From f43b5cb92343ac65988b4ee6e9d61ea10883033d Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 13 Jan 2025 11:08:53 -0600
Subject: [PATCH 01/16] Initial Version.

---
 EKS/Trident-Protect/README.md | 232 ++++++++++++++++++++++++++++++++++
 1 file changed, 232 insertions(+)
 create mode 100644 EKS/Trident-Protect/README.md

diff --git a/EKS/Trident-Protect/README.md b/EKS/Trident-Protect/README.md
new file mode 100644
index 0000000..8599b2b
--- /dev/null
+++ b/EKS/Trident-Protect/README.md
@@ -0,0 +1,232 @@
+# Trident Protect Migrate PVC Storage Class
+
+A simple sample for setting up your application to be backed up by Trident Protect with an option for in place migration from EBS to FSx for ONTAP.
+
+## Prerequisites:
+The following items should be already be deployed before install Trident Protect.
+- EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with Tident installed and its backend and storage classes configured.
+- Trident installed. Please refer to this [Trident installation documentation](https://docs.netapp.com/us-en/trident/trident-get-started/kubernetes-deploy-helm.html) for the easiest way to do that.
+- Configure Trident Backend. Refer to the NetApp Trident documentation for guidance on creating [TridentBackendConfig resources](https://docs.netapp.com/us-en/trident/trident-use/backend-kubectl.html)
+- Install the Trident CSI drivers for SAN and NAS type storage. Refer to NetApp documentation for [installation instructions](https://docs.netapp.com/us-en/trident/trident-use/ontap-san-examples)
+This guide provides steps to set up and configure a StorageClass using ONTAP NAS backends with Trident.
+- kubectl installed - Refer to [this documentation](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) on how to install it.
+- helm installed - Refer to [this documentation](https://helm.sh/docs/intro/install/) on how to install it.
+
+## Preperation
+The following are the steps required before you can use Trident Protect to backup your EKS application.
+
+1. [Install Trident Protect](#1-install-trident-protect)
+2. [Configure Trident Backend](#2-make-sure-trident-backend-is-configured-correctly)
+3. [Install Trident CSI Drivers](#3-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
+4. [Create S3 Bucket](#4-create-private-s3-bucket-for-backup-data-and-metadata)
+
+### 1. Install Trident Protect
+Execute the following commands to install Trident Protect. For more info please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+
+```markdown
+helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart
+helm install trident-protect-crds netapp-trident-protect/trident-protect-crds --version 100.2410.1 --create-namespace --namespace trident-protect
+helm install trident-protect netapp-trident-protect/trident-protect --set autoSupport.enabled=false --set clusterName=<name_of_cluster> --version 100.2410.1 --create-namespace --namespace trident-protect
+```
+
+### 2. Make sure Trident Backend is configured correctly 
+
+Run the follwing kubectl commands to check if TridentBackendConfig for ontap-san and ontap-nas exists and configured correctly, It outputs the name of any matching TridentBackendConfig:
+
+#### SAN Backend
+```bash
+kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
+```
+
+### NAS Backend
+```bash
+kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
+```
+
+If no matching TridentBackendConfig resources are found, you may need to create one. Refer to the prerequisites section above for more information on how to do that.
+### 3. Make Sure Trident CSI Drivers for NAS and SAN are Installed
+Run the follwing kubectl commands to check that a storageclass exist for both SAN and NAS type storage.
+
+#### SAN Driver
+Checks for StorageClasses in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
+```bash
+kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
+```
+
+#### NAS Driver
+Checks for StorageClasses in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
+```bash
+kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
+```
+
+If one or both are not found, you may need to create them. Refer to the prerequisites section above for more information on how to do that.
+
+
+### 4. Create Private S3 Bucket for Backup Data and Metadata
+
+```markdown
+aws s3 mb s3://<bucket_name> --region <aws_region>
+```
+
+Replace:
+- `<bucket_name>` with the name you want to assign to the bucket. Note it must be a unique name.
+- `<aws_region>` the AWS region you want the bucket to reside.
+
+## Configure Trident Protect to backup your application
+Preform these steps to configure Trident Protect to backup your application:
+- [Define Trident Vault](#define-a-trident-vault-to-store-the-backup)
+- [Create Trident Application](#create-a-trident-application)
+- [Run Backup](#run-backup-for-application)
+- [Check Backup Status](#check-backup-status)
+
+### Define a Trident Vault to store the backup
+
+First create a file name `trident-vault.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: AppVault
+metadata:
+  name: <APP VAULT NAME>
+  namespace: trident-protect
+spec:
+  providerType: AWS
+  providerConfig:
+    s3:
+      bucketName: <APP VAULT BUCKET NAME>
+      endpoint: <AWS REGION>
+  providerCredentials:
+    accessKeyID:
+      valueFromSecret:
+        key: <accessKeyID>
+        name: s3
+    secretAccessKey:
+      valueFromSecret:
+        key: <secretAccessKey>
+        name: s3
+```
+
+Replace:
+- `<APP VAULT NAME>` with the name you want assigned to the Trident Vault
+- `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 5 above.
+- `<AWS_REGION>` with the AWS region the s3 bucket was created in.
+- `<accessKeyID>` with the access key ID that has access to the S3 bucket.
+- `<secretAccessKey>` with the secret that is associated with the access key ID.
+
+Now run the following command to create the Trident Vault:
+
+```markdown
+kubectl apply -f trident-vault.yaml
+```
+
+SECURITY NOTE:
+
+If you want to avoid storing AWS credentials explicitly in Kubernetes secrets, a more secure approach would be to use IAM roles for service accounts (IRSA):
+ - Create an IAM policy with minimal S3 access permissions for the specific bucket.
+ - Create an IAM role and attach the policy to it.
+ - Configure your EKS cluster to use IAM roles for service accounts (IRSA).
+ - Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
+
+### Create a Trident Application
+Create a Trident application to backup your application by first creating a file named `trident-application.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: Application
+metadata:
+  name: <APP NAME>
+  namespace: trident-protect
+spec:
+  includedNamespaces:
+    - namespace:  <APP NAMESPACE>
+```
+
+Replace:
+- `<APP NAME>` with the name you want to assign to the Trident Application
+- `<APP NAMESPACE>` with the namespace where the application that you want to backup resides.
+
+Run the following command to create the Trident Application:
+
+```markdown
+kubectl apply -f trident-application.yaml
+```
+
+### Run Backup for Application
+To backup the application first create a backup configuration file named `trident-backup.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: Backup
+metadata:
+  namespace: trident-protect
+  name: <APP BACKUP NAME>
+spec:
+  applicationRef: <APP NAME> 
+  appVaultRef: <APP VAULT NAME>
+  dataMover: Kopia
+```
+
+Replace:
+- `<APP BACKUP NAME>` with the name you want assigned to the backup.
+- `<APP NAME>` with the name of the application defined in the step above.
+- `<APP VAULT NAME>` with the name of the Trident Vault created in the step above.
+
+Now run the following command to start the backup:
+
+```markdown
+kubectl apply -f trident-backup.yaml
+```
+
+### Check Backup Status
+To check the status of the backup run the following command:
+
+```markdown
+kubectl get snapshot -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.state}'
+```
+
+- If status is `Completed` Backup completed successfully 
+- If status is `Running` run the command again in a few minutes to check status
+- If status is `Failed` check the error message:
+
+```markdown
+kubectl get snapshot -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.error}'
+```
+
+## Perform an in place restore with volume migration (from gp3 to FSxN/trident-csi)
+Before running the Restore command get appArchivePath by running:
+
+```markdown
+kubectl get backup -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
+```
+
+Run the restore by first creating an in place restore configuration file named `backupinplacerestore.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupInplaceRestore
+metadata:
+  name:  <APP BACKUP RESTORE NAME>
+  namespace: trident-protect
+spec:
+  appArchivePath: <BACKUP PATH>
+  appVaultRef: <APP VAULT NAME>
+  storageClassMapping: [{"source": "gp3", "destination": "trident-csi-nas"}]
+```
+
+Replace:
+- `<APP BACKUP RESTORE NAME>` with the name you want to assign the restore configuration
+- `<BACKUP PATH>` with the appArchivePath obtained from the step above.
+- `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
+
+Run the following command to keep the application in place while migrating application's PVC from gp3 to trident-csi-nas
+
+```markdown
+kubectl apply -f backupinplacerestore.yaml
+```
+
+Verify application restore was successful and check PVC storage class:
+
+```markdown
+kubectl get <APP BACKUP RESTORE NAME> -n trident-protect -o jsonpath='{.status.state}'
+kubectl get pvc <PVC NAME> -n <NAMESPACE> -o jsonpath='{.spec.storageClassName}'
+```

From f08ef958cbcea19a21429df17edd60db2db2bc3c Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Wed, 22 Jan 2025 17:47:08 -0600
Subject: [PATCH 02/16] Initial Version

---
 EKS/Trident-Protect/trident-vault.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 EKS/Trident-Protect/trident-vault.yaml

diff --git a/EKS/Trident-Protect/trident-vault.yaml b/EKS/Trident-Protect/trident-vault.yaml
new file mode 100644
index 0000000..4339050
--- /dev/null
+++ b/EKS/Trident-Protect/trident-vault.yaml
@@ -0,0 +1,20 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: AppVault
+metadata:
+  name: <APP VAULT NAME>
+  namespace: trident-protect
+spec:
+  providerType: AWS
+  providerConfig:
+    s3:
+      bucketName: <APP VAULT BUCKET NAME>
+      endpoint: <S3 ENDPOINT>
+  providerCredentials:
+    accessKeyID:
+      valueFromSecret:
+        key: accessKeyID
+        name: s3
+    secretAccessKey:
+      valueFromSecret:
+        key: secretAccessKey
+        name: s3

From 456e0d7ca63b4f08016d807923ccf2c8b34f2c9a Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Wed, 22 Jan 2025 17:47:55 -0600
Subject: [PATCH 03/16] Updated after some testing.

---
 EKS/Trident-Protect/README.md | 195 +++++++++++++++++++++++++---------
 1 file changed, 147 insertions(+), 48 deletions(-)

diff --git a/EKS/Trident-Protect/README.md b/EKS/Trident-Protect/README.md
index 8599b2b..c0a01ed 100644
--- a/EKS/Trident-Protect/README.md
+++ b/EKS/Trident-Protect/README.md
@@ -4,34 +4,28 @@ A simple sample for setting up your application to be backed up by Trident Prote
 
 ## Prerequisites:
 The following items should be already be deployed before install Trident Protect.
-- EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with Tident installed and its backend and storage classes configured.
+- EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with Tident installed and its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
 - Trident installed. Please refer to this [Trident installation documentation](https://docs.netapp.com/us-en/trident/trident-get-started/kubernetes-deploy-helm.html) for the easiest way to do that.
-- Configure Trident Backend. Refer to the NetApp Trident documentation for guidance on creating [TridentBackendConfig resources](https://docs.netapp.com/us-en/trident/trident-use/backend-kubectl.html)
-- Install the Trident CSI drivers for SAN and NAS type storage. Refer to NetApp documentation for [installation instructions](https://docs.netapp.com/us-en/trident/trident-use/ontap-san-examples)
-This guide provides steps to set up and configure a StorageClass using ONTAP NAS backends with Trident.
+- Configure Trident Backend. Refer to the NetApp Trident documentation for guidance on creating [TridentBackendConfig resources](https://docs.netapp.com/us-en/trident/trident-use/backend-kubectl.html).
+- Install the Trident CSI drivers for SAN and NAS type storage. Refer to NetApp documentation for [installation instructions](https://docs.netapp.com/us-en/trident/trident-use/trident-fsx-storage-backend.html).
+- Configure a StorageClass Trident for SAN and/or NAS type storage. Refer to NetApp documentation for [instructions](https://docs.netapp.com/us-en/trident/trident-use/trident-fsx-storageclass-pvc.html).
 - kubectl installed - Refer to [this documentation](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) on how to install it.
 - helm installed - Refer to [this documentation](https://helm.sh/docs/intro/install/) on how to install it.
 
 ## Preperation
 The following are the steps required before you can use Trident Protect to backup your EKS application.
 
-1. [Install Trident Protect](#1-install-trident-protect)
-2. [Configure Trident Backend](#2-make-sure-trident-backend-is-configured-correctly)
-3. [Install Trident CSI Drivers](#3-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
-4. [Create S3 Bucket](#4-create-private-s3-bucket-for-backup-data-and-metadata)
+1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
+1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
+1. [Install the Kubnernettes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
+1. [Create VolumeStoraeClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
+1. [Install Trident Protect](#5-install-trident-protect)
+1. [Create S3 Bucket](#6-create-private-s3-bucket-for-backup-data-and-metadata)
+1. [Create Kubernetes secret for S3 bucket](#7-create-a-kubernetes-secret-for-the-s3-bucket)
 
-### 1. Install Trident Protect
-Execute the following commands to install Trident Protect. For more info please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+### 1. Make sure Trident Backend is configured correctly 
 
-```markdown
-helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart
-helm install trident-protect-crds netapp-trident-protect/trident-protect-crds --version 100.2410.1 --create-namespace --namespace trident-protect
-helm install trident-protect netapp-trident-protect/trident-protect --set autoSupport.enabled=false --set clusterName=<name_of_cluster> --version 100.2410.1 --create-namespace --namespace trident-protect
-```
-
-### 2. Make sure Trident Backend is configured correctly 
-
-Run the follwing kubectl commands to check if TridentBackendConfig for ontap-san and ontap-nas exists and configured correctly, It outputs the name of any matching TridentBackendConfig:
+Run the follwing kubectl commands to check if TridentBackendConfig for ontap-san and ontap-nas exists and configured correctly. These commands should output the name of any matching TridentBackendConfigs:
 
 #### SAN Backend
 ```bash
@@ -40,14 +34,14 @@ kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ont
 
 ### NAS Backend
 ```bash
-kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
+kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-nas")].metadata.name}'
 ```
 
 If no matching TridentBackendConfig resources are found, you may need to create one. Refer to the prerequisites section above for more information on how to do that.
-### 3. Make Sure Trident CSI Drivers for NAS and SAN are Installed
+### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
 Run the follwing kubectl commands to check that a storageclass exist for both SAN and NAS type storage.
 
-#### SAN Driver
+#### SAN StorageClass
 Checks for StorageClasses in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
@@ -61,8 +55,59 @@ kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap
 
 If one or both are not found, you may need to create them. Refer to the prerequisites section above for more information on how to do that.
 
+### 3. Install the Kubernetes External Snapshotter
+Run the following commands to install the Kubernetes External Snapshotter. For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
+
+```bash
+kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/client/config/crd | kubectl create -f -
+kubectl -n kube-system kustomize deploy/kubernetes/snapshot-controller | kubectl create -f - 
+kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/deploy/kubernetes/csi-snapshotter | kubectl create -f -
+```
+
+### 4. Create VolumeSnapshotClasses for your storage provider.
+Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already one defined:
+```
+kubectl get VolumeSnapshotClass
+```
+If you don't have one defined you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
+```
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: trident-csi-snapclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: csi.trident.netapp.io
+deletionPolicy: Delete
+```
+
+Here is an example of a yaml file that defines a VolumeSnapshotClass for EBS CSI driver:
+```
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: ebs-csi-snapclass
+driver: ebs.csi.aws.com
+deletionPolicy: Delete
+```
+
+After creating the yaml file with the VolumeSnapshotClass for your CSI driver, run the following command to create the VolumeSnapshotClass:
+
+```bash
+kubectl apply -f <VolumeSnapshotClass.yaml>
+```
+
+### 5. Install Trident Protect
+Execute the following commands to install Trident Protect. For more info please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+
+```markdown
+helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart
+helm install trident-protect-crds netapp-trident-protect/trident-protect-crds --create-namespace --namespace trident-protect
+helm install trident-protect netapp-trident-protect/trident-protect --set autoSupport.enabled=false --set clusterName=trident-protect-cluster --namespace trident-protect
+```
+Note that the above commands should install the latest version. If you want to install a specific version add the --version option and provide the version you want to sue. Please use version `100.2410.1` or later.
 
-### 4. Create Private S3 Bucket for Backup Data and Metadata
+### 6. Create Private S3 Bucket for Backup Data and Metadata
 
 ```markdown
 aws s3 mb s3://<bucket_name> --region <aws_region>
@@ -72,6 +117,14 @@ Replace:
 - `<bucket_name>` with the name you want to assign to the bucket. Note it must be a unique name.
 - `<aws_region>` the AWS region you want the bucket to reside.
 
+### 7. Create a Kubernetes secret for the S3 bucket
+If required, create a service account within AWS IAM that has rights to read and write to the S3 bucketd create. Then create an access key.
+Once you have the Access Key Id and Secret Access Key, create a Kubernetes secret with the following command:
+
+```markdown
+kubectl create secret generic -n trident-protect s3 --from-literal=accessKeyID=<AccessKeyID> --from-literal=secretAccessKey=<secretAccessKey>
+```
+
 ## Configure Trident Protect to backup your application
 Preform these steps to configure Trident Protect to backup your application:
 - [Define Trident Vault](#define-a-trident-vault-to-store-the-backup)
@@ -94,24 +147,22 @@ spec:
   providerConfig:
     s3:
       bucketName: <APP VAULT BUCKET NAME>
-      endpoint: <AWS REGION>
+      endpoint: <S3 ENDPOINT>
   providerCredentials:
     accessKeyID:
       valueFromSecret:
-        key: <accessKeyID>
+        key: accessKeyID
         name: s3
     secretAccessKey:
       valueFromSecret:
-        key: <secretAccessKey>
+        key: secretAccessKey
         name: s3
 ```
 
 Replace:
 - `<APP VAULT NAME>` with the name you want assigned to the Trident Vault
 - `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 5 above.
-- `<AWS_REGION>` with the AWS region the s3 bucket was created in.
-- `<accessKeyID>` with the access key ID that has access to the S3 bucket.
-- `<secretAccessKey>` with the secret that is associated with the access key ID.
+- `<S3 ENDPOINT>` the hostname of the S3 endpoint. For example: `s3.us-west-2.amazonaws.com`.
 
 Now run the following command to create the Trident Vault:
 
@@ -128,14 +179,14 @@ If you want to avoid storing AWS credentials explicitly in Kubernetes secrets, a
  - Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
 
 ### Create a Trident Application
-Create a Trident application to backup your application by first creating a file named `trident-application.yaml` with the following contents:
+You create a Trident application with the specification of your application in order to back it up. You do that by creating a file named `trident-application.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
 kind: Application
 metadata:
   name: <APP NAME>
-  namespace: trident-protect
+  namespace: <APP NAMESPACE>
 spec:
   includedNamespaces:
     - namespace:  <APP NAMESPACE>
@@ -152,22 +203,22 @@ kubectl apply -f trident-application.yaml
 ```
 
 ### Run Backup for Application
-To backup the application first create a backup configuration file named `trident-backup.yaml` with the following contents:
+To perform an on-demand backup of the application first create a backup configuration file named `trident-backup.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
 kind: Backup
 metadata:
-  namespace: trident-protect
+  namespace: <APP NAMESPACE>
   name: <APP BACKUP NAME>
 spec:
   applicationRef: <APP NAME> 
   appVaultRef: <APP VAULT NAME>
-  dataMover: Kopia
 ```
 
 Replace:
-- `<APP BACKUP NAME>` with the name you want assigned to the backup.
+- `<APP NAMESPACE>` with the namespace where the application resides.
+- `<APP BACKUP NAME>` with the name you want assigned to the backup. This has to be unique.
 - `<APP NAME>` with the name of the application defined in the step above.
 - `<APP VAULT NAME>` with the name of the Trident Vault created in the step above.
 
@@ -181,7 +232,7 @@ kubectl apply -f trident-backup.yaml
 To check the status of the backup run the following command:
 
 ```markdown
-kubectl get snapshot -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.state}'
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.state}'
 ```
 
 - If status is `Completed` Backup completed successfully 
@@ -189,16 +240,54 @@ kubectl get snapshot -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.
 - If status is `Failed` check the error message:
 
 ```markdown
-kubectl get snapshot -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.error}'
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.error}'
+```
+## Perform an restore of the backup
+There are two ways to restore a backup:
+- [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
+- [Restore backup to the same namespace](#restore-backup-to-the-same-namespace)
+
+### Restore backup to a different namespace
+To restore the backup you created above to a different namespace, you first need to create a restore configuration file named `trident-restore.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupRestore
+metadata:
+  name: <APP RESTORE NAME>
+  namespace: <DESTINATION NAMESPACE>
+spec:
+  appArchivePath: <APP ARCHIVE PATH>
+  appVaultRef: <APP VAULT NAME>
+  namespaceMapping: 
+    - source: <SOURCE NAMESPACE>
+      destination: <DESTINATION NAMESPACE>
+```
+
+Where:
+    - `<APP RESTORE NAME>` with the name you want to assign the restore configuration
+    - `<DESTINATION NAMESPACE>` with the namespace where you want to restore the application
+    - `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
+    - `<SOURCE NAMESPACE>` with the namespace where the application was backed up from.
+    - `<DESTINATION NAMESPACE>` with the namespace where you want the application to be restored to.
+    - `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
+```markdown
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
+```
+
+Run the following command to start the restore:
+
+```markdown
+kubectl apply -f trident-restore.yaml
 ```
 
-## Perform an in place restore with volume migration (from gp3 to FSxN/trident-csi)
-Before running the Restore command get appArchivePath by running:
+You can check the status of the restore by running the following command:
 
 ```markdown
-kubectl get backup -n trident-protect <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
+kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonpath='{.status.state}'
 ```
 
+## Restore backup to the same namespace
 Run the restore by first creating an in place restore configuration file named `backupinplacerestore.yaml` with the following contents:
 
 ```markdown
@@ -206,27 +295,37 @@ apiVersion: protect.trident.netapp.io/v1
 kind: BackupInplaceRestore
 metadata:
   name:  <APP BACKUP RESTORE NAME>
-  namespace: trident-protect
+  namespace: <APP NAMESPACE>
 spec:
-  appArchivePath: <BACKUP PATH>
+  appArchivePath: <APP ARCHIVE PATH>
   appVaultRef: <APP VAULT NAME>
-  storageClassMapping: [{"source": "gp3", "destination": "trident-csi-nas"}]
+  storageClassMapping: 
+    - source: <SOURCE STORAGE CLASS>
+      destination: <DESTINATION STORAGE CLASS>
 ```
 
 Replace:
 - `<APP BACKUP RESTORE NAME>` with the name you want to assign the restore configuration
-- `<BACKUP PATH>` with the appArchivePath obtained from the step above.
+- `<APP NAMESPACE>` with the namespace where the application was backed up from.
 - `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
+- `<SOURCE STORAGE CLASS>` with the storage class of the PVC you want to migrate from.
+- `<DESTINATION STORAGE CLASS>` with the storage class of the PVC you want to migrate to.
+- `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
+
+```markdown
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
+```
+
+Note in the above example, not only are we reestoring to the same namespace, but we are also migrating the PVCs from one storage class to anther. If you don't want to do that, you can remove the `storageClassMapping` section from the yaml file.
 
-Run the following command to keep the application in place while migrating application's PVC from gp3 to trident-csi-nas
+Once the yaml file is created, run the following command to start the restore:
 
 ```markdown
 kubectl apply -f backupinplacerestore.yaml
 ```
 
-Verify application restore was successful and check PVC storage class:
+Verify application restore was successful run the following command:
 
 ```markdown
-kubectl get <APP BACKUP RESTORE NAME> -n trident-protect -o jsonpath='{.status.state}'
-kubectl get pvc <PVC NAME> -n <NAMESPACE> -o jsonpath='{.spec.storageClassName}'
+kubectl get <APP BACKUP RESTORE NAME> -n <APP NAMESPACE> -o jsonpath='{.status.state}'
 ```

From bbdce22b0556c67bc89cb890c8303db2aa977424 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Wed, 22 Jan 2025 19:00:26 -0600
Subject: [PATCH 04/16] Made adjustments after testing.

---
 EKS/Trident-Protect/README.md | 127 +++++++++++++++++++---------------
 1 file changed, 71 insertions(+), 56 deletions(-)

diff --git a/EKS/Trident-Protect/README.md b/EKS/Trident-Protect/README.md
index c0a01ed..256ac1b 100644
--- a/EKS/Trident-Protect/README.md
+++ b/EKS/Trident-Protect/README.md
@@ -1,10 +1,12 @@
 # Trident Protect Migrate PVC Storage Class
 
-A simple sample for setting up your application to be backed up by Trident Protect with an option for in place migration from EBS to FSx for ONTAP.
+This is a sample for setting up your Kubernetes application to be backed up by Trident Protect with an option to migrate it from one storage class to another.
 
 ## Prerequisites:
 The following items should be already be deployed before install Trident Protect.
-- EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with Tident installed and its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
+- An AWS EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS)
+GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with
+Trident installed with its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
 - Trident installed. Please refer to this [Trident installation documentation](https://docs.netapp.com/us-en/trident/trident-get-started/kubernetes-deploy-helm.html) for the easiest way to do that.
 - Configure Trident Backend. Refer to the NetApp Trident documentation for guidance on creating [TridentBackendConfig resources](https://docs.netapp.com/us-en/trident/trident-use/backend-kubectl.html).
 - Install the Trident CSI drivers for SAN and NAS type storage. Refer to NetApp documentation for [installation instructions](https://docs.netapp.com/us-en/trident/trident-use/trident-fsx-storage-backend.html).
@@ -12,8 +14,8 @@ The following items should be already be deployed before install Trident Protect
 - kubectl installed - Refer to [this documentation](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) on how to install it.
 - helm installed - Refer to [this documentation](https://helm.sh/docs/intro/install/) on how to install it.
 
-## Preperation
-The following are the steps required before you can use Trident Protect to backup your EKS application.
+## Preparation
+The following are the steps required before you can use Trident Protect to backup or migrate your EKS application.
 
 1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
 1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
@@ -37,7 +39,8 @@ kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ont
 kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-nas")].metadata.name}'
 ```
 
-If no matching TridentBackendConfig resources are found, you may need to create one. Refer to the prerequisites section above for more information on how to do that.
+If no matching TridentBackendConfig resources are found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+
 ### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
 Run the follwing kubectl commands to check that a storageclass exist for both SAN and NAS type storage.
 
@@ -53,10 +56,11 @@ Checks for StorageClasses in Kubernetes that use 'ontap-nas' as their backend ty
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
 ```
 
-If one or both are not found, you may need to create them. Refer to the prerequisites section above for more information on how to do that.
+If one or both are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
 
 ### 3. Install the Kubernetes External Snapshotter
-Run the following commands to install the Kubernetes External Snapshotter. For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
+Trident Protect depends on the Snapshotter CRDs and controller. Please run the following commands to install the Kubernetes External Snapshotter.
+For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
 
 ```bash
 kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/client/config/crd | kubectl create -f -
@@ -105,7 +109,7 @@ helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-he
 helm install trident-protect-crds netapp-trident-protect/trident-protect-crds --create-namespace --namespace trident-protect
 helm install trident-protect netapp-trident-protect/trident-protect --set autoSupport.enabled=false --set clusterName=trident-protect-cluster --namespace trident-protect
 ```
-Note that the above commands should install the latest version. If you want to install a specific version add the --version option and provide the version you want to sue. Please use version `100.2410.1` or later.
+Note that the above commands should install the latest version. If you want to install a specific version add the --version option and provide the version you want to use. Please use version `100.2410.1` or later.
 
 ### 6. Create Private S3 Bucket for Backup Data and Metadata
 
@@ -118,13 +122,17 @@ Replace:
 - `<aws_region>` the AWS region you want the bucket to reside.
 
 ### 7. Create a Kubernetes secret for the S3 bucket
-If required, create a service account within AWS IAM that has rights to read and write to the S3 bucketd create. Then create an access key.
+If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket create. Then, create an access key.
 Once you have the Access Key Id and Secret Access Key, create a Kubernetes secret with the following command:
 
 ```markdown
 kubectl create secret generic -n trident-protect s3 --from-literal=accessKeyID=<AccessKeyID> --from-literal=secretAccessKey=<secretAccessKey>
 ```
 
+Replace:
+- `<AccessKeyID>` with the Access Key ID.
+- `<secretAccessKey>` with the Secret Access Key.
+
 ## Configure Trident Protect to backup your application
 Preform these steps to configure Trident Protect to backup your application:
 - [Define Trident Vault](#define-a-trident-vault-to-store-the-backup)
@@ -161,7 +169,7 @@ spec:
 
 Replace:
 - `<APP VAULT NAME>` with the name you want assigned to the Trident Vault
-- `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 5 above.
+- `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 6 above.
 - `<S3 ENDPOINT>` the hostname of the S3 endpoint. For example: `s3.us-west-2.amazonaws.com`.
 
 Now run the following command to create the Trident Vault:
@@ -173,10 +181,10 @@ kubectl apply -f trident-vault.yaml
 SECURITY NOTE:
 
 If you want to avoid storing AWS credentials explicitly in Kubernetes secrets, a more secure approach would be to use IAM roles for service accounts (IRSA):
- - Create an IAM policy with minimal S3 access permissions for the specific bucket.
- - Create an IAM role and attach the policy to it.
- - Configure your EKS cluster to use IAM roles for service accounts (IRSA).
- - Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
+- Create an IAM policy with minimal S3 access permissions for the specific bucket.
+- Create an IAM role and attach the policy to it.
+- Configure your EKS cluster to use IAM roles for service accounts (IRSA).
+- Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
 
 ### Create a Trident Application
 You create a Trident application with the specification of your application in order to back it up. You do that by creating a file named `trident-application.yaml` with the following contents:
@@ -203,7 +211,7 @@ kubectl apply -f trident-application.yaml
 ```
 
 ### Run Backup for Application
-To perform an on-demand backup of the application first create a backup configuration file named `trident-backup.yaml` with the following contents:
+To perform an on-demand backup of the application, first create a backup configuration file named `trident-backup.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
@@ -235,97 +243,104 @@ To check the status of the backup run the following command:
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.state}'
 ```
 
-- If status is `Completed` Backup completed successfully 
-- If status is `Running` run the command again in a few minutes to check status
-- If status is `Failed` check the error message:
+- If status is `Completed` Backup completed successfully .
+- If status is `Running` run the command again in a few minutes to check status.
+- If status is `Failed` or `Error` check the error message with:
 
 ```markdown
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.error}'
 ```
-## Perform an restore of the backup
+
+## Perform a Restore of a Backup
 There are two ways to restore a backup:
-- [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
 - [Restore backup to the same namespace](#restore-backup-to-the-same-namespace)
+- [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
 
-### Restore backup to a different namespace
-To restore the backup you created above to a different namespace, you first need to create a restore configuration file named `trident-restore.yaml` with the following contents:
+### Restore backup to the same namespace
+To restore your appilcation in the same namespace, create an `BackupInPlaceRestore` configuration file named `backupinplacerestore.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
-kind: BackupRestore
+kind: BackupInplaceRestore
 metadata:
-  name: <APP RESTORE NAME>
-  namespace: <DESTINATION NAMESPACE>
+  name:  <APP BACKUP RESTORE NAME>
+  namespace: <APP NAMESPACE>
 spec:
   appArchivePath: <APP ARCHIVE PATH>
   appVaultRef: <APP VAULT NAME>
-  namespaceMapping: 
-    - source: <SOURCE NAMESPACE>
-      destination: <DESTINATION NAMESPACE>
 ```
 
-Where:
-    - `<APP RESTORE NAME>` with the name you want to assign the restore configuration
-    - `<DESTINATION NAMESPACE>` with the namespace where you want to restore the application
-    - `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
-    - `<SOURCE NAMESPACE>` with the namespace where the application was backed up from.
-    - `<DESTINATION NAMESPACE>` with the namespace where you want the application to be restored to.
-    - `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
+Replace:
+- `<APP BACKUP RESTORE NAME>` with the name you want to assign the restore configuration
+- `<APP NAMESPACE>` with the namespace where the application was backed up from.
+- `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
+- `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
+
 ```markdown
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
 ```
 
-Run the following command to start the restore:
+Once the yaml file is created, run the following command to start the restore:
 
 ```markdown
-kubectl apply -f trident-restore.yaml
+kubectl apply -f backupinplacerestore.yaml
 ```
 
-You can check the status of the restore by running the following command:
+Verify application restore was successful run the following command:
 
 ```markdown
-kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonpath='{.status.state}'
+kubectl get <APP BACKUP RESTORE NAME> -n <APP NAMESPACE> -o jsonpath='{.status.state}'
 ```
 
-## Restore backup to the same namespace
-Run the restore by first creating an in place restore configuration file named `backupinplacerestore.yaml` with the following contents:
+### Restore backup to a different namespace
+To restore the backup to a different namespace and optionally to a different storage class, you first need to create a restore configuration file named `trident-migrate.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
-kind: BackupInplaceRestore
+kind: BackupRestore
 metadata:
-  name:  <APP BACKUP RESTORE NAME>
-  namespace: <APP NAMESPACE>
+  name: <APP RESTORE NAME>
+  namespace: <DESTINATION NAMESPACE>
 spec:
   appArchivePath: <APP ARCHIVE PATH>
   appVaultRef: <APP VAULT NAME>
-  storageClassMapping: 
+  namespaceMapping: 
+    - source: <SOURCE NAMESPACE>
+      destination: <DESTINATION NAMESPACE>
+  storageClassMapping:
     - source: <SOURCE STORAGE CLASS>
       destination: <DESTINATION STORAGE CLASS>
 ```
 
 Replace:
-- `<APP BACKUP RESTORE NAME>` with the name you want to assign the restore configuration
-- `<APP NAMESPACE>` with the namespace where the application was backed up from.
-- `<APP VAULT NAME>` with the name of the backup configuration used to create the backup you want to restore from.
-- `<SOURCE STORAGE CLASS>` with the storage class of the PVC you want to migrate from.
-- `<DESTINATION STORAGE CLASS>` with the storage class of the PVC you want to migrate to.
+- `<APP RESTORE NAME>` with the name you want to assign the restore configuration.
+- `<DESTINATION NAMESPACE>` with the namespace where you want to restore the application.
+- `<APP VAULT NAME>` with the name of the Trident Vault used when creating the backup.
+- `<SOURCE NAMESPACE>` with the namespace where the application was backed up from.
+- `<DESTINATION NAMESPACE>` with the namespace where you want the application to be restored to.
+- `<SOURCE STORAGE CLASS>` with the name of storage class of the PVCs in the source namespace.
+- `<DESTINATION STORAGE CLASS>` with the name of storage class you want to be used for the PVC(s) when the data is restored.
 - `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
 
+Note that with the above example, you are migrating the PVCs from one storage class to another. If you don't want to do that, you can remove the `storageClassMapping` section from the yaml file.
+
 ```markdown
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
 ```
 
-Note in the above example, not only are we reestoring to the same namespace, but we are also migrating the PVCs from one storage class to anther. If you don't want to do that, you can remove the `storageClassMapping` section from the yaml file.
-
-Once the yaml file is created, run the following command to start the restore:
+Run the following command to start the restore:
 
 ```markdown
-kubectl apply -f backupinplacerestore.yaml
+kubectl apply -f trident-migrate.yaml
 ```
 
-Verify application restore was successful run the following command:
+You can check the status of the restore by running the following command:
 
 ```markdown
-kubectl get <APP BACKUP RESTORE NAME> -n <APP NAMESPACE> -o jsonpath='{.status.state}'
+kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonpath='{.status.state}'
 ```
+
+## Final Notes
+This is a simple example of how to use Trident Protect to backup and restore your application.
+There are a lot of other features and options available with Trident Protect that are not covered here.
+For more information please refer to the official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).

From 70f188b013c3a0c56324835eed0282fd621db946 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Wed, 22 Jan 2025 19:03:01 -0600
Subject: [PATCH 05/16] Initial Version

---
 EKS/Trident-Protect/trident-application.yaml |  8 ++++++++
 EKS/Trident-Protect/trident-backup.yaml      |  8 ++++++++
 EKS/Trident-Protect/trident-migrate.yaml     | 14 ++++++++++++++
 EKS/Trident-Protect/trident-restore.yaml     |  8 ++++++++
 4 files changed, 38 insertions(+)
 create mode 100644 EKS/Trident-Protect/trident-application.yaml
 create mode 100644 EKS/Trident-Protect/trident-backup.yaml
 create mode 100644 EKS/Trident-Protect/trident-migrate.yaml
 create mode 100644 EKS/Trident-Protect/trident-restore.yaml

diff --git a/EKS/Trident-Protect/trident-application.yaml b/EKS/Trident-Protect/trident-application.yaml
new file mode 100644
index 0000000..f0e506f
--- /dev/null
+++ b/EKS/Trident-Protect/trident-application.yaml
@@ -0,0 +1,8 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: Application
+metadata:
+  name: <APP NAME>
+  namespace: <APP NAMESPACE>
+spec:
+  includedNamespaces:
+    - namespace:  <APP NAMESPACE>
diff --git a/EKS/Trident-Protect/trident-backup.yaml b/EKS/Trident-Protect/trident-backup.yaml
new file mode 100644
index 0000000..7375c0b
--- /dev/null
+++ b/EKS/Trident-Protect/trident-backup.yaml
@@ -0,0 +1,8 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: Backup
+metadata:
+  namespace: <APP NAMESPACE>
+  name: <APP BACKUP NAME>
+spec:
+  applicationRef: <APP NAME> 
+  appVaultRef: <APP VAULT NAME>
diff --git a/EKS/Trident-Protect/trident-migrate.yaml b/EKS/Trident-Protect/trident-migrate.yaml
new file mode 100644
index 0000000..be98dc3
--- /dev/null
+++ b/EKS/Trident-Protect/trident-migrate.yaml
@@ -0,0 +1,14 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupRestore
+metadata:
+  name: <APP RESTORE NAME>
+  namespace: <DESTINATION NAMESPACE>
+spec:
+  appArchivePath: <APP ARCHIVE PATH>
+  appVaultRef: <APP VAULT NAME>
+  namespaceMapping: 
+    - source: <SOURCE NAMESPACE>
+      destination: <DESTINATION NAMESPACE>
+  storageClassMapping:
+    - source: <SOURCE STORAGE CLASS>
+      destination: <DESTINATION STORAGE CLASS>
diff --git a/EKS/Trident-Protect/trident-restore.yaml b/EKS/Trident-Protect/trident-restore.yaml
new file mode 100644
index 0000000..b682891
--- /dev/null
+++ b/EKS/Trident-Protect/trident-restore.yaml
@@ -0,0 +1,8 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupInplaceRestore
+metadata:
+  name:  <APP BACKUP RESTORE NAME>
+  namespace: <APP NAMESPACE>
+spec:
+  appArchivePath: <APP ARCHIVE PATH>
+  appVaultRef: <APP VAULT NAME>

From 4107e1f4898e1d26c8aa465f5c316d74bb6e37c7 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Fri, 24 Jan 2025 18:03:16 -0600
Subject: [PATCH 06/16] Updated it to allow an EBS volume to be created along
 with a FSxN one.

---
 EKS/FSxN-as-PVC-for-EKS/README.md                | 16 +++++++---------
 EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf         | 10 +++++++++-
 EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf |  6 ++++++
 .../terraform/scripts/iscsi.sh                   |  3 +++
 EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf   |  6 ++----
 .../README.md                                    | 16 ++++++----------
 .../trident-application.yaml                     |  0
 .../trident-backup.yaml                          |  0
 .../trident-migrate.yaml                         |  0
 .../trident-restore.yaml                         |  0
 .../trident-vault.yaml                           |  0
 11 files changed, 33 insertions(+), 24 deletions(-)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/README.md (96%)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/trident-application.yaml (100%)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/trident-backup.yaml (100%)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/trident-migrate.yaml (100%)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/trident-restore.yaml (100%)
 rename EKS/{Trident-Protect => Migrate-Backup-EKS-Applications}/trident-vault.yaml (100%)

diff --git a/EKS/FSxN-as-PVC-for-EKS/README.md b/EKS/FSxN-as-PVC-for-EKS/README.md
index 065981e..793ef63 100644
--- a/EKS/FSxN-as-PVC-for-EKS/README.md
+++ b/EKS/FSxN-as-PVC-for-EKS/README.md
@@ -5,7 +5,7 @@
 * [Installation Overview](#Installation-Overview)
 * [Detailed Instructions](#Detailed-instructions)
   * [Clone the "NetApp/FSx-ONTAP-samples-scripts" repo from GitHub](#Clone-the-NetAppFSx-ONTAP-samples-scripts-repo-from-GitHub)
-  * [Make any desired changes to the variables.tf file](#Make-any-desired-changes-to-the-variablestf-file)
+  * [Make any desired changes to the configuration variables](#Make-any-desired-changes-to-the-configuration-variables)
   * [Initialize the Terraform environment](#Initialize-the-Terraform-environment)
   * [Deploy the resources](#Deploy-the-resources)
   * [SSH to the jump server to complete the setup](#SSH-to-the-jump-server-to-complete-the-setup)
@@ -78,21 +78,19 @@ terraform files are located:
 git clone https://github.com/NetApp/FSx-ONTAP-samples-scripts.git
 cd FSx-ONTAP-samples-scripts/EKS/FSxN-as-PVC-for-EKS/terraform
 ```
-### Make any desired changes to the variables.tf file.
-Variables that can be changed include:
+### Make any desired changes to the configuration variables
+To configure the deployment first copy the `terraform.tfvars.template` file to `terraform.tfvars`. Then, modify it to suit your needs. Here are the variables you can set:
 - aws_region - The AWS region where you want to deploy the resources.
 - aws_secrets_region - The region where the fsx password secret will be created.
 - fsx_name - The name you want applied to the FSx for NetApp ONTAP File System. Must not already exist.
-- secret_name_prefix - The base name of the AWS SecretsManager secrets that will be created that will hold the FSxN adminstrator, and SVM, passwords.
+- secret_name_prefix - The base name of the AWS SecretsManager secrets that will be created that will hold the FSxN administrator, and SVM, passwords.
 A random string will be appended to this name to ensure uniqueness.
-- fsx_storage_capacity - The storage capacity of the FSx for NetApp ONTAP File System.
-Read the "description" of the variable to see the valid range.
-- fsx_throughput_capacity - The throughput capacity of the FSx for NetApp ONTAP File System.
-Read the "description" of the variable to see valid values.
+- fsx_storage_capacity - The storage capacity of the FSx for NetApp ONTAP File System.  Read the "description" of the variable in the `variables.tf` file to see the valid range.
+- fsx_throughput_capacity - The throughput capacity of the FSx for NetApp ONTAP File System.  Read the "description" of the variable in the `varaibles.tf` file to see valid values.
 - key_pair_name - The name of the EC2 key pair to use to access the jump server.
 - secure_ips - The IP address ranges to allow SSH access to the jump server. The default is wide open.
 
-:warning: **NOTE:** You must change the key_pair_name variable, otherwise the deployment will not complete succesfully.
+:warning: **NOTE:** You must change the key_pair_name variable, otherwise the deployment will not complete successfully.
 ### Initialize the Terraform environment
 Run the following command to initialize the terraform environment.
 ```bash
diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf b/EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf
index 6c94c2d..1ed5c16 100644
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/ec2.tf
@@ -26,6 +26,8 @@ resource "aws_instance" "eks_jump_server" {
   user_data       = <<EOF
 #!/bin/bash
 #
+ARCH=amd64
+#
 # Get the system up to date:
 apt update
 apt upgrade -y
@@ -41,12 +43,18 @@ unzip -q awscliv2.zip
 rm -rf awscliv2.zip aws
 #
 # Install kubectl:
-curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/$ARCH/kubectl"
 install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 #
 # Install helm:
 snap install helm --classic
 #
+# Install eksctl:
+PLATFORM=$(uname -s)_$ARCH
+curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
+tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz
+sudo mv /tmp/eksctl /usr/local/bin
+#
 # Install the eks samples repo into the ubuntu home directory:
 cd /home/ubuntu
 git clone https://github.com/NetApp/FSx-ONTAP-samples-scripts.git
diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
index 39bfd3e..1cb981d 100644
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
@@ -43,6 +43,12 @@ resource "random_id" "id" {
 # Get access to the aws provider identity data to get account ID.
 data "aws_caller_identity" "current" {}
 #
+# Add pod-identity add-on to the EKS cluster.
+resource "aws_eks_addon" "pod_identity_agent" {
+  cluster_name = module.eks.cluster_name
+  addon_name   = "eks-pod-identity-agent"
+}
+#
 # Add Trident to the EKS cluster with a role that will allow it to read secrets
 # add manage the fsxn file system.
 resource "aws_eks_addon" "fsxn_csi_addon" {
diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh b/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
index d187c2a..99ea54d 100755
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
@@ -4,5 +4,8 @@ rpm -q iscsi-initiator-utils
 sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
 cat /etc/iscsi/initiatorname.iscsi
 sudo mpathconf --enable --with_multipathd y --find_multipaths n
+#
+# Blacklist any EBS volume since they don't support them!
+sed -i -e '/^blacklist {/,/^}/{/^}/i\    device {\n        vendor "NVME"\n        product "Amazon Elastic Block Store"\n    }\n' -e '}' /etc/multipath.conf
 sudo systemctl enable --now iscsid multipathd
 sudo systemctl enable --now iscsi
diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf b/EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf
index 64d0016..afb1130 100644
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/variables.tf
@@ -1,13 +1,11 @@
 variable "aws_region" {
   description = "The AWS region where you want the resources deployed."
   type        = string
-  default     = "us-west-2"
 }
 
 variable "aws_secrets_region" {
   description = "The AWS region where you want the FSxN and SVM secrets stored within AWS Secrets Manager."
   type        = string
-  default     = "us-west-2"
 }
 
 variable "fsx_name" {
@@ -62,13 +60,13 @@ variable "secure_ips" {
 
 variable "trident_version" {
   description = "The version of Astra Trident to 'add-on' to the EKS cluster."
-  default     = "v24.2.0-eksbuild.1"
+  default     = "v24.10.0-eksbuild.1"
   type        = string
 }
 
 variable "kubernetes_version" {
   description = "kubernetes version"
-  default     = 1.29
+  default     = 1.31
   type        = string
 }
 
diff --git a/EKS/Trident-Protect/README.md b/EKS/Migrate-Backup-EKS-Applications/README.md
similarity index 96%
rename from EKS/Trident-Protect/README.md
rename to EKS/Migrate-Backup-EKS-Applications/README.md
index 256ac1b..ec18c95 100644
--- a/EKS/Trident-Protect/README.md
+++ b/EKS/Migrate-Backup-EKS-Applications/README.md
@@ -1,4 +1,4 @@
-# Trident Protect Migrate PVC Storage Class
+# Migrate and Backup EKS Applications with Trident Protect
 
 This is a sample for setting up your Kubernetes application to be backed up by Trident Protect with an option to migrate it from one storage class to another.
 
@@ -178,14 +178,6 @@ Now run the following command to create the Trident Vault:
 kubectl apply -f trident-vault.yaml
 ```
 
-SECURITY NOTE:
-
-If you want to avoid storing AWS credentials explicitly in Kubernetes secrets, a more secure approach would be to use IAM roles for service accounts (IRSA):
-- Create an IAM policy with minimal S3 access permissions for the specific bucket.
-- Create an IAM role and attach the policy to it.
-- Configure your EKS cluster to use IAM roles for service accounts (IRSA).
-- Create a Kubernetes service account in the trident-protect namespace and associate it with the IAM role
-
 ### Create a Trident Application
 You create a Trident application with the specification of your application in order to back it up. You do that by creating a file named `trident-application.yaml` with the following contents:
 
@@ -342,5 +334,9 @@ kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonp
 
 ## Final Notes
 This is a simple example of how to use Trident Protect to backup and restore your application.
-There are a lot of other features and options available with Trident Protect that are not covered here.
+There are a lot of other features and options available with Trident Protect that are not covered here for example:
+- Creating snapshots of your application.
+- Scheduling backups.
+- Replicating backups to another FSxN file system with SnapMirror.
+
 For more information please refer to the official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
diff --git a/EKS/Trident-Protect/trident-application.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-application.yaml
similarity index 100%
rename from EKS/Trident-Protect/trident-application.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-application.yaml
diff --git a/EKS/Trident-Protect/trident-backup.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-backup.yaml
similarity index 100%
rename from EKS/Trident-Protect/trident-backup.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-backup.yaml
diff --git a/EKS/Trident-Protect/trident-migrate.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-migrate.yaml
similarity index 100%
rename from EKS/Trident-Protect/trident-migrate.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-migrate.yaml
diff --git a/EKS/Trident-Protect/trident-restore.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-restore.yaml
similarity index 100%
rename from EKS/Trident-Protect/trident-restore.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-restore.yaml
diff --git a/EKS/Trident-Protect/trident-vault.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-vault.yaml
similarity index 100%
rename from EKS/Trident-Protect/trident-vault.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-vault.yaml

From aacdf1815ab858621d7db8e4f65783df28b26b33 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:00:17 -0600
Subject: [PATCH 07/16] Made changes are more testing.

---
 EKS/Migrate-Backup-EKS-Applications/README.md | 57 +++++++++++--------
 .../ebs-volume-storage-class.yaml             |  6 ++
 ...rate.yaml => trident-restore-diff-ns.yaml} |  3 -
 ...tore.yaml => trident-restore-inplace.yaml} |  0
 .../trident-volume-storage-class.yaml         |  8 +++
 5 files changed, 46 insertions(+), 28 deletions(-)
 create mode 100644 EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml
 rename EKS/Migrate-Backup-EKS-Applications/{trident-migrate.yaml => trident-restore-diff-ns.yaml} (74%)
 rename EKS/Migrate-Backup-EKS-Applications/{trident-restore.yaml => trident-restore-inplace.yaml} (100%)
 create mode 100644 EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml

diff --git a/EKS/Migrate-Backup-EKS-Applications/README.md b/EKS/Migrate-Backup-EKS-Applications/README.md
index ec18c95..f41bafd 100644
--- a/EKS/Migrate-Backup-EKS-Applications/README.md
+++ b/EKS/Migrate-Backup-EKS-Applications/README.md
@@ -113,6 +113,8 @@ Note that the above commands should install the latest version. If you want to i
 
 ### 6. Create Private S3 Bucket for Backup Data and Metadata
 
+If you don't already have an S3 bucket, you can create one with the following command:
+
 ```markdown
 aws s3 mb s3://<bucket_name> --region <aws_region>
 ```
@@ -168,7 +170,7 @@ spec:
 ```
 
 Replace:
-- `<APP VAULT NAME>` with the name you want assigned to the Trident Vault
+- `<APP VAULT NAME>` with the name you want assigned to the Trident Vault.
 - `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 6 above.
 - `<S3 ENDPOINT>` the hostname of the S3 endpoint. For example: `s3.us-west-2.amazonaws.com`.
 
@@ -218,7 +220,7 @@ spec:
 
 Replace:
 - `<APP NAMESPACE>` with the namespace where the application resides.
-- `<APP BACKUP NAME>` with the name you want assigned to the backup. This has to be unique.
+- `<APP BACKUP NAME>` with the name you want assigned to the backup. This has to be different from any other backup ever run.
 - `<APP NAME>` with the name of the application defined in the step above.
 - `<APP VAULT NAME>` with the name of the Trident Vault created in the step above.
 
@@ -232,16 +234,12 @@ kubectl apply -f trident-backup.yaml
 To check the status of the backup run the following command:
 
 ```markdown
-kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.state}'
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME>
 ```
 
 - If status is `Completed` Backup completed successfully .
 - If status is `Running` run the command again in a few minutes to check status.
-- If status is `Failed` or `Error` check the error message with:
-
-```markdown
-kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.error}'
-```
+- If status is `Failed` the error message will give you a clue as to what went wrong. If you need more information, try using `kubectl describe` instead of `kubectl get` to get more information.
 
 ## Perform a Restore of a Backup
 There are two ways to restore a backup:
@@ -249,7 +247,7 @@ There are two ways to restore a backup:
 - [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
 
 ### Restore backup to the same namespace
-To restore your appilcation in the same namespace, create an `BackupInPlaceRestore` configuration file named `backupinplacerestore.yaml` with the following contents:
+To restore your appilcation in the same namespace, create an `BackupInPlaceRestore` configuration file named `trident-restore-inplace.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
@@ -275,17 +273,17 @@ kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.ap
 Once the yaml file is created, run the following command to start the restore:
 
 ```markdown
-kubectl apply -f backupinplacerestore.yaml
+kubectl apply -f trident-restore-inplace.yaml
 ```
 
 Verify application restore was successful run the following command:
 
 ```markdown
-kubectl get <APP BACKUP RESTORE NAME> -n <APP NAMESPACE> -o jsonpath='{.status.state}'
+kubectl get BackupInplaceRestore <APP BACKUP RESTORE NAME> -n <APP NAMESPACE>
 ```
 
 ### Restore backup to a different namespace
-To restore the backup to a different namespace and optionally to a different storage class, you first need to create a restore configuration file named `trident-migrate.yaml` with the following contents:
+To restore the backup to a different namespace, you first need to create a restore configuration file named `trident-restore-diff-ns.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
@@ -299,9 +297,6 @@ spec:
   namespaceMapping: 
     - source: <SOURCE NAMESPACE>
       destination: <DESTINATION NAMESPACE>
-  storageClassMapping:
-    - source: <SOURCE STORAGE CLASS>
-      destination: <DESTINATION STORAGE CLASS>
 ```
 
 Replace:
@@ -310,33 +305,45 @@ Replace:
 - `<APP VAULT NAME>` with the name of the Trident Vault used when creating the backup.
 - `<SOURCE NAMESPACE>` with the namespace where the application was backed up from.
 - `<DESTINATION NAMESPACE>` with the namespace where you want the application to be restored to.
-- `<SOURCE STORAGE CLASS>` with the name of storage class of the PVCs in the source namespace.
-- `<DESTINATION STORAGE CLASS>` with the name of storage class you want to be used for the PVC(s) when the data is restored.
 - `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
 
-Note that with the above example, you are migrating the PVCs from one storage class to another. If you don't want to do that, you can remove the `storageClassMapping` section from the yaml file.
-
 ```markdown
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
 ```
 
-Run the following command to start the restore:
+Once the yaml file has been created, run the following command to start the restore:
 
 ```markdown
-kubectl apply -f trident-migrate.yaml
+kubectl apply -f trident-restore-diff-ns.yaml
 ```
 
 You can check the status of the restore by running the following command:
 
 ```markdown
-kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME> -o jsonpath='{.status.state}'
+kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME>
 ```
 
 ## Final Notes
-This is a simple example of how to use Trident Protect to backup and restore your application.
-There are a lot of other features and options available with Trident Protect that are not covered here for example:
-- Creating snapshots of your application.
+There are a lot of other features and options available with Trident Protect that are not covered here, for example:
+- Creating zero space snapshots of your application.
+- Restoring backups to a different storage class and therefore migrate the data from one storage class to another. You can refer to this [PV Migrate with Trident Protect](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) for an example of how to do that.
 - Scheduling backups.
 - Replicating backups to another FSxN file system with SnapMirror.
 
 For more information please refer to the official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+
+## Author Information
+
+This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License").
+
+You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
+
+See the License for the specific language governing permissions and limitations under the License.
+
+© 2025 NetApp, Inc. All Rights Reserved.
diff --git a/EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml b/EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml
new file mode 100644
index 0000000..1ed2936
--- /dev/null
+++ b/EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml
@@ -0,0 +1,6 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: ebs-csi-snapclass
+driver: ebs.csi.aws.com
+deletionPolicy: Delete
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-migrate.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-restore-diff-ns.yaml
similarity index 74%
rename from EKS/Migrate-Backup-EKS-Applications/trident-migrate.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-restore-diff-ns.yaml
index be98dc3..8af7e03 100644
--- a/EKS/Migrate-Backup-EKS-Applications/trident-migrate.yaml
+++ b/EKS/Migrate-Backup-EKS-Applications/trident-restore-diff-ns.yaml
@@ -9,6 +9,3 @@ spec:
   namespaceMapping: 
     - source: <SOURCE NAMESPACE>
       destination: <DESTINATION NAMESPACE>
-  storageClassMapping:
-    - source: <SOURCE STORAGE CLASS>
-      destination: <DESTINATION STORAGE CLASS>
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-restore.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-restore-inplace.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-restore.yaml
rename to EKS/Migrate-Backup-EKS-Applications/trident-restore-inplace.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml b/EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml
new file mode 100644
index 0000000..72d3ca6
--- /dev/null
+++ b/EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml
@@ -0,0 +1,8 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: trident-csi-snapclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: csi.trident.netapp.io
+deletionPolicy: Delete

From f170a996c82afaea507b68ac1048d2d7f767dd3d Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:02:07 -0600
Subject: [PATCH 08/16] Updated it to support a newer version of the eks
 module; Got it to not use deprecated options.

---
 EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
index 1cb981d..b762b60 100644
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
@@ -1,6 +1,6 @@
 module "eks" {
   source          = "terraform-aws-modules/eks/aws"
-  version         = "~> 20.0.0"
+  version         = "~> 20.33"
   cluster_name    = local.cluster_name
   cluster_version = var.kubernetes_version
   subnet_ids      = module.vpc.private_subnets
@@ -115,8 +115,16 @@ resource "aws_iam_role" "trident_role" {
         }
     ]
   })
+}
+
+resource "aws_iam_role_policy_attachment" "trident_policy_attachment" {
+  role       = aws_iam_role.trident_role.name
+  policy_arn = aws_iam_policy.trident_policy.arn
+}
 
-  managed_policy_arns = [aws_iam_policy.trident_policy.arn]
+resource "aws_iam_role_policy_attachments_exclusive" "trident_policy_attachment_exclusive" {
+  role_name   = aws_iam_role.trident_role.name
+  policy_arns = [aws_iam_policy.trident_policy.arn]
 }
 
 data "cloudinit_config" "cloudinit" {

From c3d80d64bd411a6381e502d73c3d305f3e895aee Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:03:27 -0600
Subject: [PATCH 09/16] Had it backlist EBS volumes so they could co-exist with
 Trident volumes that support multipathing.

---
 EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh b/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
index 99ea54d..69465b5 100755
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
@@ -7,5 +7,6 @@ sudo mpathconf --enable --with_multipathd y --find_multipaths n
 #
 # Blacklist any EBS volume since they don't support them!
 sed -i -e '/^blacklist {/,/^}/{/^}/i\    device {\n        vendor "NVME"\n        product "Amazon Elastic Block Store"\n    }\n' -e '}' /etc/multipath.conf
+sudo systemctl restart multipathd
 sudo systemctl enable --now iscsid multipathd
 sudo systemctl enable --now iscsi

From b911f08ba208420179283c6e638955fef982ccb9 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:32:58 -0600
Subject: [PATCH 10/16] Created PVC Migration.

---
 .../README.md                                 | 21 ++++++++++---------
 .../ebs-volume-storage-class.yaml             |  0
 .../trident-application.yaml                  |  0
 .../trident-backup.yaml                       |  0
 .../trident-restore-diff-ns.yaml              |  0
 .../trident-restore-inplace.yaml              |  0
 .../trident-vault.yaml                        |  0
 .../trident-volume-storage-class.yaml         |  0
 EKS/README.md                                 |  2 ++
 9 files changed, 13 insertions(+), 10 deletions(-)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/README.md (91%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/ebs-volume-storage-class.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-application.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-backup.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-restore-diff-ns.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-restore-inplace.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-vault.yaml (100%)
 rename EKS/{Migrate-Backup-EKS-Applications => Backup-EKS-Applications-with-Trident-Protect}/trident-volume-storage-class.yaml (100%)

diff --git a/EKS/Migrate-Backup-EKS-Applications/README.md b/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
similarity index 91%
rename from EKS/Migrate-Backup-EKS-Applications/README.md
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
index f41bafd..8a132fa 100644
--- a/EKS/Migrate-Backup-EKS-Applications/README.md
+++ b/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
@@ -1,6 +1,6 @@
-# Migrate and Backup EKS Applications with Trident Protect
+# Backup EKS Applications with Trident Protect
 
-This is a sample for setting up your Kubernetes application to be backed up by Trident Protect with an option to migrate it from one storage class to another.
+This is a sample for setting up your Kubernetes application to be backed up by Trident Protect.
 
 ## Prerequisites:
 The following items should be already be deployed before install Trident Protect.
@@ -19,7 +19,7 @@ The following are the steps required before you can use Trident Protect to backu
 
 1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
 1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
-1. [Install the Kubnernettes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
+1. [Install the Kubernetes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
 1. [Create VolumeStoraeClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
 1. [Install Trident Protect](#5-install-trident-protect)
 1. [Create S3 Bucket](#6-create-private-s3-bucket-for-backup-data-and-metadata)
@@ -27,7 +27,7 @@ The following are the steps required before you can use Trident Protect to backu
 
 ### 1. Make sure Trident Backend is configured correctly 
 
-Run the follwing kubectl commands to check if TridentBackendConfig for ontap-san and ontap-nas exists and configured correctly. These commands should output the name of any matching TridentBackendConfigs:
+Run the following kubectl commands to confirm that the TridentBackendConfig for ontap-san and ontap-nas exist and are configured correctly. These commands should output the name of any matching TridentBackendConfigs:
 
 #### SAN Backend
 ```bash
@@ -42,16 +42,16 @@ kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ont
 If no matching TridentBackendConfig resources are found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
 
 ### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
-Run the follwing kubectl commands to check that a storageclass exist for both SAN and NAS type storage.
+Run the following kubectl commands to check that a storage class exist for both SAN and NAS type storage.
 
 #### SAN StorageClass
-Checks for StorageClasses in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
+Checks for storage classes in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
 ```
 
 #### NAS Driver
-Checks for StorageClasses in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
+Checks for storage classes in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
 ```
@@ -102,7 +102,7 @@ kubectl apply -f <VolumeSnapshotClass.yaml>
 ```
 
 ### 5. Install Trident Protect
-Execute the following commands to install Trident Protect. For more info please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+Execute the following commands to install Trident Protect. For more information please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
 
 ```markdown
 helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart
@@ -247,7 +247,7 @@ There are two ways to restore a backup:
 - [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
 
 ### Restore backup to the same namespace
-To restore your appilcation in the same namespace, create an `BackupInPlaceRestore` configuration file named `trident-restore-inplace.yaml` with the following contents:
+To restore your application in the same namespace, create an `BackupInPlaceRestore` configuration file named `trident-restore-inplace.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
@@ -326,7 +326,8 @@ kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME>
 ## Final Notes
 There are a lot of other features and options available with Trident Protect that are not covered here, for example:
 - Creating zero space snapshots of your application.
-- Restoring backups to a different storage class and therefore migrate the data from one storage class to another. You can refer to this [PV Migrate with Trident Protect](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS) for an example of how to do that.
+- Restoring backups to a different storage class and therefore migrate the data from one storage class to another.
+You can refer to this [PV Migrate with Trident Protect](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/PV-Migrate-with-Trident-Protect) for an example of how to do that.
 - Scheduling backups.
 - Replicating backups to another FSxN file system with SnapMirror.
 
diff --git a/EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/ebs-volume-storage-class.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/ebs-volume-storage-class.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/ebs-volume-storage-class.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-application.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-application.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-backup.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-backup.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-backup.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-backup.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-restore-diff-ns.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-diff-ns.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-restore-diff-ns.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-diff-ns.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-restore-inplace.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-restore-inplace.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-vault.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-vault.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-vault.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-vault.yaml
diff --git a/EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-volume-storage-class.yaml
similarity index 100%
rename from EKS/Migrate-Backup-EKS-Applications/trident-volume-storage-class.yaml
rename to EKS/Backup-EKS-Applications-with-Trident-Protect/trident-volume-storage-class.yaml
diff --git a/EKS/README.md b/EKS/README.md
index 27971f4..df3835c 100644
--- a/EKS/README.md
+++ b/EKS/README.md
@@ -3,7 +3,9 @@ This subfolder contains samples that can help you create solutions using AWS EKS
 
 | Tool | Description |
 | --- | --- |
+| [Backup EKS Applications with Trident Protect](/EKS/Backup-EKS-Applications-with-Trident-Protect) | This sample shows how to backup and restore PVCs in an EKS cluster using Trident Protect. |
 | [FSxN as PVC for EKS](/EKS/FSxN-as-PVC-for-EKS) | This sample shows how to create a sandbox environment that demonstrates how to use FSx for NetApp ONTAP as a persistent storage for an EKS cluster. |
+| [PV Migrate with Trident Protect](/EKS/PV-Migrate-with-Trident-Protect) | This sample shows how to backup and restore PVCs in an EKS cluster using Trident Protect. |
 
 ## Author Information
 

From ef65eea2ddb1520757527217aaa53d5b2520f30d Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:34:51 -0600
Subject: [PATCH 11/16] Initial Version.

---
 EKS/PV-Migrate-with-Trident-Protect/README.md | 312 ++++++++++++++++++
 .../ebs-volume-storage-class.yaml             |   6 +
 .../trident-application.yaml                  |   8 +
 .../trident-backup.yaml                       |   8 +
 .../trident-restore-diff-ns.yaml              |  14 +
 .../trident-vault.yaml                        |  20 ++
 .../trident-volume-storage-class.yaml         |   8 +
 7 files changed, 376 insertions(+)
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/README.md
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/ebs-volume-storage-class.yaml
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/trident-backup.yaml
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/trident-restore-diff-ns.yaml
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/trident-vault.yaml
 create mode 100644 EKS/PV-Migrate-with-Trident-Protect/trident-volume-storage-class.yaml

diff --git a/EKS/PV-Migrate-with-Trident-Protect/README.md b/EKS/PV-Migrate-with-Trident-Protect/README.md
new file mode 100644
index 0000000..aba3d25
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/README.md
@@ -0,0 +1,312 @@
+# Migrate Kubernates PVs with Trident Protect
+
+This is a sample for setting up your Kubernetes application to be migrated to a different storage class using Trident Protect.
+
+## Prerequisites:
+The following items should be already be deployed before install Trident Protect.
+- An AWS EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS)
+GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with
+Trident installed with its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
+- Trident installed. Please refer to this [Trident installation documentation](https://docs.netapp.com/us-en/trident/trident-get-started/kubernetes-deploy-helm.html) for the easiest way to do that.
+- Configure Trident Backend. Refer to the NetApp Trident documentation for guidance on creating [TridentBackendConfig resources](https://docs.netapp.com/us-en/trident/trident-use/backend-kubectl.html).
+- Install the Trident CSI drivers for SAN and NAS type storage. Refer to NetApp documentation for [installation instructions](https://docs.netapp.com/us-en/trident/trident-use/trident-fsx-storage-backend.html).
+- Configure a StorageClass Trident for SAN and/or NAS type storage. Refer to NetApp documentation for [instructions](https://docs.netapp.com/us-en/trident/trident-use/trident-fsx-storageclass-pvc.html).
+- kubectl installed - Refer to [this documentation](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) on how to install it.
+- helm installed - Refer to [this documentation](https://helm.sh/docs/intro/install/) on how to install it.
+
+## Preparation
+The following are the steps required before you can use Trident Protect to backup or migrate your EKS application.
+
+1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
+1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
+1. [Install the Kubernetes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
+1. [Create VolumeStoraeClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
+1. [Install Trident Protect](#5-install-trident-protect)
+1. [Create S3 Bucket](#6-create-private-s3-bucket-for-backup-data-and-metadata)
+1. [Create Kubernetes secret for S3 bucket](#7-create-a-kubernetes-secret-for-the-s3-bucket)
+
+### 1. Make sure Trident Backend is configured correctly 
+
+Run the following kubectl commands to confirm that the TridentBackendConfig for ontap-san and ontap-nas exist and are configured correctly. These commands should output the name of any matching TridentBackendConfigs:
+
+#### SAN Backend
+```bash
+kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
+```
+
+### NAS Backend
+```bash
+kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-nas")].metadata.name}'
+```
+
+If no matching TridentBackendConfig resources are found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+
+### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
+Run the following kubectl commands to check that a storage class exist for both SAN and NAS type storage.
+
+#### SAN StorageClass
+Checks for storage classes in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
+```bash
+kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
+```
+
+#### NAS Driver
+Checks for storage classes in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
+```bash
+kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
+```
+
+If one or both are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+
+### 3. Install the Kubernetes External Snapshotter
+Trident Protect depends on the Snapshotter CRDs and controller. Please run the following commands to install the Kubernetes External Snapshotter.
+For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
+
+```bash
+kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/client/config/crd | kubectl create -f -
+kubectl -n kube-system kustomize deploy/kubernetes/snapshot-controller | kubectl create -f - 
+kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/deploy/kubernetes/csi-snapshotter | kubectl create -f -
+```
+
+### 4. Create VolumeSnapshotClasses for your storage provider.
+Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already one defined:
+```
+kubectl get VolumeSnapshotClass
+```
+If you don't have one defined you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
+```
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: trident-csi-snapclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: csi.trident.netapp.io
+deletionPolicy: Delete
+```
+
+Here is an example of a yaml file that defines a VolumeSnapshotClass for EBS CSI driver:
+```
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: ebs-csi-snapclass
+driver: ebs.csi.aws.com
+deletionPolicy: Delete
+```
+
+After creating the yaml file with the VolumeSnapshotClass for your CSI driver, run the following command to create the VolumeSnapshotClass:
+
+```bash
+kubectl apply -f <VolumeSnapshotClass.yaml>
+```
+
+### 5. Install Trident Protect
+Execute the following commands to install Trident Protect. For more information please consult official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+
+```markdown
+helm repo add netapp-trident-protect https://netapp.github.io/trident-protect-helm-chart
+helm install trident-protect-crds netapp-trident-protect/trident-protect-crds --create-namespace --namespace trident-protect
+helm install trident-protect netapp-trident-protect/trident-protect --set autoSupport.enabled=false --set clusterName=trident-protect-cluster --namespace trident-protect
+```
+Note that the above commands should install the latest version. If you want to install a specific version add the --version option and provide the version you want to use. Please use version `100.2410.1` or later.
+
+### 6. Create Private S3 Bucket for Backup Data and Metadata
+
+If you don't already have an S3 bucket, you can create one with the following command:
+
+```markdown
+aws s3 mb s3://<bucket_name> --region <aws_region>
+```
+
+Replace:
+- `<bucket_name>` with the name you want to assign to the bucket. Note it must be a unique name.
+- `<aws_region>` the AWS region you want the bucket to reside.
+
+### 7. Create a Kubernetes secret for the S3 bucket
+If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket create. Then, create an access key.
+Once you have the Access Key Id and Secret Access Key, create a Kubernetes secret with the following command:
+
+```markdown
+kubectl create secret generic -n trident-protect s3 --from-literal=accessKeyID=<AccessKeyID> --from-literal=secretAccessKey=<secretAccessKey>
+```
+
+Replace:
+- `<AccessKeyID>` with the Access Key ID.
+- `<secretAccessKey>` with the Secret Access Key.
+
+## Configure Trident Protect to backup your application
+Preform these steps to configure Trident Protect to backup your application:
+- [Define Trident Vault](#define-a-trident-vault-to-store-the-backup)
+- [Create Trident Application](#create-a-trident-application)
+- [Run Backup](#run-backup-for-application)
+- [Check Backup Status](#check-backup-status)
+
+### Define a Trident Vault to store the backup
+
+First create a file name `trident-vault.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: AppVault
+metadata:
+  name: <APP VAULT NAME>
+  namespace: trident-protect
+spec:
+  providerType: AWS
+  providerConfig:
+    s3:
+      bucketName: <APP VAULT BUCKET NAME>
+      endpoint: <S3 ENDPOINT>
+  providerCredentials:
+    accessKeyID:
+      valueFromSecret:
+        key: accessKeyID
+        name: s3
+    secretAccessKey:
+      valueFromSecret:
+        key: secretAccessKey
+        name: s3
+```
+
+Replace:
+- `<APP VAULT NAME>` with the name you want assigned to the Trident Vault.
+- `<APP VAULT BUCKET NAME>` with the name of the bucket you created in step 6 above.
+- `<S3 ENDPOINT>` the hostname of the S3 endpoint. For example: `s3.us-west-2.amazonaws.com`.
+
+Now run the following command to create the Trident Vault:
+
+```markdown
+kubectl apply -f trident-vault.yaml
+```
+
+### Create a Trident Application
+You create a Trident application with the specification of your application in order to back it up. You do that by creating a file named `trident-application.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: Application
+metadata:
+  name: <APP NAME>
+  namespace: <APP NAMESPACE>
+spec:
+  includedNamespaces:
+    - namespace:  <APP NAMESPACE>
+```
+
+Replace:
+- `<APP NAME>` with the name you want to assign to the Trident Application
+- `<APP NAMESPACE>` with the namespace where the application that you want to backup resides.
+
+Run the following command to create the Trident Application:
+
+```markdown
+kubectl apply -f trident-application.yaml
+```
+
+### Run Backup for Application
+Before you can migrate the data to a new store class you must back up the data first. You do that by first creating a backup configuration file named `trident-backup.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: Backup
+metadata:
+  namespace: <APP NAMESPACE>
+  name: <APP BACKUP NAME>
+spec:
+  applicationRef: <APP NAME> 
+  appVaultRef: <APP VAULT NAME>
+```
+
+Replace:
+- `<APP NAMESPACE>` with the namespace where the application resides.
+- `<APP BACKUP NAME>` with the name you want assigned to the backup. This has to be different from any other backup ever run.
+- `<APP NAME>` with the name of the application defined in the step above.
+- `<APP VAULT NAME>` with the name of the Trident Vault created in the step above.
+
+Now run the following command to start the backup:
+
+```markdown
+kubectl apply -f trident-backup.yaml
+```
+
+### Check Backup Status
+To check the status of the backup run the following command:
+
+```markdown
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME>
+```
+
+- If status is `Completed` Backup completed successfully .
+- If status is `Running` run the command again in a few minutes to check status.
+- If status is `Failed` the error message will give you a clue as to what went wrong. If you need more information, try using `kubectl describe` instead of `kubectl get` to get more information.
+
+## Perform the migration
+To restore the backup to a storage class, you first need to create a restore configuration file named `trident-restore-diff-sc.yaml` with the following contents:
+
+```markdown
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupRestore
+metadata:
+  name: <APP RESTORE NAME>
+  namespace: <DESTINATION NAMESPACE>
+spec:
+  appArchivePath: <APP ARCHIVE PATH>
+  appVaultRef: <APP VAULT NAME>
+  namespaceMapping: 
+    - source: <SOURCE NAMESPACE>
+      destination: <DESTINATION NAMESPACE>
+  storageClassMapping:
+    - source: <SOURCE STORAGE CLASS>
+      destination: <DESTINATION STORAGE CLASS>
+```
+
+Replace:
+- `<APP RESTORE NAME>` with the name you want to assign the restore configuration.
+- `<DESTINATION NAMESPACE>` with the namespace where you want to restore the application.
+- `<APP VAULT NAME>` with the name of the Trident Vault used when creating the backup.
+- `<SOURCE NAMESPACE>` with the namespace where the application was backed up from.
+- `<DESTINATION NAMESPACE>` with the namespace where you want the application to be restored to.
+- `<SOURCE STORAGE CLASS>` with the storage class that the application was backed up from.
+- `<DESTINATION STORAGE CLASS>` with the storage class that you want the application to be restored to.
+- `<APP ARCHIVE PATH>` with the path to the backup archive. You can get this by running the following command:
+
+```markdown
+kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME> -o jsonpath='{.status.appArchivePath}'
+```
+
+Once the yaml file has been created, run the following command to start the restore:
+
+```markdown
+kubectl apply -f trident-restore-diff-ns.yaml
+```
+
+You can check the status of the restore by running the following command:
+
+```markdown
+kubectl get backuprestore -n <DESTINATION NAMESPACE> <APP RESTORE NAME>
+```
+
+## Final Notes
+There are a lot of other features and options available with Trident Protect that are not covered here, for example:
+- Creating zero space snapshots of your application.
+- Scheduling backups.
+- Replicating backups to another FSxN file system with SnapMirror.
+
+For more information please refer to the official [Trident Protect documentation](https://docs.netapp.com/us-en/trident/trident-protect/trident-protect-installation.html).
+
+## Author Information
+
+This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License").
+
+You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
+
+See the License for the specific language governing permissions and limitations under the License.
+
+© 2025 NetApp, Inc. All Rights Reserved.
diff --git a/EKS/PV-Migrate-with-Trident-Protect/ebs-volume-storage-class.yaml b/EKS/PV-Migrate-with-Trident-Protect/ebs-volume-storage-class.yaml
new file mode 100644
index 0000000..1ed2936
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/ebs-volume-storage-class.yaml
@@ -0,0 +1,6 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: ebs-csi-snapclass
+driver: ebs.csi.aws.com
+deletionPolicy: Delete
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
new file mode 100644
index 0000000..f0e506f
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
@@ -0,0 +1,8 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: Application
+metadata:
+  name: <APP NAME>
+  namespace: <APP NAMESPACE>
+spec:
+  includedNamespaces:
+    - namespace:  <APP NAMESPACE>
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-backup.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-backup.yaml
new file mode 100644
index 0000000..7375c0b
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-backup.yaml
@@ -0,0 +1,8 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: Backup
+metadata:
+  namespace: <APP NAMESPACE>
+  name: <APP BACKUP NAME>
+spec:
+  applicationRef: <APP NAME> 
+  appVaultRef: <APP VAULT NAME>
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-restore-diff-ns.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-restore-diff-ns.yaml
new file mode 100644
index 0000000..7e8b3c4
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-restore-diff-ns.yaml
@@ -0,0 +1,14 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: BackupRestore
+metadata:
+  name: <APP RESTORE NAME>
+  namespace: <DESTINATION NAMESPACE>
+spec:
+  appArchivePath: <APP ARCHIVE PATH>
+  appVaultRef: <APP VAULT NAME>
+  namespaceMapping: 
+    - source: <SOURCE NAMESPACE>
+      destination: <DESTINATION NAMESPACE>
+  storageClassMapping:
+    - source: <SOURCE SC>
+      destination: <DESTINATION SC>
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-vault.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-vault.yaml
new file mode 100644
index 0000000..4339050
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-vault.yaml
@@ -0,0 +1,20 @@
+apiVersion: protect.trident.netapp.io/v1
+kind: AppVault
+metadata:
+  name: <APP VAULT NAME>
+  namespace: trident-protect
+spec:
+  providerType: AWS
+  providerConfig:
+    s3:
+      bucketName: <APP VAULT BUCKET NAME>
+      endpoint: <S3 ENDPOINT>
+  providerCredentials:
+    accessKeyID:
+      valueFromSecret:
+        key: accessKeyID
+        name: s3
+    secretAccessKey:
+      valueFromSecret:
+        key: secretAccessKey
+        name: s3
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-volume-storage-class.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-volume-storage-class.yaml
new file mode 100644
index 0000000..72d3ca6
--- /dev/null
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-volume-storage-class.yaml
@@ -0,0 +1,8 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: trident-csi-snapclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: csi.trident.netapp.io
+deletionPolicy: Delete

From 0728e85cc145b7428391a0b47cd8bd5dfad37f05 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Mon, 27 Jan 2025 17:38:11 -0600
Subject: [PATCH 12/16] Initial Version.

---
 EKS/PV-Migrate-with-Trident-Protect/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/EKS/PV-Migrate-with-Trident-Protect/README.md b/EKS/PV-Migrate-with-Trident-Protect/README.md
index aba3d25..d6b5809 100644
--- a/EKS/PV-Migrate-with-Trident-Protect/README.md
+++ b/EKS/PV-Migrate-with-Trident-Protect/README.md
@@ -205,7 +205,7 @@ kubectl apply -f trident-application.yaml
 ```
 
 ### Run Backup for Application
-Before you can migrate the data to a new store class you must back up the data first. You do that by first creating a backup configuration file named `trident-backup.yaml` with the following contents:
+Before you can migrate the data to a different store class you must back up the data first. You do that by first creating a backup configuration file named `trident-backup.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
@@ -242,7 +242,7 @@ kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME>
 - If status is `Failed` the error message will give you a clue as to what went wrong. If you need more information, try using `kubectl describe` instead of `kubectl get` to get more information.
 
 ## Perform the migration
-To restore the backup to a storage class, you first need to create a restore configuration file named `trident-restore-diff-sc.yaml` with the following contents:
+To restore the backup to a different storage class, you first need to create a restore configuration file named `trident-restore-diff-sc.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1

From b36df34e49577fd65d9798ba814380c14b4e2ca6 Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Tue, 28 Jan 2025 15:51:27 -0600
Subject: [PATCH 13/16] Updated after review.

---
 .../README.md                                 | 41 ++++++++++--------
 EKS/PV-Migrate-with-Trident-Protect/README.md | 43 +++++++++++--------
 2 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md b/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
index 8a132fa..93e7bcc 100644
--- a/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
+++ b/EKS/Backup-EKS-Applications-with-Trident-Protect/README.md
@@ -3,7 +3,7 @@
 This is a sample for setting up your Kubernetes application to be backed up by Trident Protect.
 
 ## Prerequisites:
-The following items should be already be deployed before install Trident Protect.
+The following items should already be deployed before installing Trident Protect.
 - An AWS EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS)
 GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with
 Trident installed with its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
@@ -15,65 +15,70 @@ Trident installed with its backend and storage classes configured. If you follow
 - helm installed - Refer to [this documentation](https://helm.sh/docs/intro/install/) on how to install it.
 
 ## Preparation
-The following are the steps required before you can use Trident Protect to backup or migrate your EKS application.
+The following are the steps required before you can use Trident Protect to backup your EKS application.
 
 1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
 1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
 1. [Install the Kubernetes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
-1. [Create VolumeStoraeClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
+1. [Create VolumeStorageClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
 1. [Install Trident Protect](#5-install-trident-protect)
 1. [Create S3 Bucket](#6-create-private-s3-bucket-for-backup-data-and-metadata)
 1. [Create Kubernetes secret for S3 bucket](#7-create-a-kubernetes-secret-for-the-s3-bucket)
 
 ### 1. Make sure Trident Backend is configured correctly 
 
-Run the following kubectl commands to confirm that the TridentBackendConfig for ontap-san and ontap-nas exist and are configured correctly. These commands should output the name of any matching TridentBackendConfigs:
+Depending on whether you are using block (SAN), or NAS (NFS), or both, will dictate which TridentBackendConfig you need configured.
 
 #### SAN Backend
+Run the following command to confirm that the TridentBackendConfig for ontap-san exists and is configured correctly:
 ```bash
 kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
 ```
 
 ### NAS Backend
+Run the following command to confirm that the TridentBackendConfig for ontap-nas exists and is configured correctly:
 ```bash
 kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-nas")].metadata.name}'
 ```
 
-If no matching TridentBackendConfig resources are found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+If no matching TridentBackendConfig resources are found, you will need to create the ones you need. Refer to the prerequisites section above for more information on how to do that.
 
-### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
-Run the following kubectl commands to check that a storage class exist for both SAN and NAS type storage.
+### 2. Make Sure the required Trident Storage Classes are installed.
+Depending on whether you are using block (SAN), or NAS (NFS), or both, will dictate which Storage Classes you need to have configured.
 
 #### SAN StorageClass
-Checks for storage classes in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
+Run the following command to check that the storage class in Kubernetes that use 'ontap-san' as their backend type has been installed. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
 ```
 
 #### NAS Driver
-Checks for storage classes in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
+Run the following command to check that the storage class in Kubernetes that use 'ontap-nas' as their backend type has been installed. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
 ```
 
-If one or both are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+If one, or both, are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
 
 ### 3. Install the Kubernetes External Snapshotter
 Trident Protect depends on the Snapshotter CRDs and controller. Please run the following commands to install the Kubernetes External Snapshotter.
-For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
+For more information, please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
 
 ```bash
-kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/client/config/crd | kubectl create -f -
+git clone https://github.com/kubernetes-csi/external-snapshotter 
+cd external-snapshotter/ 
+kubectl kustomize client/config/crd | kubectl create -f - 
 kubectl -n kube-system kustomize deploy/kubernetes/snapshot-controller | kubectl create -f - 
-kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/deploy/kubernetes/csi-snapshotter | kubectl create -f -
+kubectl kustomize deploy/kubernetes/csi-snapshotter | kubectl create -f - 
+cd ..
 ```
 
 ### 4. Create VolumeSnapshotClasses for your storage provider.
-Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already one defined:
+Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already have one defined:
 ```
 kubectl get VolumeSnapshotClass
 ```
-If you don't have one defined you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
+If you don't have one defined, you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
 ```
 apiVersion: snapshot.storage.k8s.io/v1
 kind: VolumeSnapshotClass
@@ -124,7 +129,7 @@ Replace:
 - `<aws_region>` the AWS region you want the bucket to reside.
 
 ### 7. Create a Kubernetes secret for the S3 bucket
-If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket create. Then, create an access key.
+If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket created above. Then, create an access key.
 Once you have the Access Key Id and Secret Access Key, create a Kubernetes secret with the following command:
 
 ```markdown
@@ -237,7 +242,7 @@ To check the status of the backup run the following command:
 kubectl get backup -n <APP NAMESPACE> <APP BACKUP NAME>
 ```
 
-- If status is `Completed` Backup completed successfully .
+- If status is `Completed` Backup completed successfully.
 - If status is `Running` run the command again in a few minutes to check status.
 - If status is `Failed` the error message will give you a clue as to what went wrong. If you need more information, try using `kubectl describe` instead of `kubectl get` to get more information.
 
@@ -247,7 +252,7 @@ There are two ways to restore a backup:
 - [Restore backup to a different namespace](#restore-backup-to-a-different-namespace)
 
 ### Restore backup to the same namespace
-To restore your application in the same namespace, create an `BackupInPlaceRestore` configuration file named `trident-restore-inplace.yaml` with the following contents:
+To restore your application in the same namespace, create a `BackupInPlaceRestore` configuration file named `trident-restore-inplace.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1
diff --git a/EKS/PV-Migrate-with-Trident-Protect/README.md b/EKS/PV-Migrate-with-Trident-Protect/README.md
index d6b5809..4fb094b 100644
--- a/EKS/PV-Migrate-with-Trident-Protect/README.md
+++ b/EKS/PV-Migrate-with-Trident-Protect/README.md
@@ -1,9 +1,9 @@
-# Migrate Kubernates PVs with Trident Protect
+# Migrate Kubernetes PVs with Trident Protect
 
-This is a sample for setting up your Kubernetes application to be migrated to a different storage class using Trident Protect.
+This is a sample for setting up your Kubernetes application to be migrated from one storage class to another using Trident Protect.
 
 ## Prerequisites:
-The following items should be already be deployed before install Trident Protect.
+The following items should already be deployed before installing Trident Protect.
 - An AWS EKS cluster. If you don't already have one, refer to the [FSx for NetApp ONTAP as persistent storage](https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/EKS/FSxN-as-PVC-for-EKS)
 GitHub repo for an example of how to not only deploy an EKS cluster, but also deploy an FSx for ONTAP file system with
 Trident installed with its backend and storage classes configured. If you follow it, it will provide the rest of the prerequisites listed below.
@@ -20,60 +20,65 @@ The following are the steps required before you can use Trident Protect to backu
 1. [Configure Trident Backend](#1-make-sure-trident-backend-is-configured-correctly)
 1. [Configure Storage Classes for Trident storage types](#2-make-sure-trident-csi-drivers-for-nas-and-san-are-installed)
 1. [Install the Kubernetes external snapshotter](#3-install-the-kubernetes-external-snapshotter)
-1. [Create VolumeStoraeClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
+1. [Create VolumeStorageClass for Storage Provider](#4-create-volumestorageclasses-for-your-storage-provider)
 1. [Install Trident Protect](#5-install-trident-protect)
 1. [Create S3 Bucket](#6-create-private-s3-bucket-for-backup-data-and-metadata)
 1. [Create Kubernetes secret for S3 bucket](#7-create-a-kubernetes-secret-for-the-s3-bucket)
 
 ### 1. Make sure Trident Backend is configured correctly 
 
-Run the following kubectl commands to confirm that the TridentBackendConfig for ontap-san and ontap-nas exist and are configured correctly. These commands should output the name of any matching TridentBackendConfigs:
+Depending on whether you are using block (SAN), or NAS (NFS), or both, will dictate which TridentBackendConfig you need configured.
 
 #### SAN Backend
+Run the following command to confirm that the TridentBackendConfig for ontap-san exists and is configured correctly:
 ```bash
 kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-san")].metadata.name}'
 ```
 
 ### NAS Backend
+Run the following command to confirm that the TridentBackendConfig for ontap-nas exists and is configured correctly:
 ```bash
 kubectl get tbc -n trident -o jsonpath='{.items[?(@.spec.storageDriverName=="ontap-nas")].metadata.name}'
 ```
 
-If no matching TridentBackendConfig resources are found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+If no matching TridentBackendConfig resources are found, you will need to create the ones you need. Refer to the prerequisites section above for more information on how to do that.
 
-### 2. Make Sure Trident CSI Drivers for NAS and SAN are Installed
-Run the following kubectl commands to check that a storage class exist for both SAN and NAS type storage.
+### 2. Make Sure the required Trident Storage Classes are installed
+Depending on whether you are using block (SAN), or NAS (NFS), or both, will dictate which Storage Classes you need to have configured.
 
 #### SAN StorageClass
-Checks for storage classes in Kubernetes that use 'ontap-san' as their backend type. It outputs the name of any matching StorageClass:
+Run the following command to check that the storage class in Kubernetes that use 'ontap-san' as their backend type has been installed. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-san")].metadata.name}'
 ```
 
 #### NAS Driver
-Checks for storage classes in Kubernetes that use 'ontap-nas' as their backend type. It outputs the name of any matching StorageClass:
+Run the following command to check that the storage class in Kubernetes that use 'ontap-nas' as their backend type has been installed. It outputs the name of any matching StorageClass:
 ```bash
 kubectl get storageclass -o jsonpath='{.items[?(@.parameters.backendType=="ontap-nas")].metadata.name}'
 ```
 
-If one or both are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
+If one, or both, are not found, you will need to create them. Refer to the prerequisites section above for more information on how to do that.
 
 ### 3. Install the Kubernetes External Snapshotter
 Trident Protect depends on the Snapshotter CRDs and controller. Please run the following commands to install the Kubernetes External Snapshotter.
-For more information please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
+For more information, please consult the official [external-snapshotter documentation](https://github.com/kubernetes-csi/external-snapshotter).
 
 ```bash
-kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/client/config/crd | kubectl create -f -
-kubectl -n kube-system kustomize deploy/kubernetes/snapshot-controller | kubectl create -f - 
-kubectl kustomize https://github.com/kubernetes-csi/external-snapshotter/deploy/kubernetes/csi-snapshotter | kubectl create -f -
+git clone https://github.com/kubernetes-csi/external-snapshotter
+cd external-snapshotter/
+kubectl kustomize client/config/crd | kubectl create -f -
+kubectl -n kube-system kustomize deploy/kubernetes/snapshot-controller | kubectl create -f -
+kubectl kustomize deploy/kubernetes/csi-snapshotter | kubectl create -f -
+cd ..
 ```
 
 ### 4. Create VolumeSnapshotClasses for your storage provider.
-Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already one defined:
+Trident Protect requires a VolumeSnapshotClass to be created for the storage CSI driver you are using. You can use the following command to see if you already have one defined:
 ```
 kubectl get VolumeSnapshotClass
 ```
-If you don't have one defined you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
+If you don't have one defined, you'll need to create one. Here is an example of a yaml file that defines a VolumeSnapshotClass for Trident CSI driver:
 ```
 apiVersion: snapshot.storage.k8s.io/v1
 kind: VolumeSnapshotClass
@@ -124,7 +129,7 @@ Replace:
 - `<aws_region>` the AWS region you want the bucket to reside.
 
 ### 7. Create a Kubernetes secret for the S3 bucket
-If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket create. Then, create an access key.
+If required, create a service account within AWS IAM that has rights to read and write to the S3 bucket created above. Then, create an access key.
 Once you have the Access Key Id and Secret Access Key, create a Kubernetes secret with the following command:
 
 ```markdown
@@ -205,7 +210,7 @@ kubectl apply -f trident-application.yaml
 ```
 
 ### Run Backup for Application
-Before you can migrate the data to a different store class you must back up the data first. You do that by first creating a backup configuration file named `trident-backup.yaml` with the following contents:
+To perform an on-demand backup of the application, first create a backup configuration file named `trident-backup.yaml` with the following contents:
 
 ```markdown
 apiVersion: protect.trident.netapp.io/v1

From 8054e8e317b6961df8280f1ca969b75b9f1016af Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Tue, 28 Jan 2025 15:54:00 -0600
Subject: [PATCH 14/16] Move the contents of the scripts/iscsi.sh file as an
 HEREDOC to remove the depenecy of a separate file.

---
 EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf  | 15 ++++++++++++++-
 .../terraform/scripts/iscsi.sh                    | 12 ------------
 2 files changed, 14 insertions(+), 13 deletions(-)
 delete mode 100755 EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh

diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
index b762b60..e0fe79a 100644
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/eks-cluster.tf
@@ -133,6 +133,19 @@ data "cloudinit_config" "cloudinit" {
 
   part {
     content_type = "text/x-shellscript"
-    content      = file("scripts/iscsi.sh")
+    content      = <<EOT
+#!/bin/bash
+sudo yum install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath
+rpm -q iscsi-initiator-utils
+sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
+cat /etc/iscsi/initiatorname.iscsi
+sudo mpathconf --enable --with_multipathd y --find_multipaths n
+#
+# Blacklist any EBS volume since they don't support them!
+sed -i -e '/^blacklist {/,/^}/{/^}/i\    device {\n        vendor "NVME"\n        product "Amazon Elastic Block Store"\n    }\n' -e '}' /etc/multipath.conf
+sudo systemctl restart multipathd
+sudo systemctl enable --now iscsid multipathd
+sudo systemctl enable --now iscsi
+EOT
   }
 }
diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh b/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
deleted file mode 100755
index 69465b5..0000000
--- a/EKS/FSxN-as-PVC-for-EKS/terraform/scripts/iscsi.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-sudo yum install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath
-rpm -q iscsi-initiator-utils
-sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf
-cat /etc/iscsi/initiatorname.iscsi
-sudo mpathconf --enable --with_multipathd y --find_multipaths n
-#
-# Blacklist any EBS volume since they don't support them!
-sed -i -e '/^blacklist {/,/^}/{/^}/i\    device {\n        vendor "NVME"\n        product "Amazon Elastic Block Store"\n    }\n' -e '}' /etc/multipath.conf
-sudo systemctl restart multipathd
-sudo systemctl enable --now iscsid multipathd
-sudo systemctl enable --now iscsi

From 2b47b236e484d80ada72606c1050d5e2734b51eb Mon Sep 17 00:00:00 2001
From: Keith Cantrell <kcantrel@gmail.com>
Date: Tue, 28 Jan 2025 16:10:21 -0600
Subject: [PATCH 15/16] Removed an extra space to appease lint.

---
 .../trident-application.yaml                                    | 2 +-
 .../trident-restore-inplace.yaml                                | 2 +-
 EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml
index f0e506f..e7327be 100644
--- a/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml
+++ b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-application.yaml
@@ -5,4 +5,4 @@ metadata:
   namespace: <APP NAMESPACE>
 spec:
   includedNamespaces:
-    - namespace:  <APP NAMESPACE>
+    - namespace: <APP NAMESPACE>
diff --git a/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml
index b682891..f8beaf1 100644
--- a/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml
+++ b/EKS/Backup-EKS-Applications-with-Trident-Protect/trident-restore-inplace.yaml
@@ -1,7 +1,7 @@
 apiVersion: protect.trident.netapp.io/v1
 kind: BackupInplaceRestore
 metadata:
-  name:  <APP BACKUP RESTORE NAME>
+  name: <APP BACKUP RESTORE NAME>
   namespace: <APP NAMESPACE>
 spec:
   appArchivePath: <APP ARCHIVE PATH>
diff --git a/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml b/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
index f0e506f..e7327be 100644
--- a/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
+++ b/EKS/PV-Migrate-with-Trident-Protect/trident-application.yaml
@@ -5,4 +5,4 @@ metadata:
   namespace: <APP NAMESPACE>
 spec:
   includedNamespaces:
-    - namespace:  <APP NAMESPACE>
+    - namespace: <APP NAMESPACE>

From 267a26aa95083d7dc7134e199d7d02ada2badb80 Mon Sep 17 00:00:00 2001
From: kcantrel <kcantrel@gmail.com>
Date: Tue, 28 Jan 2025 18:30:37 -0600
Subject: [PATCH 16/16] Initial Version

---
 EKS/FSxN-as-PVC-for-EKS/terraform/terraform.tfvars.template | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 EKS/FSxN-as-PVC-for-EKS/terraform/terraform.tfvars.template

diff --git a/EKS/FSxN-as-PVC-for-EKS/terraform/terraform.tfvars.template b/EKS/FSxN-as-PVC-for-EKS/terraform/terraform.tfvars.template
new file mode 100644
index 0000000..ec1745e
--- /dev/null
+++ b/EKS/FSxN-as-PVC-for-EKS/terraform/terraform.tfvars.template
@@ -0,0 +1,5 @@
+aws_region="us-west-2"
+aws_secrets_region="us-west-2"
+fsx_name="eks-poc-fsx"
+key_pair_name="MUST REPLACE WITH YOUR KEY PAIR NAME"
+secure_ips=["0.0.0.0/0"]