Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ex280 > Controlling access to OpenShift resources > Flashcards

Controlling access to OpenShift resources Flashcards

1
Q

Log in to your OpenShift cluster as the admin user and remove the ability to create projects cluster wide.

A
  1. Log in to the cluster as the admin user.
    $ oc login -u admin -p redhat \
    > https://api.ocp4.example.com:6443
  2. Remove the self-provisioner cluster role from the system:authenticated:oauth virtual group.
    $ oc adm policy remove-cluster-role-from-group \
    > self-provisioner system:authenticated:oauth
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Create a group named wp-mgrs for the WordPress managers and grant project creation privileges to it. Add the leader user to the group and create the authorization-review project as the leader user.

A
  1. Create a group named wp-mgrs.
    $ oc adm groups new wp-mgrs
  2. Grant cluster creation privileges to the wp-mgrs group.
    $ oc adm policy add-cluster-role-to-group \
    > self-provisioner wp-mgrs
  3. Add the leader user to the wp-mgrs group.
    $ oc adm groups add-users wp-mgrs leader
  4. As the leader user, create the authorization-review project.
    $ oc login -u leader -p redhat
    oc new-project authorization-review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Create a group named wp-devs and grant edit privileges on the authorization-review project. Add the developer user to the group.

A
  1. Log in to the cluster as the admin user.
    $ oc login -u admin -p redhat
  2. Create a group named wp-devs.
    $ oc adm groups new wp-devs
  3. Add the developer user to wp-devs.
    $ oc adm groups add-users wp-devs developer
  4. Grant edit privileges to the wp-devs group on the authorization-review project.
    $ oc policy add-role-to-group edit wp-devs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Create a group named wp-qa and grant view privileges on the authorization-review project. Add the qa user to the group.

A 
1.  Create a group named wp-qa. 
$ oc adm groups new wp-qa
2.  Add the qa user to wp-qa. 
$ oc adm groups add-users wp-qa qa
3.  Grant view privileges to the wp-qa group on the authorization-review project. 
$ oc policy add-role-to-group view wp-qa
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Allow the wordpress application to run as root: create a service account named wordpress-sa and grant the anyuid SCC to it.

A
  1. Create a service account named wordpress-sa.
    $ oc create sa wordpress-sa
  2. Grant anyuid SCC to the wordpress-sa service account.
    $ oc adm policy add-scc-to-user anyuid -z wordpress-sa
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

As the developer user, create a secret named review-secret, which you will use with the MySQL database and WordPress applications.

The secret should include three key-value pairs: user=wpuser, password=redhat123, and database=wordpress.

A
  1. Log in as the developer user.
    $ oc login -u developer -p developer
  2. Create a secret named review-secret.
    $ oc create secret generic review-secret \
    > –from-literal user=wpuser –from-literal password=redhat123 \
    > –from-literal database=wordpress
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Deploy a MySQL database application named mysql using the image located at registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7-47. After it was deployed, modify the deployment to use the review-secret secret, as environment variables with the MYSQL_ prefix.

A
  1. Create a new application to deploy a mysql database server.
    $ oc new-app –name mysql \
    > –docker-image registry.access.redhat.com/rhscl/mysql-57-rhel7:5.7-47
  2. Use the review-secret secret to initialize the environment variables on the mysql deployment.
    $ oc set env deployment/mysql –prefix MYSQL_ \
    > –from secret/review-secret
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Deploy a WordPress application named wordpress using the container image located at docker.io/library/wordpress:5.3.0. Add the WORDPRESS_DB_HOST=mysql and WORDPRESS_DB_NAME=wordpress environmental variables when creating the application. Once deployed, modify the wordpress deployment to use the review-secret secret as environment variables with the WORDPRESS_DB_ prefix. The application needs these additional variables to connect to the database. Because the wordpress application needs extra privileges, assign the wordpress-sa service account to it.

A
  1. Deploy a wordpress application.
    $ oc new-app –name wordpress \
    > –docker-image docker.io/library/wordpress:5.3.0 \
    > -e WORDPRESS_DB_HOST=mysql \
    > -e WORDPRESS_DB_NAME=wordpress
  2. Set the wordpress-sa service account to the wordpress deployment.
    $ oc set serviceaccount deployment/wordpress \
    > wordpress-sa
  3. Use the review-secret secret to initialize the environment variables on the wordpress deployment.
    $ oc set env deployment/wordpress \
    > –prefix WORDPRESS_DB_ –from secret/review-secret
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

As the qa user, verify the mysql database and wordpress application status and try to make a change to the wordpress deployment.

A
  1. Log in as the qa user.
    $ oc login -u qa -p redhat
  2. Verify the wordpress application status.
    $ oc status
  3. Try to delete the wordpress application to verify that the qa user does not have edit privileges in the project.
    $ oc delete all -l app=wordpress
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ex280 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions