ocp4 sops moved into sysadmin_guide

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
2024-07-22 10:37:01 +01:00 · 2024-07-22 10:37:01 +01:00 · c0d6947dba
commit c0d6947dba
parent 1d17fd8610
35 changed files with 1 additions and 1 deletions
--- a/modules/sysadmin_guide/pages/sop_communishift_create_sharedvolume.adoc
+++ b/modules/sysadmin_guide/pages/sop_communishift_create_sharedvolume.adoc
@ -0,0 +1,78 @@
+= Create SharedVolume
+
+== Resources
+- [1] AWS EFS Operator: https://github.com/openshift/aws-efs-operator
+- [2] AWS EFS Operator Installation/Configuration: https://access.redhat.com/articles/5025181
+
+=== Creating the SharedVolume
+The `communishift` ansible role will create the AWS EFS filesystem and accesspoint, and then creates a Secret called `communishift-project-name-efs-credentials` in the tenants project. The structure of the secret is as follows:
+
+----
+data:
+  efs_filesystem_id: "fsap-xxxxxxxx"
+  efs_accesspoint_id: "fs-xxxxxxxxxx"
+----
+
+The values are base64 encoded, to retrieve the values do the following:
+
+----
+oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_accesspoint_id']}" | base64 -d
+oc get secret communishift-project-name-efs-credentials -o jsonpath="{.data['efs_filesystem_id']}" | base64 -d
+----
+
+Next create a yaml file and populate the values for the `accessPointID` and the `fileSystemID`.
+
+----
+apiVersion: aws-efs.managed.openshift.io/v1alpha1
+kind: SharedVolume
+metadata:
+  name: PROJECTNAME-sharedvolume
+  namespace: PROJECTNAME
+spec:
+  accessPointID: fsap-xxxxx
+  fileSystemID: fs-xxxxx
+----
+
+Then create the `SharedVolume` object:
+
+----
+oc apply -f project-name-sharedvolume.yml
+----
+
+Once created, the AWS EFS Operator should automatically create a PersistentVolume, then a PersistentVolumeClaim in the project namespace. Tenants can then mount this volume as normal.
+
+The following Pod defintion maybe used to verify the storage is working correctly.
+
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: volume-test
+  namespace: communishift-dev-test
+spec:
+  securityContext:
+    runAsUser: 1001
+    runAsGroup: 1001
+    fsGroup: 1001
+    fsGroupChangePolicy: "OnRootMismatch"
+  serviceAccount: volume-test
+  volumes:
+    - name: test-volume
+      persistentVolumeClaim:
+        claimName: pvc-communishift-dev-test-sharedvolume
+  containers:
+    - image: quay.io/operator-framework/ansible-operator:v1.23.0
+      command:
+        - /bin/sh
+        - "-c"
+        - "sleep 60m"
+      imagePullPolicy: IfNotPresent
+      name: alpine
+      volumeMounts:
+        - name: test-volume
+          mountPath: /tmp/volume_test
+      restartPolicy: Always
+      resources:
+        requests:
+          memory: "2Gi"
+----