최신 EX380 무료덤프 - RedHat Red Hat Certified Specialist in OpenShift Automation and Integration
Identity Management - Create CA ConfigMap
정답:
See the solution below in Explanation:
Explanation:
Step 1: Ensure the certificate file rhds_ca.crt is available in your current working directory or use the correct path.
The Task requires creating a configmap from this CA certificate file.
Step 2: Run the command:
oc create configmap rhds-ca-config-map --from-file ca.crt=rhds_ca.crt -n openshift-config Step 3: Confirm the configmap is created.
The lab output shows:
configmap/rhds-ca-config-map created
Detailed explanation:
This creates a configmap named rhds-ca-config-map in the openshift-config namespace and maps the local file rhds_ca.crt to the key name ca.crt inside the configmap. This is important in external identity integration because OpenShift may need to trust a custom certificate authority when communicating with LDAP or another secured external service. By placing the certificate in a configmap, the authentication operator or related cluster configuration can reference it cleanly. The key name matters because many OpenShift resources expect a CA bundle key with a specific filename-like convention. If the file path is wrong, the command fails immediately. If the configmap name or key mapping is wrong, the authentication provider referencing it may not trust the external endpoint.
Explanation:
Step 1: Ensure the certificate file rhds_ca.crt is available in your current working directory or use the correct path.
The Task requires creating a configmap from this CA certificate file.
Step 2: Run the command:
oc create configmap rhds-ca-config-map --from-file ca.crt=rhds_ca.crt -n openshift-config Step 3: Confirm the configmap is created.
The lab output shows:
configmap/rhds-ca-config-map created
Detailed explanation:
This creates a configmap named rhds-ca-config-map in the openshift-config namespace and maps the local file rhds_ca.crt to the key name ca.crt inside the configmap. This is important in external identity integration because OpenShift may need to trust a custom certificate authority when communicating with LDAP or another secured external service. By placing the certificate in a configmap, the authentication operator or related cluster configuration can reference it cleanly. The key name matters because many OpenShift resources expect a CA bundle key with a specific filename-like convention. If the file path is wrong, the command fails immediately. If the configmap name or key mapping is wrong, the authentication provider referencing it may not trust the external endpoint.
Configure project-wide default tolerations
Task Information : Configure the payments namespace so new pods automatically include a default toleration.
Task Information : Configure the payments namespace so new pods automatically include a default toleration.
정답:
See the solution below in Explanation:
Explanation:
* Annotate the namespace with default tolerations
* oc annotate ns payments \
* scheduler.alpha.kubernetes.io/defaultTolerations='[{"key":"dedicated","operator":"Equal","value":" payments","effect":"NoSchedule"}]' \
* --overwrite
* Some clusters honor this pattern; if not, the fallback is mutating admission or editing workloads.
* Create a new pod/deployment in the namespace
* Then verify its spec includes tolerations:
* oc -n payments get pod < pod > -o yaml | grep -n tolerations -A5
Explanation:
* Annotate the namespace with default tolerations
* oc annotate ns payments \
* scheduler.alpha.kubernetes.io/defaultTolerations='[{"key":"dedicated","operator":"Equal","value":" payments","effect":"NoSchedule"}]' \
* --overwrite
* Some clusters honor this pattern; if not, the fallback is mutating admission or editing workloads.
* Create a new pod/deployment in the namespace
* Then verify its spec includes tolerations:
* oc -n payments get pod < pod > -o yaml | grep -n tolerations -A5
Resolve group synchronization conflicts (prune stale data)
Task Information : Run group sync with pruning to remove stale OpenShift group memberships that no longer exist in LDAP.
Task Information : Run group sync with pruning to remove stale OpenShift group memberships that no longer exist in LDAP.
정답:
See the solution below in Explanation:
Explanation:
* Run group sync with prune controls
* oc adm groups sync --sync-config=groupsync.yaml --confirm --prune-whitelist=/tmp/whitelist.txt
* Prune removes stale memberships/groups, but whitelist protects selected groups from pruning.
* Verify group membership reflects LDAP
* oc describe group < groupname >
* Confirms removed users are no longer listed.
Explanation:
* Run group sync with prune controls
* oc adm groups sync --sync-config=groupsync.yaml --confirm --prune-whitelist=/tmp/whitelist.txt
* Prune removes stale memberships/groups, but whitelist protects selected groups from pruning.
* Verify group membership reflects LDAP
* oc describe group < groupname >
* Confirms removed users are no longer listed.
Logging Configuration - Configure ClusterLogging in Web Console
정답:
See the solution below in Explanation:
Explanation:
Step 1: Log in to the OpenShift web console.
This Task is explicitly defined as a GUI workflow.
Step 2: Navigate to Operators .
Installed logging components are managed through the operator framework.
Step 3: Open Installed Operators .
This lists operators already deployed in the cluster.
Step 4: Select Red Hat OpenShift Logging .
This operator manages the cluster logging stack and its custom resources.
Step 5: Open the ClusterLogging instance.
The Task SIMULATION refers to editing the existing ClusterLogging custom resource.
Step 6: Switch to YAML View .
This allows direct editing of the logging custom resource specification.
Step 7: Edit the collection type and set it to vector.
This changes the log collector implementation.
Step 8: Click Save .
The operator will reconcile the resource and apply the updated collector configuration.
Detailed explanation:
The ClusterLogging custom resource controls the logging stack behavior in OpenShift. Changing the collection type to vector updates which collector technology is used for gathering node and container logs. In operator-managed platforms, direct YAML edits to the custom resource are the preferred method for changing managed behavior because the operator then applies and maintains the desired state. This Task tests both navigation skills in the web console and knowledge of where logging behavior is configured. Saving the resource triggers reconciliation, which is a core OpenShift operator pattern: the declared configuration is read and enforced by the operator rather than by manual per-pod changes.
Explanation:
Step 1: Log in to the OpenShift web console.
This Task is explicitly defined as a GUI workflow.
Step 2: Navigate to Operators .
Installed logging components are managed through the operator framework.
Step 3: Open Installed Operators .
This lists operators already deployed in the cluster.
Step 4: Select Red Hat OpenShift Logging .
This operator manages the cluster logging stack and its custom resources.
Step 5: Open the ClusterLogging instance.
The Task SIMULATION refers to editing the existing ClusterLogging custom resource.
Step 6: Switch to YAML View .
This allows direct editing of the logging custom resource specification.
Step 7: Edit the collection type and set it to vector.
This changes the log collector implementation.
Step 8: Click Save .
The operator will reconcile the resource and apply the updated collector configuration.
Detailed explanation:
The ClusterLogging custom resource controls the logging stack behavior in OpenShift. Changing the collection type to vector updates which collector technology is used for gathering node and container logs. In operator-managed platforms, direct YAML edits to the custom resource are the preferred method for changing managed behavior because the operator then applies and maintains the desired state. This Task tests both navigation skills in the web console and knowledge of where logging behavior is configured. Saving the resource triggers reconciliation, which is a core OpenShift operator pattern: the declared configuration is read and enforced by the operator rather than by manual per-pod changes.
Install OADP Operator and verify Velero components
Task Information : Install the OADP operator and confirm Velero pods/components are running.
Task Information : Install the OADP operator and confirm Velero pods/components are running.
정답:
See the solution below in Explanation:
Explanation:
* Install OADP via Web Console
* Operators # OperatorHub # search OADP / OpenShift API for Data Protection # Install
* Explanation: This operator manages Velero and backup integrations.
* Verify the operator CSV is installed
* oc get csv -A | grep -i -E "oadp|data protection|velero"
* Confirms installation succeeded.
* Verify pods in the OADP namespace (commonly openshift-adp)
* oc get pods -n openshift-adp
* You should see Velero/OADP-related pods in Running state.
Explanation:
* Install OADP via Web Console
* Operators # OperatorHub # search OADP / OpenShift API for Data Protection # Install
* Explanation: This operator manages Velero and backup integrations.
* Verify the operator CSV is installed
* oc get csv -A | grep -i -E "oadp|data protection|velero"
* Confirms installation succeeded.
* Verify pods in the OADP namespace (commonly openshift-adp)
* oc get pods -n openshift-adp
* You should see Velero/OADP-related pods in Running state.