Ex280 Exam Practice Questions & Answers

January 11, 2023 Victor EX280 Exam Practice Questions 19

Tweet
Share
Pin
Share

What should I know about the ex280 exam practice questions & answers

Click here to get other ex280 premium exam practice questions and answers

If you need some other practice questions that are not listed here, feel free to send an email to info@tekneed.com, and we will let you know if we have them or not.

Setup a Lab by clicking here

ex280 Exam Practice Question 18

As the cluster administrator with the username, “kubeadmin” and password, ” LumDI-t5jjd-ciyWk-wKsoe”.
Perform the following operations.

NOTE: you can login with (oc login -u kubeadmin -p LumDI-t5jjd-ciyWk-wKsoe https://api.crc.testing:6443)

– create two groups, frontend-group and backend-group

– create six users, tekneed3, tekneed4, tekneed5, tekneed6, tekneed7, and tekneed8 users. They must all have the password, “open”
[NOTE: Update the already existing HTpasswd authentication file in /tmp/htpassword to create the users. Also use/create a secret with the name, “htpassword-secret” from /tmp/htpassword file.]

-The users, tekneed5, and tekneed6 must belong to the frontend-group, and the users, tekneed7, and tekneed8 must belong the backend-group

-create a project, “open-compute” project

-grant the user, tekneed4, project administration privileges on the open-compute project

– give the group, frontend-group read privileges, and the group, backend-group write privileges for the open-compute project

-grant the user, tekneed3 a cluster admin user

Answer

1. Login to the cluster

[victor@sno ~]$ oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
Login successful.

You have access to 67 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

2. create the two groups.

[victor@sno ~]$ oc adm groups new frontend-group

group.user.openshift.io/frontend-group created


[victor@sno ~]$ oc adm groups new backend-group

group.user.openshift.io/backend-group created

3. Verify that the groups have been created

[victor@sno ~]$ oc get groups

NAME             USERS
backend-group
frontend-group

4. create the users

*you can view the existing file already in /tmp/htpassword

[victor@sno ~]$ cat /tmp/htpassword
tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/

*create the users

[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed3 open
Adding password for user tekneed3
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed4 open
Adding password for user tekneed4
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed5 open
Adding password for user tekneed5
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed6 open
Adding password for user tekneed6
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed7 open
Adding password for user tekneed7
[victor@sno ~]$ htpasswd -b /tmp/htpassword tekneed8 open
Adding password for user tekneed8

5. Verify that the users have been created.

[victor@sno ~]$ cat /tmp/htpassword

tekneed1:$apr1$9av9vl1X$PQqzv/AqEswZQoJqR86e2/
tekneed2:$apr1$dqwzrtyz$fEKau5yHQjyX.7klD9hao/
tekneed3:$apr1$eMvkoUVJ$tkqWm3.4zkpJTtJQg.mR21
tekneed4:$apr1$y19G58eu$0oYA15lw3X8epAWRSQOPs0
tekneed5:$apr1$TbgBDP0a$.t2td3KP3KCLwx2OTM6Hb1
tekneed6:$apr1$bpkuO8Ka$6lRMiRoyPj0fMSShLNbjT0
tekneed7:$apr1$Yh29LNJ5$73E7P2U1KMjW6NIavlSwH1
tekneed8:$apr1$lUfhJL/n$n4tuArUkp7Smta7pkG6ut1

6. create a secrete for the /tmp/htpassword file

[victor@sno ~]$ oc create secret generic htpassword-secret --from-file  htpasswd=/tmp/htpassword -n openshift-config

secret/htpassword-secret created

7. Update the oauth server (oauth resource yaml manifest configuration file)

*extract the existing oauth resource yaml manifest config file

victor@sno ~]$ oc get oauth cluster -o yaml > oauth.yaml

*Edit the file and include the information from the /tmp/htpassword living in the secret, htpassword-secret

[victor@sno ~]$ vi oauth.yaml

.......
 - htpasswd:
      fileData:
        name: htpassword-secret
    mappingMethod: claim
    name: allusers
    type: HTPasswd
..........
ex280 exam practice questions

*update the oauth server/resource with the new information

[victor@sno ~]$ oc replace -f oauth.yaml
oauth.config.openshift.io/cluster replaced

8. Try loggingg in as one of the users created.

[victor@sno ~]$ oc login -u tekneed4 -p open

Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

NB: You can watch the video on how we carried out some other tests.

9. You can also verify by using the “oc get” command.

NOTE: if you haven’t logged in with the user account for the first time, you may not see the users when you list them with the commands below.

[victor@sno ~]$ oc get users

NAME        UID                                    FULL NAME   IDENTITIES
developer   24b0c61d-2e67-44f5-86cb-56896c5488fc               developer:developer
kubeadmin   2eca97e7-277c-4aa4-a963-7ea45b3b4665               developer:kubeadmin
tekneed4    d148ad64-15e4-4e49-812a-b17b7fcb528a               allusers:tekneed4

[victor@sno ~]$ oc get identity

NAME                  IDP NAME    IDP USER NAME   USER NAME   USER UID
allusers:tekneed4     allusers    tekneed4        tekneed4    d148ad64-15e4-4e49-812a-b17b7fcb528a
developer:developer   developer   developer       developer   24b0c61d-2e67-44f5-86cb-56896c5488fc
developer:kubeadmin   developer   kubeadmin       kubeadmin   2eca97e7-277c-4aa4-a963-7ea45b3b4665

10. Add the users, tekneed5 and tekneed6 to the front-end group

[victor@sno ~]$ oc adm groups add-users frontend-group tekneed5

group.user.openshift.io/frontend-group added: "tekneed5"


[victor@sno ~]$ oc adm groups add-users frontend-group tekneed6

group.user.openshift.io/frontend-group added: "tekneed6"

11. Add the users, tekneed7 and tekneed8 to the back-end group

[victor@sno ~]$ oc adm groups add-users backend-group tekneed7

group.user.openshift.io/backend-group added: "tekneed7"


[victor@sno ~]$ oc adm groups add-users backend-group tekneed8

group.user.openshift.io/backend-group added: "tekneed8"

12. Verify that the users have been added to the group

[victor@sno ~]$ oc get groups

NAME             USERS
backend-group    tekneed7, tekneed8
frontend-group   tekneed5, tekneed6

13. create the project, open-compute

[victor@sno ~]$ oc new-project open-compute

Now using project "open-compute" on server "https://api.crc.testing:6443".

...................

14. grant the user, tekneed4 an admin privilege for the open-compute project

[victor@sno ~]$ oc policy add-role-to-user admin tekneed4

clusterrole.rbac.authorization.k8s.io/admin added: "tekneed4"

NOTE: You can also include the namespace at the end of the command. I did not include it because I am currently using the open-compute namespace.

15. grant the frontend-group read permission in the open-compute project

[victor@sno ~]$ oc policy add-role-to-group view frontend-group

clusterrole.rbac.authorization.k8s.io/view added: "frontend-group"

16. grant the backend-group write permission in the open-compute project

[victor@sno ~]$ oc policy add-role-to-group edit backend-group

clusterrole.rbac.authorization.k8s.io/edit added: "backend-group"

17. grant the user tekneed3, a cluster admin user privilege

[victor@sno ~]$ oc adm policy add-cluster-role-to-user cluster-admin tekneed3

Warning: User 'tekneed3' not found
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "tekneed3"

NB: you are getting the warning because we haven’t logged in to the cluster with user, tekneed3 for the first time

18. Review all the role bindings in the open-compute project.

[victor@sno ~]$ oc get rolebindings -o wide

NAME                    ROLE                               AGE     USERS       GROUPS                                SERVICEACCOUNTS
admin                   ClusterRole/admin                  5m31s   kubeadmin                
admin-0                 ClusterRole/admin                  4m11s   tekneed4                 
edit                    ClusterRole/edit                   105s                back-end     
system:deployers        ClusterRole/system:deployer        5m31s                                                     open-compute/deployer
system:image-builders   ClusterRole/system:image-builder   5m31s                                                     open-compute/builder
system:image-pullers    ClusterRole/system:image-puller    5m31s               system:serviceaccounts:open-compute
view                    ClusterRole/view                   2m52s               fron-end     
view-0                  ClusterRole/view                   2m46s               front-end

Solution Summary

# oc login -u kubeadmin -p i4obN-b3jWo-hj82d-rZHLb
# oc adm groups new frontend-group
# oc adm groups new backend-group
# oc get groups 
# cat /tmp/htpassword
# htpasswd -b /tmp/htpassword tekneed3 open
# htpasswd -b /tmp/htpassword tekneed4 open
# htpasswd -b /tmp/htpassword tekneed5 open
# htpasswd -b /tmp/htpassword tekneed6 open
# htpasswd -b /tmp/htpassword tekneed7 open
# htpasswd -b /tmp/htpassword tekneed8 open
# cat /tmp/htpassword
# oc create secret generic htpassword-secret --from-file  htpasswd=/tmp/htpassword -n openshift-config
# oc get oauth cluster -o yaml > oauth.yaml 
# vi oauth.yaml
# oc replace -f oauth.yaml
# oc get pods -n openshift-authentication
# oc get users
# oc get identity
# oc adm groups add-users frontend-group tekneed5
# oc adm groups add-users frontend-group tekneed6
# oc adm groups add-users backend-group tekneed7
# oc adm groups add-users backend-group tekneed8
# oc get groups
# oc new-project open-compute
# oc policy add-role-to-user admin tekneed4
# oc policy add-role-to-group view frontend-group
# oc policy add-role-to-group edit backend-group
# oc adm policy add-cluster-role-to-user cluster-admin tekneed3
# oc get rolebindings -o wide

Click here to get other ex280 premium exam practice questions and answers

Setup your Lab by clicking here

Watch Video on ex280 exam practice questions & answer 18

Your feedback is welcomed. If you love others, you will share with others

Tweet
Share
Pin
Share

19 Comments

Leave a Reply

Your email address will not be published.


*