1. Remove the user from the HTPasswd file: htpasswd -D /etc/origin/htpasswd newuser 2. Update the HTPasswd secret: oc create secret generic htpasswd -secret --from-file=htpasswd=/etc/origin/htpasswd -n openshift -config - -dry-run=client -o yaml | oc apply -f - 3. Validate by attempting to log in: oc login -u newuser -p <password> Explanation: Deleting users from the HTPasswd file immediately revokes their authentication, ensuring secure management of user access. Modify a user’s password and validate the update. ee the Solution below. Solution: 1. Update the user’s password in the HTPasswd file: htpasswd /etc/origin/htpasswd admin 2. Update the HTPasswd secret: oc create secret generic htpasswd -secret --from-file=htpasswd=/etc/origin/htpasswd -n openshift -config - -dry-run=client -o yaml | oc apply -f - 3. Validate by logging in with the new password: oc login -u admin -p <new -password> Explanation: Password modifications using the HTPasswd file ensure credentials are updated promptly, enhancing security. Create a new group and add multiple users to it. Validate the group membership.
ee the Solution below. Solution: 1. Create a group: oc adm groups new developers 2. Add users to the group: oc adm groups add -users developers user1 user2 3. Validate group membership: oc get groups developers -o yaml Explanation: Groups simplify user management by enabling bulk operations and role assignments for multiple users. Remove a user from a group and validate their removal. ee the Solution below. Solution: 1. Remove the user from the group: oc adm groups remove -users developers user1 2. Validate the user’s removal: oc get groups developers -o yaml Explanation: Removing users from groups ensures accurate role-based access control, improving cluster security and management. Assign cluster admin permissions to a user and validate their elevated access. ee the Solution below.
Solution: 1. Assign cluster admin role: oc adm policy add -cluster -role-to-user cluster -admin admin 2. Validate elevated access: oc get nodes Explanation: Granting cluster admin permissions provides full control over cluster resources, essential for administrative tasks. Revoke admin permissions from a user and validate their reduced access. ee the Solution below. Solution: 1. Revoke the cluster admin role: oc adm policy remove -cluster -role-from-user cluster -admin admin 2. Validate reduced access: oc get nodes Explanation: Revoking roles promptly limits unnecessary or unauthorized access, ensuring secure cluster operations. Create a namespace -specific role binding for a group and validate their scoped access. ee the Solution below. Solution: 1. Create a role in a namespace: oc create role developer -role --verb=get,list,watch --resource=pods -n dev -namespace
2. Bind the role to a group: oc create rolebinding developer -binding --role=developer -role --group=developers -n dev -namespace 3. Validate access: oc auth can -i get pods -n dev -namespace --as=user1 Explanation: Namespace -specific role bindings restrict permissions to scoped resources, enhancing security and operational efficiency. Assign a user the ability to create projects and validate their access. ee the Solution below. Solution: 1. Grant the user project creation permissions: oc adm policy add -cluster -role-to-user self -provisioner user1 2. Validate by creating a project: oc login -u user1 -p <password> oc new -project user1 -project Explanation: Granting self-provisioner permissions enables users to create projects independently, supporting flexible resource allocation. List all users and groups in the cluster. ee the Solution below. Solution: 1. List users: oc get users
2. List groups: oc get groups Explanation: Listing users and groups provides an overview of cluster access, aiding in auditing and management. Create a new role with custom permissions for managing ConfigMaps. Validate the role’s functionality. ee the Solution below. Solution: 1. Create a role: oc create role configmap -manager --verb=get,create,update,delete --resource=configmaps -n dev- namespace 2. Assign the role to a user: oc create rolebinding configmap -binding --role=configmap -manager --user=user1 -n dev -namespace 3. Validate permissions: oc auth can -i create configmaps -n dev -namespace --as=user1 Explanation: Custom roles enable precise permission control, aligning with specific application or operational requirements. Audit user access logs to identify any unauthorized actions. ee the Solution below. Solution: 1. Enable audit logging in the cluster: oc edit apiserver 2. Analyze audit logs:
Solution: 1. Create a Headless Service YAML file: apiVersion: v1 kind: Service metadata: name: headless -service spec: clusterIP: None selector: app: my-stateful -app ports: - protocol: TCP port: 80 2. Apply the Service and verify DNS resolution: kubectl apply -f headless -service.yaml kubectl exec <pod -name> -- nslookup headless -service Explanation: Headless Services provide direct access to individual pod IPs, which is essential for StatefulSet workloads. Deploy an application using a Kubernetes CronJob that runs every 5 minutes. Validate its execution. ee the Solution below. Solution: 1. Create a CronJob YAML file cronjob.yaml: apiVersion: batch/v1 kind: CronJob metadata: name: my-cronjob spec: schedule: "*/5 * * * *" jobTemplate: spec: template: spec: containers: - name: my -container
