infra-docs-fpo/modules/sysadmin_guide/pages/sop_communishift_create_sharedvolume.adoc

= Create SharedVolume

== Resources
- [1] AWS EFS Operator: https://github.com/openshift/aws-efs-operator
- [2] AWS EFS Operator Installation/Configuration: https://access.redhat.com/articles/5025181

=== Creating the SharedVolume
The `communishift` ansible role will create the AWS EFS filesystem and accesspoint, and then creates a Secret called `communishift-project-name-efs-credentials` in the tenants project. The structure of the secret is as follows:

----
data:
  efs_filesystem_id: "fsap-xxxxxxxx"
  efs_accesspoint_id: "fs-xxxxxxxxxx"
----

The values are base64 encoded, to retrieve the values do the following:

----
oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_accesspoint_id']}" | base64 -d
oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_filesystem_id']}" | base64 -d
----

Next create a yaml file and populate the values for the `accessPointID` and the `fileSystemID`.

----
apiVersion: aws-efs.managed.openshift.io/v1alpha1
kind: SharedVolume
metadata:
  name: PROJECTNAME-sharedvolume
  namespace: PROJECTNAME
spec:
  accessPointID: fsap-xxxxx
  fileSystemID: fs-xxxxx
----

Then create the `SharedVolume` object:

----
oc apply -f project-name-sharedvolume.yml
----

Once created, the AWS EFS Operator should automatically create a PersistentVolume, then a PersistentVolumeClaim in the project namespace. Tenants can then mount this volume as normal.

The following Pod defintion maybe used to verify the storage is working correctly.

----
apiVersion: v1
kind: Pod
metadata:
  name: volume-test
  namespace: communishift-dev-test
spec:
  securityContext:
    runAsUser: 1001
    runAsGroup: 1001
    fsGroup: 1001
    fsGroupChangePolicy: "OnRootMismatch"
  serviceAccount: volume-test
  volumes:
    - name: test-volume
      persistentVolumeClaim:
        claimName: pvc-communishift-dev-test-sharedvolume
  containers:
    - image: quay.io/operator-framework/ansible-operator:v1.23.0
      command:
        - /bin/sh
        - "-c"
        - "sleep 60m"
      imagePullPolicy: IfNotPresent
      name: alpine
      volumeMounts:
        - name: test-volume
          mountPath: /tmp/volume_test
      restartPolicy: Always
      resources:
        requests:
          memory: "2Gi"
----
communishift: SOPs for modifying tenant ResourceQuota communishift: SOPs for creating SharedVolume Signed-off-by: David Kirwan dkirwan@redhat.com Signed-off-by: Lenka Segura lsegura@redhat.com Signed-off-by: Patrik Polakovic ppolakov@redhat.com 2022-09-22 11:28:33 +01:00			`= Create SharedVolume`

			`== Resources`
			`- [1] AWS EFS Operator: https://github.com/openshift/aws-efs-operator`
			`- [2] AWS EFS Operator Installation/Configuration: https://access.redhat.com/articles/5025181`

			`=== Creating the SharedVolume`
communishift: SOPs typo Signed-off-by: David Kirwan dkirwan@redhat.com Signed-off-by: Lenka Segura lsegura@redhat.com Signed-off-by: Patrik Polakovic ppolakov@redhat.com 2022-09-22 14:39:21 +01:00			The `communishift` ansible role will create the AWS EFS filesystem and accesspoint, and then creates a Secret called `communishift-project-name-efs-credentials` in the tenants project. The structure of the secret is as follows:
communishift: SOPs for modifying tenant ResourceQuota communishift: SOPs for creating SharedVolume Signed-off-by: David Kirwan dkirwan@redhat.com Signed-off-by: Lenka Segura lsegura@redhat.com Signed-off-by: Patrik Polakovic ppolakov@redhat.com 2022-09-22 11:28:33 +01:00
			`----`
			`data:`
			`efs_filesystem_id: "fsap-xxxxxxxx"`
			`efs_accesspoint_id: "fs-xxxxxxxxxx"`
			`----`

			`The values are base64 encoded, to retrieve the values do the following:`

			`----`
			`oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_accesspoint_id']}" \| base64 -d`
			`oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_filesystem_id']}" \| base64 -d`
			`----`

			Next create a yaml file and populate the values for the `accessPointID` and the `fileSystemID`.

			`----`
			`apiVersion: aws-efs.managed.openshift.io/v1alpha1`
			`kind: SharedVolume`
			`metadata:`
			`name: PROJECTNAME-sharedvolume`
			`namespace: PROJECTNAME`
			`spec:`
			`accessPointID: fsap-xxxxx`
			`fileSystemID: fs-xxxxx`
			`----`

			Then create the `SharedVolume` object:

			`----`
			`oc apply -f project-name-sharedvolume.yml`
			`----`

			`Once created, the AWS EFS Operator should automatically create a PersistentVolume, then a PersistentVolumeClaim in the project namespace. Tenants can then mount this volume as normal.`

			`The following Pod defintion maybe used to verify the storage is working correctly.`

			`----`
			`apiVersion: v1`
			`kind: Pod`
			`metadata:`
			`name: volume-test`
			`namespace: communishift-dev-test`
			`spec:`
			`securityContext:`
			`runAsUser: 1001`
			`runAsGroup: 1001`
			`fsGroup: 1001`
			`fsGroupChangePolicy: "OnRootMismatch"`
			`serviceAccount: volume-test`
			`volumes:`
			`- name: test-volume`
			`persistentVolumeClaim:`
			`claimName: pvc-communishift-dev-test-sharedvolume`
			`containers:`
			`- image: quay.io/operator-framework/ansible-operator:v1.23.0`
			`command:`
			`- /bin/sh`
			`- "-c"`
			`- "sleep 60m"`
			`imagePullPolicy: IfNotPresent`
			`name: alpine`
			`volumeMounts:`
			`- name: test-volume`
			`mountPath: /tmp/volume_test`
			`restartPolicy: Always`
			`resources:`
			`requests:`
			`memory: "2Gi"`
			`----`