Validation

Contributors ac-ntap netapp-dorianh Download PDF of this page

To validate the multitenant architecture that was configured in the previous steps, complete the following steps:

Validate access to create PVCs/pods in assigned project

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Check access to create a new project.

    oc create ns sub-project-1
  3. Create a PVC in project-1 using the storageclass that is assigned to project-1.

    cat << EOF | oc create -f -
    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: test-pvc-project-1
      namespace: project-1
      annotations:
        trident.netapp.io/reclaimPolicy: Retain
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
      storageClassName: project-1-sc
    EOF
  4. Check the PV associated with the PVC.

    oc get pv
  5. Validate that the PV and its volume is created in an SVM dedicated to project-1 on NetApp ONTAP.

    volume show -vserver project-1-svm
  6. Create a pod in project-1 and mount the PVC created in previous step.

    cat << EOF | oc create -f -
    kind: Pod
    apiVersion: v1
    metadata:
      name: test-pvc-pod
      namespace: project-1
    spec:
      volumes:
        - name: test-pvc-project-1
          persistentVolumeClaim:
           claimName: test-pvc-project-1
      containers:
        - name: test-container
          image: nginx
          ports:
            - containerPort: 80
              name: "http-server"
          volumeMounts:
            - mountPath: "/usr/share/nginx/html"
              name: test-pvc-project-1
    EOF
  7. Check if the pod is running and whether it mounted the volume.

    oc describe pods test-pvc-pod -n project-1

Validate access to create PVCs/pods in another project or use resources dedicated to another project

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Create a PVC in project-1 using the storageclass that is assigned to project-2.

    cat << EOF | oc create -f -
    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: test-pvc-project-1-sc-2
      namespace: project-1
      annotations:
        trident.netapp.io/reclaimPolicy: Retain
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
      storageClassName: project-2-sc
    EOF
  3. Create a PVC in project-2.

    cat << EOF | oc create -f -
    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: test-pvc-project-2-sc-1
      namespace: project-2
      annotations:
        trident.netapp.io/reclaimPolicy: Retain
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
      storageClassName: project-1-sc
    EOF
  4. Make sure that PVCs test-pvc-project-1-sc-2 and test-pvc-project-2-sc-1 were not created.

    oc get pvc -n project-1
    oc get pvc -n project-2
  5. Create a pod in project-2.

    cat << EOF | oc create -f -
    kind: Pod
    apiVersion: v1
    metadata:
      name: test-pvc-pod
      namespace: project-1
    spec:
      containers:
        - name: test-container
          image: nginx
          ports:
            - containerPort: 80
              name: "http-server"
    EOF

Validate access to view/edit Projects, ResourceQuotas, and StorageClasses

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Check access to create new projects.

    oc create ns sub-project-1
  3. Validate access to view projects.

    oc get ns
  4. Check if the user can view or edit ResourceQuotas in project-1.

    oc get resourcequotas -n project-1
    oc edit resourcequotas project-1-sc-rq -n project-1
  5. Validate that the user has access to view the storageclasses.

    oc get sc
  6. Check access to describe the storageclasses.

  7. Validate the user’s access to edit the storageclasses.

    oc edit sc project-1-sc