backends (Issue #1008).
• Fixed issue with ONTAP-NAS-Economy volumes expanding up to 300 TB despite resize failures.
• Fixed issue where clone split operations were being done synchronously when using ONTAP REST API.

Enhancements:

• Kubernetes: Added support for CSI Volume Group Snapshots with v1beta1 Volume Group Snapshot Kubernetes APIs for ONTAP-SAN iSCSI driver.
• Kubernetes: Added support for ONTAP ASA r2 for NVMe/TCP in addition to iSCSI.
• Kubernetes: Added secure SMB support for ONTAP-NAS and ONTAP-NAS-Economy volumes. Active Directory users and groups may now be used with SMB volumes for enhanced security.
• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for iSCSI volumes.
• Kubernetes: Added --allow-discards when opening LUKS volumes to allow discard/TRIM commands for space reclamation.
• Kubernetes: Enhanced performance when formatting LUKS-encrypted volumes.
• Kubernetes: Enhanced LUKS cleanup for failed but partially formatted LUKS devices.
• Kubernetes: Enhanced Trident node idempotency for NVMe volume attach and detach.
• Kubernetes: Added internalID field to the Trident volume config for ONTAP-SAN-Economy driver.
• Kubernetes: Added support for volume replication with SnapMirror for NVMe backends.

Experimental Enhancements:

NOTE: Not for use in production environments.

• [Tech Preview] Enabled concurrent Trident controller operations via the --enable-concurrency feature flag. This allows controller operations to run in parallel, improving performance for busy or large environments.
  NOTE: This feature is experimental and currently supports limited parallel workflows with the ONTAP-SAN driver (iSCSI and FCP protocols).
• [Tech Preview] Added manual QOS support with the ANF driver.

Deprecations:

• Kubernetes: Updated minimum supported Kubernetes to v1.27.

Trident Protect

You are required to install the new Trident protect module to unlock these capabilities. Read more to get started.

Fixes:

• Fixed bug where snapshot annotation values from previous snapshots were being applied to newer snapshots. All snapshot annotations are applied correctly now.
• Defining by default a secret for data mover encryption (Kopia / Restic), if not is custom defined.
• Added improved validation and error messages for S3 appvault creation.
• AppMirrorRelationship (AMR) now only replicates PVs in the Bound state, to avoid failed attempts.
• Fixed issue where errors were displayed when getting appvaultcontent on an appvault with large number of backups.
• KubeVirt VMSnapshots are excluded from restore and failover operations to avoid failures.
• Fixed issue with Kopia where snapshots were being removed prematurely due to Kopia default retention schedule overriding what was set by the user in the schedule.

Enhancements:

• Enhancing restore times, providing the option to do more frequent full backups.
• Improved granularity of application definition and selective restore with Group-Version-Kind (GVK) filtering.
• Efficient resync and reverse replication when using AppMirrorRelationship (AMR) with SnapMirror, to avoid full PVC replication.
• Added ability to use EKS Pod Identity to create AppVault buckets, removing the need to specify a secret with the bucket credentials for EKS clusters.
• Providing the ability to skip restoring labels and annotations in the restore namespace, if needed.
• AppMirrorRelationship (AMR) will now check for source PVC expansion and perform the appropriate expansion on the destination PVC as needed.
• Adding support for replication with AMR and SnapMirror for NVMe/TCP backends.

v25.02.1

Changes since v25.02.0

Fixes:

• Kubernetes: Fixed an issue in the trident-operator where sidecar image names and versions were incorrectly populated when using a non-default image registry (Issue #983).
• Kubernetes: Fixed the issue where multipath sessions fail to recover during an ONTAP failover giveback (Issue #961).

v25.02.0

Changes since v24.10.0

Trident

Fixes:

• Kubernetes: Fixed missing node IP addresses from automatic export policies (Issue #965).
• Kubernetes: Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
• Kubernetes: Fixed backend config credentials to support all available AWS ARN partitions (Issue #913).
• Kubernetes: Added option to disable the auto configurator reconciliation in the Trident operator (Issue #924).
• Kubernetes: Added securityContext for csi-resizer container (Issue #976).
• Fixed Zonal Flex pools for GCNV driver.

Enhancements:

• Kubernetes: Enhanced Trident node concurrency for higher scalability on node operations for NFS and SMB volumes.
• Kubernetes: Added support for ONTAP ASA r2 for iSCSI.
• Added Fibre Channel support on ONTAP-SAN driver.
• Added NVMe LUKS support.
• Kubernetes: Added support for force detach for ONTAP-NAS volumes during Non-Graceful Node Shutdown scenarios.
  New ONTAP-NAS volumes will now utilize per-volume export policies managed by Trident. Provided an
  upgrade path for existing volumes to transition to the new export policy model on unpublish without affecting active
  workloads.
• Openshift: Added support for automatic iSCSI node preparation for RHCOS on ROSA clusters.
• Kubernetes: Added support for cross namespace volume cloning.
• Kubernetes: Added cloneFromSnapshot PVC annotation.
• Kubernetes: Added automatic backend configuration for EKS add-on and helm based installation for AWS FSxN.
• Kubernetes: Added support for Kubernetes 1.32.
• Switched to scratch image for all base images.
• Kubernetes: Enhanced iSCSI self-healing to initiate scans by exact host, channel, target and LUN ID.
• Added support for SMB volumes with GCNV driver.
• Allow ONTAP volumes to skip recovery queue on deletion.
• Added support to override default images using SHAs instead of tags.
• Added image-pull-secrets flag to tridentctl installer.
• Openshift: Enhanced qualification for Openshift Virtualization for ONTAP drivers.

Trident Protect

You are required to install the new Trident protect module to unlock these capabilities. Read more to get started.

Fixes:

• Improved the management of temporary volumes to skip the ONTAP Volume Recovery Queue.
• Security Context Constraint (SCC) annotations are now restored to original values.
• Improved Restore efficiency with support for parallel operations.
• Enhanced support for Execution Hook timeouts for larger applications.

Enhancements:

• New: Added Backup and Restore support for KubeVirt / OpenShift Virtualization VMs for both volumeMode: File
  and volumeMode: Block (raw device) storage, to already available storage replication through AppMirrorRelationship.
• Capability to control freeze behaviour at application level for KubeVirt environments.
• Support for configuring AutoSupport proxy connections.
• Ability to define a secret for data mover encryption (Kopia / Restic).
• Ability to manually run an execution hook.
• Ability to configure Security Context Constraints (SCCs) during Trident protect installation.
• Support for configuring node selector and affinity rules during Trident protect installation.
• Support for HTTP / HTTPS egress proxy for AppVault objects.
• SESSION_TOKEN support added to AWS S3 AppVault credentials.
• Extended ResourceFilter to allow exclusion of Cluster Scoped Resources.
• Support for AWS Session Token in S3 AppVault credentials.
• Added support for resource collection after pre-snapshot execution hook.

v24.10.1

Changes since v24.10.0

Fixes:

• Fixed missing node IP addresses from automatic export policies (Issue #965).
• Fixed automatic export policies switching to per volume policy prematurely for ONTAP-NAS-Economy.
• Updated Trident and Trident-ASUP dependencies to address CVE-2024-45337 and CVE-2024-45310.
• Removed logouts for intermittently unhealthy non-CHAP portals during iSCSI self-healing (Issue #961).

Enhancements:

• Kubernetes: Added support for Kubernetes 1.32.
• Added iSCSI connection state discovery and logging when iSCSI sessions should be logged in but are not (Issue #961).