What should I know about the ex280 exam practice questions & answers
Setup your Lab by clicking here
ex280 Exam Practice Question 18
As the cluster administrator with the username, “kubeadmin” and password, ” LumDI-t5jjd-ciyWk-wKsoe”.
Perform the following operations.
NOTE: you can login with (oc login -u kubeadmin -p LumDI-t5jjd-ciyWk-wKsoe https://api.crc.testing:6443)
– create two groups, frontend-group and backend-group
– create six users, tekneed3, tekneed4, tekneed5, tekneed6, tekneed7, and tekneed8 users. They must all have the password, “open”
[NOTE: Update the already existing HTpasswd authentication file in /tmp/htpassword to create the users. Also use/create a secret with the name, “htpassword-secret” from /tmp/htpassword file.]
-The users, tekneed5, and tekneed6 must belong to the frontend-group, and the users, tekneed7, and tekneed8 must belong the backend-group
-create a project, “open-compute” project
-grant the user, tekneed4, project administration privileges on the open-compute project
– give the group, frontend-group read privileges, and the group, backend-group write privileges for the open-compute project
-grant the user, tekneed3 a cluster admin user
Answer
1. Login to the cluster
[victor@sno ~]$ oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
Login successful.
You have access to 67 projects, the list has been suppressed. You can list all projects with 'oc projects'
Using project "default".
2. create the two groups.
[victor@sno ~]$ oc adm groups new frontend-group
group.user.openshift.io/frontend-group created
[victor@sno ~]$ oc adm groups new backend-group
group.user.openshift.io/backend-group created
3. Verify that the groups have been created
[victor@sno ~]$ oc get groups
NAME USERS
backend-group
frontend-group
4. create the users
*you can view the existing file already in /tmp/htpassword
[victor@sno ~]$ cat /tmp/htpassword
tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/
*create the users
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed3 open
Adding password for user tekneed3
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed4 open
Adding password for user tekneed4
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed5 open
Adding password for user tekneed5
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed6 open
Adding password for user tekneed6
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed7 open
Adding password for user tekneed7
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed8 open
Adding password for user tekneed8
5. Verify that the users have been created.
[victor@sno ~]$ cat /tmp/htpassword
tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/
tekneed3:$apr1$eMvkoUVJ$tkqWm3.4zkpJTtJQg.mR21
tekneed4:$apr1$y19G58eu$0oYA15lw3X8epAWRSQOPs0
tekneed5:$apr1$TbgBDP0a$.t2td3KP3KCLwx2OTM6Hb1
tekneed6:$apr1$bpkuO8Ka$6lRMiRoyPj0fMSShLNbjT0
tekneed7:$apr1$Yh29LNJ5$73E7P2U1KMjW6NIavlSwH1
tekneed8:$apr1$lUfhJL/n$n4tuArUkp7Smta7pkG6ut1
6. create a secrete for the /tmp/htpassword file
[victor@sno ~]$ oc create secret generic htpassword-secret --from-file htpasswd=/tmp/htpassword -n openshift-config
secret/htpassword-secret created
7. Update the oauth server (oauth resource yaml manifest configuration file)
*extract the existing oauth resource yaml manifest config file
victor@sno ~]$ oc get oauth cluster -o yaml > oauth.yaml
*Edit the file and include the information from the /tmp/htpassword living in the secret, htpassword-secret
[victor@sno ~]$ vi oauth.yaml
.......
- htpasswd:
fileData:
name: htpassword-secret
mappingMethod: claim
name: allusers
type: HTPasswd
..........

*update the oauth server/resource with the new information
[victor@sno ~]$ oc replace -f oauth.yaml
oauth.config.openshift.io/cluster replaced
8. Try loggingg in as one of the users created.
[victor@sno ~]$ oc login -u tekneed4 -p open
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
NB: You can watch the video on how we carried out some other tests.
9. You can also verify by using the “oc get” command.
NOTE: if you haven’t logged in with the user account for the first time, you may not see the users when you list them with the commands below.
[victor@sno ~]$ oc get users
NAME UID FULL NAME IDENTITIES
developer 24b0c61d-2e67-44f5-86cb-56896c5488fc developer:developer
kubeadmin 2eca97e7-277c-4aa4-a963-7ea45b3b4665 developer:kubeadmin
tekneed4 d148ad64-15e4-4e49-812a-b17b7fcb528a allusers:tekneed4
[victor@sno ~]$ oc get identity
NAME IDP NAME IDP USER NAME USER NAME USER UID
allusers:tekneed4 allusers tekneed4 tekneed4 d148ad64-15e4-4e49-812a-b17b7fcb528a
developer:developer developer developer developer 24b0c61d-2e67-44f5-86cb-56896c5488fc
developer:kubeadmin developer kubeadmin kubeadmin 2eca97e7-277c-4aa4-a963-7ea45b3b4665
10. Add the users, tekneed5 and tekneed6 to the front-end group
[victor@sno ~]$ oc adm groups add-users frontend-group tekneed5
group.user.openshift.io/frontend-group added: "tekneed5"
[victor@sno ~]$ oc adm groups add-users frontend-group tekneed6
group.user.openshift.io/frontend-group added: "tekneed6"
11. Add the users, tekneed7 and tekneed8 to the back-end group
[victor@sno ~]$ oc adm groups add-users backend-group tekneed7
group.user.openshift.io/backend-group added: "tekneed7"
[victor@sno ~]$ oc adm groups add-users backend-group tekneed8
group.user.openshift.io/backend-group added: "tekneed8"
12. Verify that the users have been added to the group
[victor@sno ~]$ oc get groups
NAME USERS
backend-group tekneed7, tekneed8
frontend-group tekneed5, tekneed6
13. create the project, open-compute
[victor@sno ~]$ oc new-project open-compute
Now using project "open-compute" on server "https://api.crc.testing:6443".
...................
14. grant the user, tekneed4 an admin privilege for the open-compute project
[victor@sno ~]$ oc policy add-role-to-user admin tekneed4
clusterrole.rbac.authorization.k8s.io/admin added: "tekneed4"
NOTE: You can also include the namespace at the end of the command. I did not include it because I am currently using the open-compute namespace.
15. grant the frontend-group read permission in the open-compute project
[victor@sno ~]$ oc policy add-role-to-group view frontend-group
clusterrole.rbac.authorization.k8s.io/view added: "frontend-group"
16. grant the backend-group write permission in the open-compute project
[victor@sno ~]$ oc policy add-role-to-group edit backend-group
clusterrole.rbac.authorization.k8s.io/edit added: "backend-group"
17. grant the user tekneed3, a cluster admin user privilege
[victor@sno ~]$ oc adm policy add-cluster-role-to-user cluster-admin tekneed3
Warning: User 'tekneed3' not found
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "tekneed3"
NB: you are getting the warning because we haven’t logged in to the cluster with user, tekneed3 for the first time
18. Review all the role bindings in the open-compute project.
[victor@sno ~]$ oc get rolebindings -o wide
NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS
admin ClusterRole/admin 5m31s kubeadmin
admin-0 ClusterRole/admin 4m11s tekneed4
edit ClusterRole/edit 105s back-end
system:deployers ClusterRole/system:deployer 5m31s open-compute/deployer
system:image-builders ClusterRole/system:image-builder 5m31s open-compute/builder
system:image-pullers ClusterRole/system:image-puller 5m31s system:serviceaccounts:open-compute
view ClusterRole/view 2m52s fron-end
view-0 ClusterRole/view 2m46s front-end
Solution Summary
# oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
# oc adm groups new frontend-group
# oc adm groups new backend-group
# oc get groups
# cat /tmp/htpassword
# htpasswd -b /tmp/htpassword tekneed3 open
# htpasswd -b /tmp/htpassword tekneed4 open
# htpasswd -b /tmp/htpassword tekneed5 open
# htpasswd -b /tmp/htpassword tekneed6 open
# htpasswd -b /tmp/htpassword tekneed7 open
# htpasswd -b /tmp/htpassword tekneed8 open
# cat /tmp/htpassword
# oc create secret generic htpassword-secret --from-file htpasswd=/tmp/htpassword -n openshift-config
# oc get oauth cluster -o yaml > oauth.yaml
# vi oauth.yaml
# oc replace -f oauth.yaml
# oc get pods -n openshift-authentication
# oc get users
# oc get identity
# oc adm groups add-users frontend-group tekneed5
# oc adm groups add-users frontend-group tekneed6
# oc adm groups add-users backend-group tekneed7
# oc adm groups add-users backend-group tekneed8
# oc get groups
# oc new-project open-compute
# oc policy add-role-to-user admin tekneed4
# oc policy add-role-to-group view frontend-group
# oc policy add-role-to-group edit backend-group
# oc adm policy add-cluster-role-to-user cluster-admin tekneed3
# oc get rolebindings -o wide
Click here to get other ex280 premium preparation questions and answers
Setup your Lab by clicking here
Watch Video on ex280 exam practice questions & answer 18
Your feedback is welcomed. If you love others, you will share with others
Is there any possibility to Get DO188 examp dump
Please send an email to info@tekneed.com
Thank you.
I passed my ex280 exam. Thank you for your support as always!