Validation
Suggest changes
PDFs
To validate the multitenant architecture that was configured in the previous steps, complete the following steps:
Validate access to create PVCs or pods in assigned project
-
Log in as ocp-project-1-user, developer in project-1.
-
Check access to create a new project.
oc create ns sub-project-1 -
Create a PVC in project-1 using the storageclass that is assigned to project-1.
cat << EOF | oc create -f - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-pvc-project-1 namespace: project-1 annotations: trident.netapp.io/reclaimPolicy: Retain spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: project-1-sc EOF -
Check the PV associated with the PVC.
oc get pv -
Validate that the PV and its volume is created in an SVM dedicated to project-1 on NetApp ONTAP.
volume show -vserver project-1-svm -
Create a pod in project-1 and mount the PVC created in previous step.
cat << EOF | oc create -f - kind: Pod apiVersion: v1 metadata: name: test-pvc-pod namespace: project-1 spec: volumes: - name: test-pvc-project-1 persistentVolumeClaim: claimName: test-pvc-project-1 containers: - name: test-container image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: test-pvc-project-1 EOF -
Check if the pod is running and whether it mounted the volume.
oc describe pods test-pvc-pod -n project-1
Validate access to create PVCs or pods in another project or use resources dedicated to another project
-
Log in as ocp-project-1-user, developer in project-1.
-
Create a PVC in project-1 using the storageclass that is assigned to project-2.
cat << EOF | oc create -f - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-pvc-project-1-sc-2 namespace: project-1 annotations: trident.netapp.io/reclaimPolicy: Retain spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: project-2-sc EOF -
Create a PVC in project-2.
cat << EOF | oc create -f - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: test-pvc-project-2-sc-1 namespace: project-2 annotations: trident.netapp.io/reclaimPolicy: Retain spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: project-1-sc EOF -
Make sure that PVCs
test-pvc-project-1-sc-2andtest-pvc-project-2-sc-1were not created.oc get pvc -n project-1 oc get pvc -n project-2 -
Create a pod in project-2.
cat << EOF | oc create -f - kind: Pod apiVersion: v1 metadata: name: test-pvc-pod namespace: project-1 spec: containers: - name: test-container image: nginx ports: - containerPort: 80 name: "http-server" EOF
Validate access to view and edit Projects, ResourceQuotas, and StorageClasses
-
Log in as ocp-project-1-user, developer in project-1.
-
Check access to create new projects.
oc create ns sub-project-1 -
Validate access to view projects.
oc get ns -
Check if the user can view or edit ResourceQuotas in project-1.
oc get resourcequotas -n project-1 oc edit resourcequotas project-1-sc-rq -n project-1 -
Validate that the user has access to view the storageclasses.
oc get sc -
Check access to describe the storageclasses.
-
Validate the user’s access to edit the storageclasses.
oc edit sc project-1-sc