Skip to main content
NetApp Solutions

Validation

Contributors kevin-hoke ac-ntap banum-netapp
PDFs

To validate the multitenant architecture that was configured in the previous steps, complete the following steps:

Validate access to create PVCs or pods in assigned project

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Check access to create a new project.

    oc create ns sub-project-1
    Console
    Copy

  3. Create a PVC in project-1 using the storageclass that is assigned to project-1.

    cat << EOF | oc create -f -
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-pvc-project-1
  namespace: project-1
  annotations:
    trident.netapp.io/reclaimPolicy: Retain
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: project-1-sc
EOF
    Console
    Copy

  4. Check the PV associated with the PVC.

    oc get pv
    Console
    Copy

  5. Validate that the PV and its volume is created in an SVM dedicated to project-1 on NetApp ONTAP.

    volume show -vserver project-1-svm
    Console
    Copy

  6. Create a pod in project-1 and mount the PVC created in previous step.

    cat << EOF | oc create -f -
kind: Pod
apiVersion: v1
metadata:
  name: test-pvc-pod
  namespace: project-1
spec:
  volumes:
    - name: test-pvc-project-1
      persistentVolumeClaim:
       claimName: test-pvc-project-1
  containers:
    - name: test-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: test-pvc-project-1
EOF
    Console
    Copy

  7. Check if the pod is running and whether it mounted the volume.

    oc describe pods test-pvc-pod -n project-1
    Console
    Copy

Validate access to create PVCs or pods in another project or use resources dedicated to another project

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Create a PVC in project-1 using the storageclass that is assigned to project-2.

    cat << EOF | oc create -f -
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-pvc-project-1-sc-2
  namespace: project-1
  annotations:
    trident.netapp.io/reclaimPolicy: Retain
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: project-2-sc
EOF
    Console
    Copy

  3. Create a PVC in project-2.

    cat << EOF | oc create -f -
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: test-pvc-project-2-sc-1
  namespace: project-2
  annotations:
    trident.netapp.io/reclaimPolicy: Retain
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: project-1-sc
EOF
    Console
    Copy

  4. Make sure that PVCs test-pvc-project-1-sc-2 and test-pvc-project-2-sc-1 were not created.

    oc get pvc -n project-1
oc get pvc -n project-2
    Console
    Copy

  5. Create a pod in project-2.

    cat << EOF | oc create -f -
kind: Pod
apiVersion: v1
metadata:
  name: test-pvc-pod
  namespace: project-1
spec:
  containers:
    - name: test-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
EOF
    Console
    Copy

Validate access to view and edit Projects, ResourceQuotas, and StorageClasses

  1. Log in as ocp-project-1-user, developer in project-1.

  2. Check access to create new projects.

    oc create ns sub-project-1
    Console
    Copy

  3. Validate access to view projects.

    oc get ns
    Console
    Copy

  4. Check if the user can view or edit ResourceQuotas in project-1.

    oc get resourcequotas -n project-1
oc edit resourcequotas project-1-sc-rq -n project-1
    Console
    Copy

  5. Validate that the user has access to view the storageclasses.

    oc get sc
    Console
    Copy

  6. Check access to describe the storageclasses.

  7. Validate the user’s access to edit the storageclasses.

    oc edit sc project-1-sc
    Console
    Copy