openshift_ex280_v4_10_20240629210102 Flashcards

Question

Como se pueden obtener los eventos de Warning

Answer 1

oc get events --fields-selector type=Warning

Answer 2

oc delete all -l app=hello-limit

Answer 3

oc set resources deployment hello-world-nginx --requests cpu=10m,memory=20Mi --limits cpu=80m,memory=100Mi

Answer 4

oc create deployment hello-limit --image quay.io/redhattraining/hello-world-nginx:v1.0 --dry-run=client -o yaml > ~/DO280/labs/schedule-limit/hello-limit.yaml

Answer 5

Se agrega spec: containers: - image: quay.io/redhattraining/hello-world-nginx:v1.0 name: hello-world-nginx resources: requests: cpu: "3" memory: 20Mi

Answer 6

oc apply -f hello-limit.yaml

Answer 7

oc scale --replicas 4 deployment/hello-limit

Answer 8

apiVersion: apps/v1 kind: Deployment ...output omitted... spec: replicas: 1 selector: matchLabels: deployment: scale strategy: {} template: metadata: labels: deployment: scale spec: containers: ...output omitted...

Answer 9

oc autoscale deployment/hello \ > --min 1 --max 10 --cpu-percent 80

Answer 10

oc describe pod/loadtest-5f9565dbfb-jm9md | \ > grep -A2 -E "Limits|Requests" Limits: cpu: 100m memory: 100Mi Requests: cpu: 25m memory: 25Mi

Answer 11

oc get hpa/loadtest NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS ... loadtest Deployment/loadtest 0%/50% 2 10 2 ...

Answer 12

Horizontal Pod Scaler

Answer 13

Openshift Software-defined networking

Answer 14

Manejar tráfico de red programática mente Manejar comunicación entre contenedores del mismo proyecto Manejar comunicación entre pods del mismo u otro proyecto Manejar comunicación se un pod a un servicio Manejar comunicación entre una red externa a servicio o de contenedores a redes externas

Answer 15

Container network interface

Answer 16

oc create -f todo.yaml

Answer 17

oc cp test.txt mypod:/tmp

Answer 18

oc rsh mysql-73-bdhfo1h-hhdj /bin/bash

Answer 19

oc expose service/frontend --hostname todo.apps.ocp4.example.com

Answer 20

oc get routes

Answer 21

oc logs PODNAME

Answer 22

oc get service/frontend -o jsonpath=“{.spec.clusterIP}{‘\n’}”

Answer 23

oc debug -t deployment/mysql --image registry.access.redhat.com/ubi8/ubi:8.0

Answer 24

curl -m 10 -v http://clusterIP:8080

Answer 25

oc get pods -o wide -l name=frontend debug pod -t deployment/ MySQL --image registry example

Answer 26

oc get svc

Answer 27

oc describe svc/frontend

Answer 28

oc describe deployment/frontend | grep Labels -A1

Answer 29

oc edit svc/frontend

Answer 30

oc edit svc/frontend

Answer 31

1. Crear deployments frontend/mysql y servicios 2. Obtener logs de pod de app 3. Obtener ip de mysql, debug a pod frontend, curl a mysql service 4. Obtener ip de frontend, debug a pod mysql, curl a frontend 5. Obtener ip interna de frontend, debug a pod mysql, curl a ipinterna y puerto interno. 6. Describir servicio de frontend para mostrar el selector, endpoints 7. Editar servicio frontend y cambiar selector por el correcto 8. Prueba de url de servicio frontend

Answer 32

kind: service apiVersion: v1 metadata: name: application-frontend labels: app: frontend-svc spec: ports: - name: HTTP protocol: TCP port: 443 targetPort: 8443 selector: app: shopping-cart name: frontend type:ClusterIP

Answer 33

oc describe DNS.operator/default

Answer 34

A para servicios SRV port

Answer 35

oc describe dns.operator/default Status: Cluster Domain: cluster.local Cluster IP: 172.30.0.10

Answer 36

oc rsh example-6c4984d949-7m26r \ > curl hello.test.svc.cluster.local:8080

Answer 37

_port-name._port-protocol.svc-name.namespace.svc.cluster-domain.cluster-domain. Ejemplo _443-tcp._tcp.https.frontend.svc.cluster.local.

Answer 38

Open Virtual Network para kubernetes

Answer 39

default network providers

Answer 40

oc get network/cluster -o yaml apiVersion: config.openshift.io/v1 kind: Network ...output omitted... spec: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 externalIP: policy: {} networkType: OpenshiftSDN serviceNetwork: - 172.30.0.0/16 ...output omitted...

Answer 41

Classless Inter-Domain Routing

Answer 42

oc expose service frontend --hostname todo.apps.ocp4.example.com oc get routes ------------------------------------------ ver logs oc logs frontend-57b8b445df-f56qh App is ready at : 8080 ------------------------------------------ Obtener IP de mysql oc get service/mysql -o jsonpath="{.spec.clusterIP}{'\n'}" Crear debug pod desde frontend app oc debug -t deployment/frontend Telnet hacia mysql curl -v telnet://172.30.103.29:3306 ------------------------------------------ Obtener ip de frontend service oc get service/frontend -o jsonpath="{.spec.clusterIP}{'\n'}" Crear pod debug de mysql oc debug -t deployment/mysql --image registry.access.redhat.com/ubi8/ubi:8.4 curl hacia aplicacion frontend curl -m 10 -v http://172.30.23.147:8080 * Rebuilt URL to: http://172.30.23.147:8080/ * Trying 172.30.23.147... * TCP_NODELAY set * Connection timed out after 10000 milliseconds * Closing connection 0 curl: (28) Connection timed out after 10000 milliseconds ------------------------------------------ Como obtener la ip privada de la app frontend para comprobar si el servicio esta abajo o es solo la red oc get pods -o wide -l name=frontend NAME READY STATUS RESTARTS AGE IP ... frontend-57b8b445df-f56qh 1/1 Running 0 39m 10.128.2.61 ... oc debug -t deployment/mysql --image registry.access.redhat.com/ubi8/ubi:8.4 curl -v http://10.128.2.61:8080/todo * Trying 10.128.2.61... * TCP_NODELAY set * Connected to 10.128.2.61 (10.128.2.61) port 8080 (#0) > GET /todo/ HTTP/1.1 > Host: 10.128.2.61:8080 > User-Agent: curl/7.61.1 > Accept: / >< HTTP/1.1 200 OK ...output omitted... Comprobar configuracion de frontsend service oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE frontend ClusterIP 172.30.23.147 8080/TCP 93m mysql ClusterIP 172.30.103.29 3306/TCP 93m [student@workstation network-sdn]$ oc describe svc/frontend Name: frontend Namespace: network-sdn Labels: app=todonodejs name=frontend Annotations: Selector: name=api Type: ClusterIP IP: 172.30.23.147 Port: 8080/TCP TargetPort: 8080/TCP Endpoints: Session Affinity: None Events: oc describe deployment/frontend | \ > grep -A1 Labels Labels: app=todonodejs name=frontend -- Labels: app=todonodejs name=frontend oc edit svc/frontend [student@workstation network-sdn]$ oc describe svc/frontend Name: frontend Namespace: network-sdn Labels: app=todonodejs name=frontend Annotations: Selector: name=frontend Type: ClusterIP IP: 172.30.169.113 Port: 8080/TCP TargetPort: 8080/TCP Endpoints: 10.128.2.61:8080 Session Affinity: None Events:

Answer 43

kind: Route apiVersion: route.openshift.io/v1 metadata: name: a-simple-route 1 labels: 2 app: API name: api-frontend spec: host: api.apps.acme.com 3 to: kind: Service name: api-frontend 4 port: 5 targetPort: 8443

Answer 44

oc create route edge \ > --service api-frontend --hostname api.apps.acme.com \ > --key api.key --cert api.crt

Answer 45

volumeMount: - name: tls-certs readOnly: true mountPath: /usr/local/etc/ssl/ssl - volumes: - name: tls_certs - secret: - secretName:

Answer 46

cluster-admin

Answer 47

Limitar acceso de pods corriendo ``` Pods privilegiados Solicitar capacidades extra de contenedores Usar directorios de host como volúmenes Cambiar selinux de contenedor Cambiar id de usuario ```

Answer 48

hostaccess hostmount-anyuid hostnetwork node-exporter anyuid nonroot provileged restricted

Answer 49

oc describe scc anyuid

Answer 50

oc describe pod console-5abcd -n project |grep scc openshift.io/scc: restricted

Answer 51

Oc get modules

Answer 52

oc get pod test -o yaml| oc adm policy scc-subject-review -f -

Answer 53

Security context constraints

Answer 54

oc adm policy add-scc-to-user SCC -z serviceAccount

Answer 55

oc get pod/test-app -o yaml| oc adm policy scc-subject-review -f - oc create serviceaccount sa-test oc adm policy add-scc-to-user anyuid -z sa-test oc set serviceaccount deployment/test-app sa-test

Answer 56

oc create secret generic test --from-literal key1=value1

Answer 57

oc new-app --name httpd -e bd=bd1 -e instance=inst1 httpd:2.2

Answer 58

oc create secret generic TEST --from-file id_rsa=/tmp/id_rsa --from-file id_rsa.pub=/tmp/id_rsa.pub

Answer 59

oc create secret tls TESTTLS --cert /tmp/certificate --key /tmp/key

Answer 60

oc create secret generic DEMO-SECRET --from-literal user=demo-user --from-literal root_password=zT1KTgk Se hace referencia al secreto desde el deployment config env: - name: MYROOTPASS valueFrom: secretKeyRef: name: demo-secret key: root_password

Answer 61

oc edit env: - name: MYSQL valueFrom: secretKeyRef: name: demo-secret key: root_password

Answer 62

oc set env deployment/demo --from secret/demo-secret —prefix MYSQL_

Answer 63

oc set env dc/mysql --prefix MYSQL_ --from test

Answer 64

``` oc set volume deployment/demo —add —type secret —secret-name demo-secret —mount-path /app-secrets ```

Answer 65

oc create configmap test —from-literal key1=value1

Answer 66

oc extract secret/test -n openshift-config --to /tmp --confirm oc set data secret/test-n openshift-config --from-file htpasswd=/tmp/htpasswd

Answer 67

Secreto se encripta el Config map no

Answer 68

oc set data secret/test -n openshift-config --from-file /tmp/htpasswd

Answer 69

oc expose service quotes —hostname quotes.apps.ocp4.example.com oc get routes Curl -v quotes.apps.ocp4.example.com

Answer 70

oc set env dc/MySQL --prefix MYSQL_ --from secret/name

Answer 71

oc create configmap NAME —from-file=/tmp/testconfig

Answer 72

oc get configmaps

Answer 73

User es identidad que interactúa con el API de openshift | Identity mantiene el registro de autenticaciones de usuario 1 a 1 connu

Answer 74

oc adm policy add-cluster-role-to-user remove-cluster-role-from-user who can

Answer 75

admin basic-user cluster-admin cluster-status edit self-provisioner view

Answer 76

Export role | Import role con otro usuario

Answer 77

admin puede manejar todos los proyectos y dar acceso basic-user read project cluster-admin súper user access to cluster resources full control to projects cluster-status get cluster status edit manejar aplicaciones pero no manejar recursos self-provisioner crear proyectos - cluster role/not a project role view can view project resources but can’t modify

Answer 78

oc adm policy remove-cluster-role-from-user ROLE USER

Answer 79

oc adm policy who-can delete user

Answer 80

oc adm policy whocan get pods

Answer 81

oc policy add-role-to-user basic-user test -n basic-project

Answer 82

oc policy remove-role-from-user role user

Answer 83

oc get clusterrolebinding -o wide

Answer 84

oc describe clusterrolebinding self-provisioners oc adm policy remove-cluster-from-group self-provisioner system:authentication:oauth Ejecutar de nuevo para validar que ya no esté

Answer 85

oc policy add-role-to-user admin leader

Answer 86

oc adm groups new-group dev-group developer oc adm groups new-group Aquino-group oc get groups

Answer 87

oc policy groups add-role-to-group edit groupNAME

Answer 88

oc get role bindings -o wide

Answer 89

oc new-app —name httpd httpd:2.4

Answer 90

oc policy add-role-to-group edit qa-engenieer

Answer 91

oc scale deployment httpd —replicas=3

Answer 92

oc adm policy add-cluster-role-to-group self-provider “system:authenticated:oauth”

Answer 93

oc policy remove-cluster-role-from-group self-provisioner “system:authenticated:oauth” oc policy add-cluster-role-to-group self-provisioner managers

Answer 94

oc adm groups add-users GROUP USER

Answer 95

oc policy add-role-to-group edit developers

Answer 96

oc adm policy add-cluster-role-to-user cluster-role test

Answer 97

oc adm policy remove-cluster-role-from-user cluster-role test

Answer 98

oc adm policy who-can delete user

Answer 99

oc adm policy add-cluster-role-to-group \ > --rolebinding-name self-provisioners \ > self-provisioner system:authenticated:oauth Warning: Group 'system:authenticated:oauth' not found clusterrole.rbac.authorization.k8s.io/self-provisioner added: "system:authenticated:oauth"

Answer 100

oc get storageclass

Answer 101

``` oc set volumes deployment/APP —add —name storage-name —type pvc —claim-class nfs-storage —claim-mode rwo —claim-size 10Gi —mount-path /var/log —claim-name storage-name ```

Answer 102

pvc NAME status volume capacity access modes storageclass age ``` pv NAME capacity access modes reclaimpolicy status claim storageclass reason age ```

Answer 103

oc delete all -l app=MYAPP

Answer 104

oc delete pvc NAME

Answer 105

oc get nodes

Answer 106

oc adm top nodes

Answer 107

oc adm top nodes NAME CPu CPU% Memory memory%

Answer 108

oc describe node NAME

Answer 109

oc describe clusterversion

Answer 110

oc get clusteroperators

Answer 111

oc get clusteroperators

Answer 112

oc adm node-logs -u USER NAME

Answer 113

Se usa el usuario crio oc adm node-logs -u crio NAME

Answer 114

oc adm node-logs NAME

Answer 115

oc debug NODE

Answer 116

oc debug deployment/myapp —as-root

Answer 117

oc get pod —loglevel 10

Answer 118

oc whoami -t

Answer 119

oc get pod -n openshift-image-registry

Answer 120

oc get events oc get nodes ``` oc debug NODE —as-root chroot /home systemctl status cri-o systemctl status kubelet crictl ps —name openvswitch ``` exit oc project NAME oc get pods oc get events oc debug node/PODNAME oc status oc get deployments skopeo inspect docker://url/tag:999 ``` oc edit deployment/NAME Go to image Corregir nombre y guardar oc get pods oc status ```

Answer 121

``` Red Hat OpenShift Container Platform Red Hat OpenShift Dedicated Red Hat OpenShift Online Red Hat OpenShift Kubernetes Engine Red Hat Code Ready Containers ```

Answer 122

Container Self Service Service catalog Build automation. Deployment automation Application lifecycle (CI/CD) Container orchestation y cluster management Networking storage registry logs/metrics Security Container runtime and packaging Linux Physical virtual prívate public

Answer 123

oc get csr

Answer 124

oc get clusteroperators

Answer 125

Redhat enterprise Linux CoreOS

Answer 126

kubernetes

Answer 127

CoreOS Motor CRI-O Kubernetes Consola web de autoservicio Una cantidad de servicios de aplicaciones preinstalados Imágenes de contenedores certificadas para tiempos de ejecución, bases de datos y otros paquetes de varios lenguajes

Answer 128

``` kube-apiserver Kube-controller-manager kube-scheduller etcd kubelet cri-o ```

Answer 129

openshift-apiserver Openshift-controller-manager coredns Openshift oauth 0 auth

Answer 130

kubelet | cri-o

Answer 131

Replication controller

Answer 132

management y control of our cluster

Answer 133

Proxy API requests

Answer 134

Redhat openshift container platform Enterprise ready kubernetes you decide when it updates Redhat openshift dedicated Cuando openshift está proveído por otro producto Redhat openshift online pequeños proyectos para un onboard Andrés de ir a un cluster en. Clud Redhat openshift kubernetes engine Redhat code ready container Para instalar en laptop limitado

Answer 135

Database in a service of a cointainer

Answer 136

1. Bootstrap machine boots start the remote resources required for booting the control plane machines 2. The control plane fetch the remote resources from the bootstrap machine and finish booting 3. The control machines form an Etcd cluster 4. The boostrap machine stars a temporary kubernetes control using the newly created etcd cluster 5. The temporary control plane schedules the control plane machines 6. The temporary control plane shutdown yields to the control plane 7. boostrap node injects components specific to openshift into the control plane. 8. -the installation tears down the bootstrap machine

Answer 137

Defining custom storage clases for dynamic storage provisioning Changing the custom resource Adding new operadorators to cluster Defining new machine sets

Answer 138

oc get nodes

Answer 139

htpasswd -c -B -b /FILE.txt user pass

Answer 140

oc create secret generic NAME —from-file htpasswd=/FILE.txt -n NameProject

Answer 141

oc adm policy add-cluster-role-to-user ROLE USER

Answer 142

oc get oauth cluster -o yaml>oauth.yaml

Answer 143

apiVersion: config.openshift.io/v1 kind: OAuth metadata: name: cluster spec: identityProviders: - name: my_htpasswd_provider mappingMethod: claim type: HTPasswd htpasswd: fileData: name: htpasswd-secret

Answer 144

cluster-admin

Answer 145

oc get oauth cluster -o yaml > oauth.yaml se edita el archivo oc replace -f /PATH/oauth.yaml Se obtienen los pods Se intenta firmar con el nuevo usuario

Answer 146

oc get users

Answer 147

oc extract secret/localusers -n openshift-config --to /tmp/htpasswd --confirm MANAGER_PASSWD=$(openssl rand -hex 15) htpassd -b /tmp/htpasswd manager manager $MANAGER_PASSWD oc set data secret/localusers --from-file htpasswd=/tmp/htpasswd -n openshift-config

Answer 148

oc get users

Answer 149

oc get users oc get identity

Answer 150

oc extract secret/manager -n openshift-config —to /tmp/htpasswd —confirm htpasswd -b /tmp/htpasswd admin redhat oc set data secret/manager —from-file htpasswd=/tmp/htpasswd oc get pods -n openshift-authentication

Answer 151

oc set data secret/manager --from-file htpasswd=/tmp/htpasswd -n openshift-config

Answer 152

oc extract secret/localusers -n openshift-config --to /tmp/htpasswd --confirm MANAGER_PASSWD=$(openssl rand -hex 15) htpasswd -b /tmp/htpasswd manager ${MANAGER_PASSWD} oc set data secret/localusers —from-file htpasswd=/tmp/htpasswd -n openshift-config

Answer 153

eliminar password oc extract secret/localusers --to /tmp/htpasswd --confirm htpasswd -D /tmp/htpasswd manager oc set data secret/localusers --from-file /tmp/htpasswd --confirm -n openshift-config Eliminar identidad oc delete identity my users:manager Eliminar usuario oc delete user manager

Answer 154

oc delete project test

Answer 155

oc edit oauth Eliminar todo de ``` spec: identityProvider: - htpasswd: fileData: name: localusers mappingMethod: claim name: myusers type: HTPasswd ``` Por spec: {}

Answer 156

oc delete secret NAME -n openshift-config

Answer 157

oc delete user --all

Answer 158

oc delete identity --all

Answer 159

export KUBECONFIG=/home/user/auth/kubeconfig

Answer 160

oc --kubeconfig /home/user/auth/kubeconfig get nodes

Answer 161

Eliminando las credenciales del usuario oc delete secret kubeadmin -n kube-system

Answer 162

cluster-admin

Answer 163

system:anonymous virtual user and the system:unauthenticated virtual group

Answer 164

htpasswd -D /tmp/htpasswd student

Answer 165

oc create secret generic htpasswd-secret \ > --from-file htpasswd=/tmp/htpasswd -n openshift-config

Answer 166

oc extract secret/htpasswd-secret -n openshift-config \ > --to /tmp/ --confirm /tmp/htpasswd

Answer 167

oc set data secret/htpasswd-secret \ > --from-file htpasswd=/tmp/htpasswd -n openshift-config

Answer 168

watch oc get pods -n openshift-authentication

Answer 169

oc delete user manager

Answer 170

oc get identities | grep manager oc delete identity my_htpasswd_provider:manager

Answer 171

oc adm policy add-cluster-role-to-user cluster-admin student

Answer 172

MD5 hashing algorithm

Answer 173

oc extract secret/localusers -n openshift-config --to -

Answer 174

oc login -u admin -p pass URL

Answer 175

oc get clusterversion | oc describe clusterversion

Answer 176

oc get nodes

Answer 177

oc logs POD

Answer 178

oc debug -t node —as-root

Answer 179

oc debug -t node --as-root chroot /host systemctl status kubelet

Answer 180

oc debug -t node--as-root chroot /host systemctl status cri-o crictl ps —name etcd

Answer 181

oc edit deployment/NAME

Answer 182

oc get clusteroperators

Answer 183

oc adm node-logs -u kubeadmin NODE

Answer 184

oc get nodes | oc adm top node -l NAME

Answer 185

oc create project NAME

Answer 186

oc project NAME

Answer 187

oc get pods

Answer 188

oc get events

Answer 189

oc get events

Answer 190

oc logs pod -c container

Answer 191

oc logs pod --previous

Answer 192

oc get clusteroperators

Answer 193

oc cluster-info

Answer 194

oc api-versions

Answer 195

oc api-resources

Answer 196

--namespaced=true --sort-by=name --api-group=apps

Answer 197

oc get clusterversion

Answer 198

oc get resource NAME

Answer 199

oc adm top node

Answer 200

oc describe node NAME

Answer 201

oc projects oc get pods -n project-name oc logs podname -n project-name oc describe pod -n project-name

Answer 202

oc get storageclass

Answer 203

oc set volumes deployment/example-application --add --name example-pv-storage --type pvc --claim-class nfs-storage --claim-mode rwo --claim-size 15Gi --mount-path /var/lib/example-app --claim-name example-pv-claim

Answer 204

ReadWriteMany RWX Kubernetes can mount the volume as read-write on many nodes. ReadOnlyMany ROX Kubernetes can mount the volume as read-only on many nodes. ReadWriteOnce RWO Kubernetes can mount the volume as read-write on only a single node

Answer 205

oc delete pvc/example-pvc-storage

Answer 206

oc new-app --name postgresql-persistent \ > --image registry.redhat.io/rhel8/postgresql-13:1-7 \ > -e POSTGRESQL_USER=redhat \ > -e POSTGRESQL_PASSWORD=redhat123 \ > -e POSTGRESQL_DATABASE=persistentdb

Answer 207

oc set volumes \ deployment/postgresql-persistent2 \ --add --name postgresql-storage --type pvc \ --claim-name postgresql-storage --mount-path /var/lib/pgsql

Answer 208

oc delete pvc/postgresql-storage

Answer 209

oc patch clusterversion version --type="merge" \ > --patch '{"spec":{"channel":"fast-4.10"}}' clusterversion.config.openshift.io/version patched

Answer 210

Over The Air

Answer 211

Candidate Fast Stable EUS

Answer 212

oc get clusterversion

Answer 213

oc get clusterversion -o jsonpath='{.items[0].spec.channel}{"\n"}' stable-4.10

Answer 214

oc adm upgrade

Answer 215

oc adm upgrade --to-latest=true

Answer 216

oc adm upgrade --to=VERSION

Answer 217

oc patch configmap admin-acks -n openshift-config \ --type=merge \ --patch '{"data":{"ack-4.8-kube-1.22-api-removals-in-4.9":"true"}}'

Answer 218

[user@host ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.3 True True 30m Working towards 4.10.4 ... [user@host ~]$ oc get clusteroperators NAME VERSION AVAILABLE PROGRESSING DEGRADED authentication 4.10.3 True False False cloud-credential 4.10.4 False True False openshift-apiserver 4.10.4 True False True ...output omitted...

Answer 219

Cluster Version Operator

Answer 220

oc describe clusterversion

Answer 221

The Administration → Cluster Settings page displays an Update Status of Available updates when a new update is available. From this page, click Update now

Answer 222

oc whoami --show-console https://console-openshift-console.apps.cluster.example.com

Answer 223

Home → Search resource types and a label selector field

Answer 224

Home → Search resource types and a label selector field pod

Answer 225

User Management → Users web UI, locate the secret in the openshift-config project and then click Actions → Edit Secret. The Edit Key/Value Secret tool handles the base64 encoding for you. Add a line to allow a new user to log in to OpenShift The User Management → Groups page displays existing groups, and provides the ability to create new groups.

Answer 226

Navigate to the Home → Projects page to display the full list of projects. Then click Create Project and complete the form to create a new project. After you have created your new project, you can navigate to the Role Bindings tab on the project details page. Red Hat recommends that administrators responsible for multitenant clusters configure resource quotas and limit ranges, which enforce total project limits and container limits, respectively. Navigate to either Administration → Resource Quotas or Administration → Limit Ranges to access the appropriate YAML editor, where you can configure these limits.