DO380 - ch01s11

Bookmark this page

Lab: Authentication and Identity Management

Define the concepts and custom resources of the OpenShift OAuth server, and explain how these resources augment Kubernetes authentication.

Configure an LDAP identity provider and automate group synchronization between OpenShift OAuth and an LDAP server.

Configure an OIDC identity provider and automate group synchronization between OpenShift OAuth and an OIDC server.

Generate a token and a client certificate and add them to a kubeconfig file.

Outcomes

Use a client certificate for a system administrator account to recover access to the OpenShift cluster.
Configure RHDS as an LDAP identity provider (IdP) for OpenShift.
Configure Red Hat SSO as an OIDC IdP for OpenShift.
Synchronize users and groups from the LDAP and Red Hat SSO IdPs to OpenShift.
Generate a service account (SA) token for authenticating a script that runs from outside the OpenShift cluster.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise, and to ensure that all required resources are available.

[student@workstation ~]$ lab start auth-review

Instructions

A cluster administrator in your company erroneously removed all the configured IdPs from the OAuth server. You must use a backdoor administrator certificate to re-create the IdPs. For this purpose, create a kubeconfig file that contains the client certificate, the certificate key, and the OpenShift CA server certificate. The certificate is already approved in the OpenShift CA server with administrator privileges.

After you create the administrator kubeconfig file, restore the LDAP IdP that contains one of the company managers, Payden Tomcheck, with the paydentomcheck username and the redhat123 password. You must configure the LDAP automated group synchronization, because the user is part of the administrators group. This group must have administrative privileges to the cluster.

Then, configure an OIDC IdP. This IdP provides the consultant user, Lauren Chan, with the laurenchan username and the redhat_sso password. You must configure the OIDC IdP to automatically synchronize the groups, because the user is part of the consultants group. This group must have read privileges to the auth-review project.

Finally, configure an external monitoring app, which runs outside the cluster and uses an SA account token that must have read access to the cluster. You must create the SA account in the auth-review project with the audit-bot name.

Create a kubeconfig file that contains the client certificate, the certificate key, and the OpenShift CA server certificate.

You must create the kubeconfig file in the ~/DO380/labs/auth-review/certificate/ directory with the admin.config name.

You can find the admin-access.crt client certificate, the tls.key certificate key, and the ocp-apiserver-cert.crt CA server certificate in the same directory. Use api-ocp4-example-com:6443 as the cluster name and https://api.ocp4.example.com:6443 as the cluster IP in the kubeconfig file.

Change to the ~/DO380/labs/auth-review/certificate/ directory.

[student@workstation ~]$ cd ~/DO380/labs/auth-review/certificate/
[student@workstation certificate]$

Add the admin user credentials to the kubeconfig file.

[student@workstation certificate]$ oc config set-credentials admin \
  --client-certificate admin-access.crt --client-key tls.key \
  --embed-certs --kubeconfig admin.config
User "admin" set.

Set the cluster options in the kubeconfig file.

[student@workstation certificate]$ oc config set-cluster \
  api-ocp4-example-com:6443 --certificate-authority ocp-apiserver-cert.crt \
  --embed-certs --server https://api.ocp4.example.com:6443 \
  --kubeconfig admin.config
Cluster "api-ocp4-example-com:6443" set.

Set the context for the admin user.

[student@workstation certificate]$ oc config set-context admin \
  --cluster api-ocp4-example-com:6443 --namespace auth-review --user admin \
  --kubeconfig admin.config
Context "admin" created.

Use the context for the admin user.

[student@workstation certificate]$ oc config use-context admin \
  --kubeconfig admin.config
Switched to context "admin".

Test the administrator certificate.

[student@workstation certificate]$ oc whoami --kubeconfig admin.config
system:admin

Change to the /home/student directory.
```
[student@workstation certificate]$ cd
```

Use the administrator kubeconfig file to configure the LDAP IdP.

Use the LDAP IdP information from the following table:

`ldapsearch` option	Value
DN (`-D`)	`cn=Directory Manager`
URI (`-H`)	`ldaps://rhds.ocp4.example.com`
Password (`-w`)	`redhatocp`

Use the ~/DO380/labs/auth-review/rhds/ directory to create any necessary files.

You can find the RHDS certificate in that directory with the rhds_ca.crt name. Use the rhds-ladp-secret and rhds-ca-config-map names for the RHDS secret and configuration map respectively. Use Red Hat Directory Server as the name for the RHDS LDAP IdP.

You can find an incomplete example for the OAuth CR in the rhds-ldap-idp.yaml file.

Change to the ~/DO380/labs/auth-review/rhds/ directory.

[student@workstation ~]$ cd ~/DO380/labs/auth-review/rhds/
[student@workstation rhds]$

From the CLI, test the connection with the ldapsearch command by using the information in the table.

[student@workstation rhds]$ ldapsearch -D "cn=Directory Manager" \
  -w redhatocp -H ldaps://rhds.ocp4.example.com
...output omitted...
# paydentomcheck, people, example.com
dn: uid=paydentomcheck,ou=people,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: Payden Tomcheck
uid: paydentomcheck
uidNumber: 10001
gidNumber: 101
homeDirectory: /home/paydentomcheck
loginShell: /bin/bash
gecos: paydentomcheck
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
userPassword:: e1NTSEF9Wm1sMWd1WjJLajlRM1dKZGlFVnV6aTNEaCs5NzFPeFg=

# administrators, people, example.com
dn: cn=administrators,ou=people,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: administrators
uniqueMember: uid=paydentomcheck,ou=people,dc=example,dc=com
...output omitted...

Create the RHDS secret.

[student@workstation rhds]$ oc create secret generic rhds-ldap-secret \
  --from-literal bindPassword=redhatocp -n openshift-config \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
secret/rhds-ldap-secret created

Create the configuration map that contains the certificate.

[student@workstation rhds]$ oc create configmap rhds-ca-config-map \
  --from-file ca.crt=rhds_ca.crt -n openshift-config \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
configmap/rhds-ca-config-map created

Configure the RHDS LDAP IdP in the OAuth server. This configuration replaces the OAuth configuration by overriding any IdP configuration that was previously in the cluster. You can find an incomplete example for the OAuth CR in the rhds-ldap-idp.yaml file.

apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - ldap:
      attributes:
        id:
          - dn
        email:
          - mail
        name:
          - cn
        preferredUsername:
          - uid
      bindDN: 'cn=Directory Manager'
      bindPassword:
        name: rhds-ldap-secret
      ca:
        name: rhds-ca-config-map
      insecure: false
      url: >-
        ldaps://rhds.ocp4.example.com/dc=example,dc=com?uid
    mappingMethod: claim
    name: Red Hat Directory Server
    type: LDAP

[student@workstation rhds]$ oc apply -f rhds-ldap-idp.yaml \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
oauth.config.openshift.io/cluster configured

Verify the status for the OAuth pods and wait for the OAuth pods to be redeployed.

[student@workstation rhds]$ watch oc get pods -n openshift-authentication \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
Every 2.0s: oc get pods -n openshift-authentication    workstation: Tue Aug 22 ...

NAME                               READY   STATUS    RESTARTS   AGE
oauth-openshift-78cbdc45f7-2z887   1/1     Running   0          35s
oauth-openshift-78cbdc45f7-4jsdc   1/1     Running   0          62s
oauth-openshift-78cbdc45f7-rlv2q   1/1     Running   0          89s
^C

Verify that you can log in to the cluster as the paydentomcheck user with redhat123 as the password.

[student@workstation group-sync]$ oc login -u paydentomcheck -p redhat123 \
  https://api.ocp4.example.com:6443
Login successful.
...output omitted...

Change to the /home/student directory.
```
[student@workstation rhds]$ cd
```

Configure the LDAP automated group synchronization in a project called auth-ldapsync.

Use the ldap-group-syncer SA for this purpose. Create the ldap-group-syncer cluster role with get, list, create, and update permissions to the groups resource, and assign the cluster role to the SA.

Use the ldap-secret and ldap-config names for the RHDS secret and configuration map, respectively. Mount the secret and the configuration map in the /etc/secrets/bindPassword and /etc/config/ca.crt files, respectively.

Use the ~/DO380/labs/auth-review/group-sync/ directory to create any necessary files. You can find the RHDS certificate in that directory with the rhds_ca.crt name. You can find an incomplete example for the LDAP synchronization configuration in the ldap-sync.yaml file. For the cron job for the group synchronization, you can apply the ready-to-use rhds-groups-cronjob.yaml file.

Assign the cluster-admin role to the administrators group, and verify its permissions.

Change to the ~/DO380/labs/auth-review/group-sync/ directory.

[student@workstation ~]$ cd ~/DO380/labs/auth-review/group-sync/
[student@workstation group-sync]$

Create a project called auth-ldapsync.

[student@workstation group-sync]$ oc new-project auth-ldapsync \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
Now using project "auth-ldapsync" on server "https://api.ocp4.example.com:6443".
...output omitted...

Create a service account called ldap-group-syncer.

[student@workstation group-sync]$ oc create sa ldap-group-syncer \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
serviceaccount/ldap-group-syncer created

Create the ldap-group-syncer cluster role.

[student@workstation group-sync]$ oc create clusterrole ldap-group-syncer \
  --verb get,list,create,update --resource groups \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
clusterrole.rbac.authorization.k8s.io/ldap-group-syncer created

Create the cluster role binding for the ldap-group-syncer SA and cluster role.

[student@workstation ~]$ oc adm policy add-cluster-role-to-user \
  ldap-group-syncer -z ldap-group-syncer \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
clusterrole.rbac.authorization.k8s.io/ldap-group-syncer added: "ldap-group-syncer"

Create a secret that contains the LDAP bind password.

[student@workstation group-sync]$ oc create secret generic ldap-secret \
  --from-literal bindPassword='redhatocp' \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
secret/ldap-secret created

Create the LDAP synchronization configuration file. You can find an incomplete example for the LDAP synchronization configuration in the ldap-sync.yaml file.

kind: LDAPSyncConfig
apiVersion: v1
url: ldaps://rhds.ocp4.example.com:636
bindDN: 'cn=Directory Manager'
bindPassword:
  file: /etc/secrets/bindPassword
ca: /etc/config/ca.crt
augmentedActiveDirectory:
    groupsQuery:
        baseDN: "ou=people,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
    groupUIDAttribute: dn
    groupNameAttributes: [ cn ]
    usersQuery:
        baseDN: "ou=people,dc=example,dc=com"
        scope: sub
        derefAliases: never
        filter: (objectclass=account)
        pageSize: 0
    userNameAttributes: [ uid ]
    groupMembershipAttributes: [ memberOf ]

Create a configuration map that contains the LDAPSyncConfig file and the trusted certificate.

[student@workstation group-sync]$ oc create configmap ldap-config \
  --from-file ldap-sync.yaml=ldap-sync.yaml,ca.crt=rhds_ca.crt \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
configmap/ldap-config created

Create the cron job for the group synchronization. You can find an example for the cron job for the group synchronization in the rhds-groups-cronjob.yaml file.

apiVersion: batch/v1
kind: CronJob
metadata:
  name: group-sync
  namespace: auth-ldapsync
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: ldap-group-sync
              image: "registry.ocp4.example.com:8443/openshift4/ose-cli:v4.12"
              command:
                - "/bin/sh"
                - "-c"
                - "oc adm groups sync --sync-config=/etc/config/ldap-sync.yaml --confirm"
              volumeMounts:
                - mountPath: "/etc/config"
                  name: "ldap-sync-volume"
                - mountPath: "/etc/secrets"
                  name: "ldap-bind-password"
          volumes:
            - name: "ldap-sync-volume"
              configMap:
                name: "ldap-config"
            - name: "ldap-bind-password"
              secret:
                secretName: "ldap-secret"
          serviceAccountName: ldap-group-syncer
          serviceAccount: ldap-group-syncer

[student@workstation group-sync]$ oc create -f rhds-groups-cronjob.yaml \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
...output omitted...
cronjob.batch/group-sync created

Wait for one minute for the cron job to start, and verify that OpenShift synchronizes the administrators group from RHDS.

[student@workstation group-sync]$ oc get groups \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
NAME                USERS
Default SMB Group
administrators      paydentomcheck
admins              admin
...output omitted...

Apply the cluster-admin role to the administrators group.

[student@workstation group-sync]$ oc adm policy add-cluster-role-to-group \
  cluster-admin administrators \
  --kubeconfig ~/DO380/labs/auth-review/certificate/admin.config
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "administrators"

[student@workstation group-sync]$ oc login -u paydentomcheck -p redhat123
Login successful.
...output omitted...

[student@workstation group-sync]$ oc auth can-i create users -A
yes

Change to the /home/student directory.
```
[student@workstation group-sync]$ cd
```

Configure the Red Hat SSO OIDC IdP.

The URL for the Red Hat SSO server is https://sso.ocp4.example.com:8080. Use the admin user and the redhatocp password to connect to the Red Hat SSO server. The Red Hat SSO client name is ocp_rhsso and the realm is external_providers.

Use the rhsso-oidc-client-secret name for the Red Hat SSO secret. Use RHSSO_OIDC as the name for the Red Hat SSO IdP.

Use the ~/DO380/labs/auth-review/sso/ directory to create any necessary files.

You can find an incomplete example for the Red Hat SSO IdP configuration in the sso_config.yaml file. You must include the IdP configuration for the LDAP server that you set up in a previous step.

Change to the ~/DO380/labs/auth-review/sso/ directory.

[student@workstation ~]$ cd ~/DO380/labs/auth-review/sso/
[student@workstation sso]$

Connect to the Red Hat SSO machine as the rhsso user.

[student@workstation sso]$ ssh rhsso@sso.ocp4.example.com
[rhsso@sso ~]$

Use the kcadm tool to connect to Red Hat SSO.

[rhsso@sso ~]$ /opt/rh-sso-7.6/bin/kcadm.sh config credentials \
  --server https://sso.ocp4.example.com:8080/auth \
  --user admin --password redhatocp --realm master
Logging into https://sso.ocp4.example.com:8080/auth as user admin of realm master

List the information for the ocp_rhsso client from Red Hat SSO.

[rhsso@sso ~]$ /opt/rh-sso-7.6/bin/kcadm.sh get clients \
  -r external_providers -q clientId=ocp_rhsso
[ {
"id" : "f57e9ddc-8c60-4b40-8048-ec0120595be2",
"clientId" : "ocp_rhsso",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://oauth-openshift.apps.ocp4.example.com/*" ],
"webOrigins" : [ "https://oauth-openshift.apps.ocp4.example.com" ],
...output omitted...

Generate a JSON file, which contains the client ID, the authentication server URL, and the client secret. Use the ocp_rhsso ID from the previous step.
```
[rhsso@sso ~]$ /opt/rh-sso-7.6/bin/kcadm.sh get \
  clients/f57e9ddc-8c60-4b40-8048-ec0120595be2/installation\
/providers/keycloak-oidc-keycloak-json \
  -r external_providers > rhsso.json
```
Note
The /providers/… text must come after the …/installation text, without spaces.
View the content of the JSON file, which contains the Red Hat SSO client information. Note the secret, which you use in a later step. The client secret would differ on your system. Use the ocp_rhsso Red Hat SSO client ID for the clientID parameter in the IdP configuration file on OpenShift. The issuer parameter in the IdP configuration on OpenShift concatenates the value from the auth-server-url parameter, the /realms/ string, and the external_providers Red Hat SSO realm name.
```
[rhsso@sso ~]$ cat rhsso.json
{
  "realm" : "external_providers",
  "auth-server-url" : "https://sso.ocp4.example.com:8080/auth/",
  "ssl-required" : "external",
  "resource" : "ocp_rhsso",
  "credentials" : {
    "secret" : "X4ZTPfDr0b8loqOFArfidhaHq85bHyiy"
  },
  "confidential-port" : 0
```

Return to the workstation machine.

[rhsso@sso ~]$ exit
logout
Connection to sso.ocp4.example.com closed.
[student@workstation sso]$

Connect to the OpenShift cluster as the paydentomcheck user with redhat123 as the password.

[student@workstation sso]$ oc login -u paydentomcheck -p redhat123 \
  https://api.ocp4.example.com:6443
Login successful.
...output omitted...

Create the rhsso-oidc-client-secret OpenShift secret for the Red Hat SSO client secret by using the client secret from a previous step.

[student@workstation sso]$ oc create secret generic rhsso-oidc-client-secret \
  --from-literal clientSecret=X4ZTPfDr0b8loqOFArfidhaHq85bHyiy \
  -n openshift-config
secret/rhsso-oidc-client-secret created

Configure the Red Hat SSO IdP in the OAuth server. You can find an example for the CR in the sso_config.yaml file. You must include the IdP configuration for the LDAP server that you set up in a previous step.

apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
  name: cluster
spec:
  identityProviders:
  - ldap:
...output omitted...
  - openID:
      claims:
        email:
          - email
        name:
          - name
        preferredUsername:
          - preferred_username
        groups:
          - groups
      clientID: ocp_rhsso
      clientSecret:
        name: rhsso-oidc-client-secret
      extraScopes: []
      issuer: >-
        https://sso.ocp4.example.com:8080/auth/realms/external_providers
    mappingMethod: claim
    name: RHSSO_OIDC
    type: OpenID

[student@workstation sso]$ oc apply -f sso_config.yaml
oauth.config.openshift.io/cluster configured

Verify the status for the OAuth pods and wait for the OAuth pods to be redeployed.

[student@workstation sso]$ watch oc get pods -n openshift-authentication
Every 2.0s: oc get pods -n openshift-authentication  workstation: Thu Aug 22 ...

NAME                               READY   STATUS    RESTARTS   AGE
oauth-openshift-7d5f479864-6jktw   1/1     Running   0          3m25s
oauth-openshift-7d5f479864-86cgf   1/1     Running   0          3m42s
oauth-openshift-7d5f479864-dc6jw   1/1     Running   0          3m48s
^C

Verify that you can log in to the cluster as the laurenchan user with redhat_sso as the password.

[student@workstation sso]$ oc login -u laurenchan -p redhat_sso
Login successful.
...output omitted...

[student@workstation sso]$ oc login -u paydentomcheck -p redhat123
Login successful.
...output omitted...

Verify that OpenShift synchronizes the user from Red Hat SSO the first time that they log in, and that the laurenchan user is a member of the consultants group.

[student@workstation sso]$ oc get users
NAME            UID           FULL NAME        IDENTITIES
laurenchan      dbe329a2-...  Lauren Chan      RHSSO_OIDC:a175e1b7-...
paydentomcheck  2554ba58-...  Payden Tomcheck  Red Hat Directory Server:dWlk...

[student@workstation sso]$ oc get groups
NAME                USERS
Default SMB Group
administrators      paydentomcheck
admins              admin
consultants         laurenchan
...output omitted...

Assign the view cluster role in the auth-review project to the consultants group.

[student@workstation sso]$ oc adm policy add-role-to-group view consultants \
  -n auth-review
clusterrole.rbac.authorization.k8s.io/view added: "consultants"

Change to the /home/student directory.
```
[student@workstation sso]$ cd
```

Configure an external monitoring app to run outside the cluster.

Create the audit-bot SA, generate an SA token, and store the SA token in the AUDITBOT_TOKEN variable. Use the auth-review project. Create a kubeconfig file with the audit-bot user credentials. Store the kubeconfig file in the ~/DO380/labs/auth-review/log_script/audit-bot.config file.

Run the cluster-health.sh script to verify the status of the pods in the OpenShift cluster. You can find the script in the ~/DO380/labs/auth-review/log_script directory. The script uses the credentials that are stored in the ~/DO380/labs/auth-review/log_script/audit-bot.config file.

Change to the ~/DO380/labs/auth-review/log_script/ directory.

[student@workstation ~]$ cd ~/DO380/labs/auth-review/log_script/
[student@workstation log_script]$

Change to the auth-review project.

[student@workstation log_script]$ oc project auth-review
Now using project "auth-review" on server "https://api.ocp4.example.com:6443".

Create the audit-bot SA in the auth-review project.

[student@workstation log_script]$ oc create sa audit-bot
serviceaccount/audit-bot created

Assign the cluster-reader cluster role to the audit-bot SA so that the SA can retrieve information from most of the objects in the cluster.

[student@workstation log_script]$ oc adm policy add-cluster-role-to-user \
  cluster-reader system:serviceaccount:auth-review:audit-bot
clusterrole.rbac.authorization.k8s.io/cluster-reader added: "system:serviceaccount:auth-review:audit-bot"

Generate the audit-bot SA account token and store it in the AUDITBOT_TOKEN variable.

[student@workstation log_script]$ AUDITBOT_TOKEN=$(oc create token \
  -n auth-review audit-bot)

Add the audit-bot user credentials to the kubeconfig file.

[student@workstation log_script]$ oc config set-credentials audit-bot \
  --token $AUDITBOT_TOKEN --kubeconfig audit-bot.config
User "audit-bot" set.

Set the cluster options in the kubeconfig file.

[student@workstation log_script]$ oc config set-cluster \
  api-ocp4-example-com:6443 --server https://api.ocp4.example.com:6443 \
  --kubeconfig audit-bot.config
Cluster "api-ocp4-example-com:6443" set.

Set the context for the audit-bot user.

[student@workstation log_script]$ oc config set-context audit-bot \
  --cluster api-ocp4-example-com:6443 --namespace auth-review --user audit-bot \
  --kubeconfig audit-bot.config
Context "audit-bot" created.

Use the context for the audit-bot user.

[student@workstation log_script]$ oc config use-context audit-bot \
  --kubeconfig audit-bot.config
Switched to context "audit-bot".

Verify the identity of the audit-bot user by using the kubeconfig file.

[student@workstation log_script]$ oc whoami --kubeconfig audit-bot.config
system:serviceaccount:auth-review:audit-bot

Run the cluster-health.sh script to verify the status of the pods in the OpenShift cluster. The script uses the credentials that are stored in the ~/DO380/labs/auth-review/log_script/audit-bot.config file.

[student@workstation log_script]$ sh cluster-health.sh
Connected to the cluster as the 'system:serviceaccount:auth-review:audit-bot' user
✔ OpenShift is reacheable and up, at version: '4.14.3'
✔ All pods are either running or succeeded.

Change to the /home/student directory.
```
[student@workstation log_script]$ cd
```

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade auth-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish auth-review

Discuss Red Hat OpenShift Administration III: Scaling Deployments in the Enterprise

Go to community

Welcome to Red Hat OpenShift Administration III: Scaling Kubernetes Deployments in the Enterprise!

Syed

12 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat OpenShift Administration III: Scaling Kubernetes Deployments in the Enterprise! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO378.Read more about Red Hat OpenShift Administration III: Scaling Kubernetes Deployments in the Enterprise here.

Revision: do380-4.14-397a507

Red Hat OpenShift Administration III: Scaling Deployments in the Enterprise

Lab: Authentication and Identity Management

Note