In this post, I have shared some quick tips, including Q/A and useful links from the Day 3 live session of our current batch of OpenShift Certified Specialist Training.
OpenShift is a unique platform for building and shipping cloud-based applications. It opens opportunities for innovative products and services with faster delivery. An organization using Red Hat OpenShift can unleash many advantages and gain competitive benefits in business.
This series will help you better understand and make it easier for you to learn Openshift, clear Certifications & get a better-paid job.
On our Day 1 & 2 of the OpenShift Certified Specialist training program, we have gone through Kubernetes Vs Openshift, Openshift Architecture, Types of OpenShift Cluster, and OpenShift Cluster Creation. Now on Day 3 of our training program, we covered these topics:
↦ Before we begin, know everything about the OpenShift Certification
➪ RBAC
RBAC stands for Role-Based Access Control. It’s an approach that’s used for proscribing access to users and applications on the system/network. RBAC could be a security style that restricts access to valuable resources based on the role the user holds, hence the name role-based.
Role-based access control (RBAC) is a technique of regulating access to a computer or network resources based on the roles of individual users within an enterprise. In this context, access is the ability of a private user to perform a selected task, like read, create, or modify a file.
➪ Understanding authentication
Users must first authenticate to the cluster before they can interact with OpenShift Container Platform. The authentication layer identifies the user associated with OpenShift Container Platform API calls. The authorization layer then determines whether the request is permitted based on information about the requesting user. You may establish authentication for OpenShift Container Platform as an administrator.
Users:
In OpenShift Container Platform, a user is a person or entity who may make queries to the OpenShift Container Platform API. An OpenShift Container Platform User object represents an actor who may be granted system access by adding roles to themselves or their groups. This is often the account of a developer or administrator dealing with OpenShift Container Platform.
Groups:
A user can be allocated to one or more groups, each representing a specific collection of people. When managing authorization policies, groups are helpful for providing rights to numerous users at once, such as enabling access to items inside a project rather than granting them to individuals separately.
Q1. Define Authentication In Openshift?
Ans. In OpenShift master has inbuilt OAuth server which generates tokens that can be used for API authentication.
Q2. What Are The Identity Providers In Oauth?
Ans. Below are the Identity Providers In Oauth:
- HTTPassword
- LDAP
- Allow ALL
- Deny All
- Basic Authentication
➪ Authorization
RBAC objects assess whether a user is authorized to do a specific action inside a project.
Platform administrators may utilize the cluster roles and bindings to govern who has different levels of access to the OpenShift Container Platform platform and all projects.
It enables developers to manage who has access to their projects by using local roles and bindings. It is important to note that permission is distinct from authentication, which is concerned with establishing the identity of the person doing the activity.
Authorization is managed using:
Rules | Sets of permitted verbs on a set of objects. For example, whether something can create pods. |
Roles | Collections of rules. Users and groups can be associated with or bound to, multiple roles at the same time. |
Bindings | Associations between users and/or groups with a role. |
Read more about AUTHENTICATION AND AUTHORIZATION
➪ Cluster Role Binding In RBAC
Cluster Role Binding in RBAC is used to grant permission to a subject on a cluster-level in all the namespaces. It will offer you permissions for cluster resources and it can even offer you with permissions for resources within any namespace within a cluster. Cluster role bindings are very powerful and you want to be careful with how you apply them because they apply not solely to any existing namespaces but to any future namespaces that you just might create yet.
Q3. What is Role binding in RBAC?
Ans. Role Binding in Kubernetes Role-Based Access Control is used for granting permission to a Subject in a Kubernetes cluster. Subjects are nothing but a group of users, services, or teams making an attempt at Kubernetes API. It defines what operations a user, service, or group can perform.
Quiz Time!
With our OpenShift Certified Specialist training program, we cover real exam questions to help you prepare for the OpenShift certification.
Check out one of the simple questions and see if you can crack this…
Q. Which of the following servers runs Kubernetes API components?
A. Worker nodes
B. Nodes
C. Control plane nodes
The right answer will be revealed in my next blog. So, stay tuned!
Here is the answer to the question shared last week.
Q. Which three of the following components are common across container architecture implementations? (Choose three.)
A. Container runtime
B. Container permissions
C. Container images
D. Container registries
Correct Answer: A, C & D
Feedback
We always work on improving and being the best version of ourselves from the previous session hence constantly ask feedback from our attendees.
Here’s the feedback that we received from our trainees who had attended the session… {2109 here represents a batch of September 2021}
Related/References
- Openshift vs Kubernetes: What is the Difference?
- Kubernetes for Beginners
- Red Hat OpenShift- What, Why, and How?
- OpenShift For Beginners: 30+ Hands-On labs You Must Perform | Step-by-Step
- Deploy Applications Using OpenShift: Step-by-Step
- Install Single Node OpenShift Cluster (OKD): Step By Step
- Install & Configure Multi-Node Openshift (OCP) Cluster Using User Provisioned Infrastructure: Step By Step
- [Q & A] Day 0: OpenShift [Docker Containers, K8s Architecture, & OpenShift Overview]
- [Recap] Day 1 & 2: K8s vs OpenShift, Openshift Architecture, Types of Cluster & Cluster creation in Openshift
- OpenShift Official Documentation
Next Task For You: Join Our FREE Class
Begin your journey towards becoming a Red Hat Certified Specialist in OpenShift Administrator and earning a lot more in 2021 by joining our Free Class.
Leave a Reply