13. Practice Exam II

Question 1

1. Prep

Answer 1

crc start -p ~/pull-secret
eval $(crc oc-env)
oc login -u kubeadmin https://api.crc.testing:6443
oc projects

Question 2

2. chapter 10.3 task 1 setting up authentication

Answer 2

sudo yum install httpd-tools
htpasswd -c -b -B htpasswd admin password
htpasswd -b -B htpasswd anna password
htpasswd -b -B htpasswd anouk password
htpasswd -b -B htpasswd developer password
htpasswd -b -B htpasswd lisa password
htpasswd -b -B htpasswd linda password

oc create secret generic htpass-users –from-file htpasswd=/Users/ol65ia/ex280/htpasswd -n openshift-config
oc adm policy add-cluster-role-to-user cluster-admin admin
oc get oauth cluster -o yaml > oauth.yml
vi oauth.yml

spec:
identityProviders:
- htpasswd:
fileData:
name: htpass-users
type: HTPasswd

oc replace -f oauth.yml

oc login -u admin -p password

oc adm groups new admins
oc adm groups new developers
oc adm groups new viewers
oc adm groups add-users admins admin
oc adm groups add-users admins anna
oc adm groups add-users developers developer
oc adm groups add-users developers linda
oc adm groups add-users viewers lisa

Question 3

3. chapter 10.4 task 2 setup authorization

Answer 3

oc adm policy add cluster-role-to-group cluster-admin admins
oc adm policy add-cluster-role-to-group cluster-admin admins
oc adm policy add-role-to-group edit developers
oc adm policy add-role-to-group view developers
oc adm policy add-role-to-group view viewers
oc new-project test-namespace
oc adm policy add-role-to-user view anouk -n test-namespace
oc adm policy add-role-to-user edit anouk -n test-namespace

Question 4

4. task 3 create a project template

Answer 4

oc adm create-bootstrap-project-template -o yaml > template.yaml
vi template.yaml
oc create -f template.yaml -n openshift-config
oc get templates -n openshift-config
oc describe templates -n openshift-config
oc edit project.config.openshift.io/cluster
oc get pods -n openshift-apiserver

—> content of template.yaml

apiVersion: template.openshift.io/v1
kind: Template
metadata:
creationTimestamp: null
name: project-request
objects:
- apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: ${PROJECT_DESCRIPTION}
openshift.io/display-name: ${PROJECT_DISPLAYNAME}
openshift.io/requester: ${PROJECT_REQUESTING_USER}
creationTimestamp: null
name: ${PROJECT_NAME}
spec: {}
status: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: admin
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

Question 5

5. chapter 10.6 task 4 create a project

Answer 5

oc login -u developer https://api.crc.testing:6443
oc new-project local-project
oc describe project local-project

Question 6

6. chapter 10.7 task 5 run a TLS secured application (need work on answer)

Answer 6

Create Secure route

oc project
oc new-project my-project
oc new-app –docker-image=sandervanvugt/openshift:latest –name secure-app

Create OpenSSL certs
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr
openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256

Create secret with keys/certs
oc create secret tls linginx-certs –key tls.key –cert tls.crt
oc get secrets linginx-certs -o yaml

Setting mount points
oc set volumes deploy nginx –add –type configmap –configmap-name nginx-conf –mount-path /etc/nginx/conf.d
oc set volumes deploy nginx –add –type secret –secret-name nginx-certs –mount-path /etc/nginx/ssl

oc create route edge linginx1 –service linginx1 –key certs/tls.key –cert certs/tls.crt –ca-cert certs/myCA.pem
oc create route passthrough linginx –service linginx2 –port 8443

Question 7

7. chapter 10.7 task 7 configure autoscaling

Answer 7

Create a project
oc new-project bitnami-autoscaling

Create a deployment
oc create deployment bitnginx –image=bitnami/nginx –replicas=3

Configure autoscaling
oc autoscale deployment bitnginx –min=1 –max=5 –cpu-percent 70

Question 8

8. chapter 10.10 task 8 configure mySQL

Answer 8

Login as developer
oc login -u developer https://api.crc.testing:6443

Create new project
oc new-project microservices

Create secret
oc create secret generic mysql –from-literal=password=mypassword

Create MySQL App
oc new-app –name mysql –image=mysql

Set variable from secret
oc set env deployment mysql –prefix MYSQL_ROOT_ –from secret/mysql

Set volume mount point
oc set volumes deployment mysql –name mysql-pvc –add –type pvc –claim-size 1Gi –claim-mode rwo –mount-path /mnt

Set label
oc login -u admin -p password
oc label nodes crc-x4qnm-master-0 role=master

Edit deployment
oc edit deployment

Make sure to add
#
# … after dnspolicy
#
# nodeSelector:
# role: master
#

Verify is everything is running
oc get pods

Question 9

9. chapter 10.11 task 9 create wordpress microservice

Answer 9

Access microservices project
oc project microservices

Create new app
oc new-app –name=wordpress –image=wordpress

Create service account
oc create sa wordpress-sa

Change to admin
oc login -u admin -p password

Add policy to sa acccount
oc adm policy add-scc-to-user anyuid -z wordpress-sa

Back to developer
oc login -u developer https://api.crc.testing:6443

Set service account for deployment of wordpress
oc set serviceaccount deployment wordpress wordpress-sa

Expose wordpress service
oc expose svc wordpress

Create ConfigMap with variables
oc create cm wordpress-cm –from-literal=host=mysql –from-literal=name=wordpress –from-literal=user=root –from-literal=password=password

Set variables to deployment
oc set env deployment wordpress –prefix WORDPRESS_DB_ –from configmap/wordpress-cm

Question 10

10. postgresql, mysql, wordpress

Answer 10

MYSQL

POSTGRESQL
oc new-app –name postgresql-persistent –image registry.redhat.io/rhel8/postgresql-13:1-7
oc set env deployment postgresql-persistent -e POSTGRESQL_USER=redhat -e POSTGRESQL_PASSWORD=redhat123 -e POSTGRESQL_DATABASE=persistentdb
oc set volumes deployment/postgresql-persistent –add –type pvc –name postgresql-storage –claim-sie 10Gi –claim-class nfs-storage –claim-mode rwo –mount-path /var/lib/pgsql –claim-name postgresql-storage

oc create secret generic mysql –from-literal=password=mypassword
oc new-app –name mysql registry.access.redhat.com/rhscl/mysql-57-rhel7
oc set env deployment mysql –prefix MYSQL_ROOT_ –from secret/mysql
oc set volumes deployment/mysql –name mysql-pvc –add –type pvc –claim-size 1Gi –claim-mode rwo –mount-path /var/lib/mysql

oc new-app –name=wordpress –image=bitnami/wordpress
oc create cm wordpress-cm –from-literal=host=mysql –from-literal=name=wordpress –from-literal=user=root –from-literal=password=password
oc set env deploy wordpress –prefix WORDPRESS_DATABASE_ –from configmap/wordpress-cm
oc expose svc/wordpress
oc get routes

oc get templates mysql-persistent -n openshift -o yaml
oc process –parameters mariadb-persistent -n openshift
oc new-app –template=mariadb-persistent -p MYSQL_USER=bob -p MYSQL_PASSWORD=secret -p MYSQL_DATABASE=books