최신RedHat Red Hat Certified Specialist in OpenShift Advanced Cluster Management - EX432무료샘플문제
Create a policy that enforces a specific Operator to be installed on all dev clusters
Explanation:
* Use a policy template approach (OperatorGroup + Subscription + desired namespace) in a ConfigurationPolicy.
* Bind it to a Placement targeting dev clusters.
* Verify operator subscription exists on managed clusters and CSV reaches Succeeded.
Why this matters:
Automating consistent operator installation at scale is a realistic governance task; community policy collections exist demonstrating this model.
Create a policy that enforces a NetworkPolicy in a given namespace across clusters
* Put the NetworkPolicy manifest under object-templates in a ConfigurationPolicy.
* Bind to a Placement for dev clusters.
* Verify NetworkPolicy exists on all targeted clusters.
Create ETCD Encryption Policy (Web Console)
Explanation:
* Open the ACM console on the hub.
* Navigate to Governance # Policies .
* Click Create policy .
* Set Name : policy-etcd.
* Choose the policy template/type ETCD Encryption .
* Set Remediation action to enforce .
* inform = report only
* enforce = attempt to automatically remediate to desired state
* Select clusters/ClusterSets to apply (depends on the wizard).
* Click Submit .
* Verify compliance once applied:
* In console, check policy status: Compliant/NonCompliant
* Or via CLI:
* oc get policy -A
* oc describe policy policy-etcd -n < policy-namespace >
Why this matters:
* Governance policies are a core ACM feature for enforcing security baselines across multiple clusters.
Install RHACS Operator (Web Console)
Explanation:
* In OpenShift Web Console, go to Operators # OperatorHub .
* Search for Advanced Cluster Security .
* Select Red Hat Advanced Cluster Security for Kubernetes (RHACS) .
* Click Install and follow the wizard (namespace/channel per lab).
* After operator installation, create RHACS components (as the hint indicates):
* Install/Deploy Central (the management plane)
* Install/Deploy SecuredCluster (sensor/collector on clusters)
* Confirm operator and pods are running:
* Operators # Installed Operators
* oc get pods -n < rhacs-namespace >
Why this matters:
* RHACS adds container security posture management, vulnerability management, and runtime policy enforcement.
Create Production ClusterSet
Explanation:
* Create the ManagedClusterSet:
* oc create managedclusterset production
* Validate:
* oc get managedclusterset
* oc describe managedclusterset production
Why this matters:
* Separating development and production clusters is common for governance/RBAC isolation.