최신 EX432 무료덤프 - RedHat Red Hat Certified Specialist in OpenShift Advanced Cluster Management
Create a policy that enforces a specific Operator to be installed on all dev clusters
정답:
See the solution below in Explanation.
Explanation:
* Use a policy template approach (OperatorGroup + Subscription + desired namespace) in a ConfigurationPolicy.
* Bind it to a Placement targeting dev clusters.
* Verify operator subscription exists on managed clusters and CSV reaches Succeeded.
Why this matters:
Automating consistent operator installation at scale is a realistic governance task; community policy collections exist demonstrating this model.
Explanation:
* Use a policy template approach (OperatorGroup + Subscription + desired namespace) in a ConfigurationPolicy.
* Bind it to a Placement targeting dev clusters.
* Verify operator subscription exists on managed clusters and CSV reaches Succeeded.
Why this matters:
Automating consistent operator installation at scale is a realistic governance task; community policy collections exist demonstrating this model.
Create a Placement that selects clusters by OpenShift version label and exclude a region
정답:
See the solution below in Explanation.
Explanation:
* Ensure clusters have labels like openshiftVersion=4.18 and region=us-west etc.
* Create placement with matchExpressions (include one label, exclude another):
matchExpressions:
- key: openshiftVersion
operator: In
values: ["4.18"]
- key: region
operator: NotIn
values: ["us-west"]
* Validate PlacementDecision.
Explanation:
* Ensure clusters have labels like openshiftVersion=4.18 and region=us-west etc.
* Create placement with matchExpressions (include one label, exclude another):
matchExpressions:
- key: openshiftVersion
operator: In
values: ["4.18"]
- key: region
operator: NotIn
values: ["us-west"]
* Validate PlacementDecision.
Create a compliance dashboard view: group policies by PolicySet and export results
정답:
See the solution below in Explanation.
* Create PolicySet to group related policies.
* Use Governance UI to filter by PolicySet and view compliance per cluster.
* Export/report (or capture output via CLI oc get policy -o wide) depending on lab capability.
* Create PolicySet to group related policies.
* Use Governance UI to filter by PolicySet and view compliance per cluster.
* Export/report (or capture output via CLI oc get policy -o wide) depending on lab capability.
Deploy an application using Subscription + PlacementRule (legacy model)
정답:
See the solution below in Explanation.
Explanation:
* Create a Channel (Git) and Subscription referencing it (example pattern).
* In exams, you're usually given a repo URL and target namespace.
* Ensure there is a placement rule/placement selecting clusters.
* Apply manifests:
oc apply -f channel.yaml
oc apply -f subscription.yaml
* Verify resources:
oc get channels.apps.open-cluster-management.io -A
oc get subscriptions.apps.open-cluster-management.io -A
oc get application.app.k8s.io -A
Why this matters:
Multi-cluster application lifecycle is part of ACM operations, and EX480 explicitly covers managing multi- cluster environments with ACM.
Explanation:
* Create a Channel (Git) and Subscription referencing it (example pattern).
* In exams, you're usually given a repo URL and target namespace.
* Ensure there is a placement rule/placement selecting clusters.
* Apply manifests:
oc apply -f channel.yaml
oc apply -f subscription.yaml
* Verify resources:
oc get channels.apps.open-cluster-management.io -A
oc get subscriptions.apps.open-cluster-management.io -A
oc get application.app.k8s.io -A
Why this matters:
Multi-cluster application lifecycle is part of ACM operations, and EX480 explicitly covers managing multi- cluster environments with ACM.
Grant a team group "edit" access to the namespace that has a ClusterSetBinding
정답:
See the solution below in Explanation.
Explanation:
* Create a group (example) and add users:
oc adm groups new dev-team
oc adm groups add-users dev-team user1 user2
* Grant namespace access:
oc adm policy add-role-to-group edit dev-team -n team-dev
* Validate with a user token/login (or check rolebindings):
oc get rolebinding -n team-dev | grep dev-team
Why this matters:
ACM access patterns commonly combine namespace RBAC + ClusterSetBinding to scope what teams can manage.
Explanation:
* Create a group (example) and add users:
oc adm groups new dev-team
oc adm groups add-users dev-team user1 user2
* Grant namespace access:
oc adm policy add-role-to-group edit dev-team -n team-dev
* Validate with a user token/login (or check rolebindings):
oc get rolebinding -n team-dev | grep dev-team
Why this matters:
ACM access patterns commonly combine namespace RBAC + ClusterSetBinding to scope what teams can manage.