I. Overview

Configure and manage OpenShift clusters to maintain security and reliability across multiple applications and development teams.

Red Hat OpenShift Administration II: Configuring a Production Cluster (DO280) prepares OpenShift Cluster Administrators to perform daily administration tasks on clusters that host applications provided by internal teams and external vendors, enable self-service for cluster users with different roles, and deploy applications that require special permissions such as such as CI/CD tooling, performance monitoring, and security scanners. This course focuses on configuring multi-tenancy and security features of OpenShift as well as managing OpenShift add-ons based on operators.

The skills you learn in this course can be applied using all versions of OpenShift, including Red Hat OpenShift on AWS (ROSA), Azure Red Hat OpenShift, and OpenShift Container Platform.

This course is based on OpenShift Container Platform 4.14.

II. Duration

4 days (32 hours)

III. Course Topics

• Deploying packaged applications using manifests, templates, kustomize, and helm.
• Configuring authentication and authorization for users and applications.
• Protecting network traffic with network policies and exposing applications with proper network access.
• Deploying and managing applications using resources manifests.
• Enabling developer self-service of application projects.
• Managing OpenShift cluster updates and Kubernetes operator updates.

IV. Objectives:

Impact on the organization

This course is intended to develop the skills needed to manage Red Hat OpenShift clusters and support containerized applications that are highly available, resilient, and scalable. Red Hat OpenShift is an enterprise-hardened application platform based on Kubernetes that provides a common set of APIs and abstractions that enable application portability across cloud providers and traditional data centers. Red Hat OpenShift adds consistency and portability of operational processes across these environments and can also be deployed as a managed service. A Red Hat SRE team shares the responsibility of managing Red Hat OpenShift clusters with a customer's IT operations team when using a managed OpenShift offering such as Red Hat OpenShift on AWS (ROSA) or Azure Red Hat OpenShift (ARO).

Impact on the individual

As a result of attending this course, students will be able to perform the set of tasks that OpenShift cluster administrators are expected to perform in their daily jobs for on-premises, cloud-based, and vendor-managed clusters, including enabling add-on operators. Students will also be able manage multi-tenant permissions for different roles and configure applications that require privileged access to cluster and host resources.

V. Intended Audience:

• Platform Administrators, System Administrators, Cloud Administrators, and other infrastructure-related IT roles who are responsible for managing and maintaining infrastructure for applications
• Enterprise Architects, Site Reliability Engineers, DevOps Engineers, and other application-related IT roles who are responsible for designing infrastructure for applications.

VI. Prerequisites:

• Prerequisite: Red Hat OpenShift Administration I: Operating a Production Cluster (DO180v4.14), or equivalent skills deploying and managing Kubernetes applications using the OpenShift web console and command-line interfaces.
• Significant experience with Linux System Administration is not needed for this course. Basic skills operating a Bash shell, manipulating files and processes, and verifying system confirmations such as network addresses are necessary and sufficient. Students are encouraged to take Getting Started with Linux Fundamentals (RH104) before enrolling in DO280

VII. Course outlines:

1. Declarative Resource Management

Deploy and update applications from resource manifests that are parameterized for different target environments.

2. Deploy Packaged Applications

Deploy and update applications from resource manifests that are packaged for sharing and distribution.

3. Authentication and Authorization

Configure authentication with the HTPasswd identity provider and assign roles to users and groups.

4. Network Security

Protect network traffic between applications inside and outside the cluster.

5. Expose non-HTTP/SNI Applications

Expose applications to external access without using an Ingress controller.

6. Enable Developer Self-Service

Configure clusters for safe self-service by developers from multiple teams and disallow self-service if projects have to be provisioned by the operations staff.

7. Manage Kubernetes Operators

Install and update Operators that are managed by the Operator Lifecycle Manager and by the Cluster Version Operator.

8. Application Security

Run applications that require elevated or special privileges from the host Operating System or Kubernetes.

9. OpenShift Updates

Update an OpenShift cluster and minimize disruption to deployed applications.