EX432 Red Hat Certified Specialist in OpenShift Advanced Cluster Management Questions and Answers

Create a Channel (Git) and Subscription referencing it (example pattern).

In exams, you’re usually given a repo URL and target namespace.

Ensure there is a placement rule/placement selecting clusters.

Apply manifests:

oc apply -f channel.yaml

oc apply -f subscription.yaml

Verify resources:

oc get channels.apps.open-cluster-management.io -A

oc get subscriptions.apps.open-cluster-management.io -A

oc get application.app.k8s.io -A

Why this matters:

Multi-cluster application lifecycle is part of ACM operations, and EX480 explicitly covers managing multi-cluster environments with ACM.

Identify the managed cluster:

oc get managedcluster

If required in your environment, remove dependent placements/policies/apps targeting it (exam often expects you to check “why deletion stuck”).

Delete managed cluster:

oc delete managedcluster cluster-dev

Watch finalizers and cleanup:

oc get managedcluster cluster-dev -o yaml | grep finalizers -n

Why this matters:

Proper lifecycle operations (import/manage/detach) is core EX432/EX480 scope.

Web Console → Operators → OperatorHub

Search for multicluster engine (or Multicluster Engine Operator ).

Install the operator into its recommended namespace (commonly multicluster-engine).

Create the MultiClusterEngine custom resource (CLI method shown below):

cat < < 'EOF' | oc apply -f -

apiVersion: multicluster.openshift.io/v1

kind: MultiClusterEngine

metadata:

name: multiclusterengine

spec: {}

EOF

Verify the engine reconciles:

oc get multiclusterengine

oc get pods -n multicluster-engine

Why this matters:

ACM can use the multicluster engine operator for cluster lifecycle functions; Red Hat documents cluster lifecycle with multicluster engine as a core capability.

Create a ConfigurationPolicy using mustnothave complianceType (common policy pattern).

Bind to placement.

Confirm noncompliance if the namespace exists; enforce removes it if remediation is enforce.

In the hub cluster Web Console, go to Infrastructure → Clusters (ACM console navigation).

Click Import cluster .

Provide a name (the UI may request details like distribution/credentials depending on flow).

The wizard will provide a command to run on the managed cluster you want to import.

Copy that import command.

Log into the managed cluster (spoke) using oc and run the copied command.

Back on the hub, wait until the cluster status becomes Ready / Managed .

Why these steps matter:

Import registers the managed cluster, installs the klusterlet/agent components, and enables policy/app placement management.

On hub, generate join command/token (varies by environment):

clusteradm get token

On managed cluster, run the join/import command.

Validate managed cluster appears and is Ready. Why this matters: CLI-based import is a practical alternative to console import and fits real exam workflows.

Grant the ClusterSet role (admin on production).

Log in as user-a and attempt:

list clusters in production vs development

create policies in a namespace bound to production

Confirm authorization errors when accessing development resources.

(ClusterSet RBAC is explicitly part of cluster set management and access scope.)

Ensure ACM hub components are installed and healthy.

In ACM console, open Search and query for:

a namespace name

a specific deployment

Validate results show cluster origin and resource details.

Why this matters:

Search is a core ACM operational workflow for multi-cluster visibility.

On hub: inspect managed cluster conditions for certificate issues.

Check pending CSRs (if applicable in your lab):

oc get csr

Approve relevant CSRs and verify managed cluster returns Ready. Why this matters: Certificate-driven trust is core to “secure clusters” operations in ACM.

Ensure namespace has the correct ManagedClusterSetBinding.

Create placement in that namespace; only clusters visible via bound ClusterSet can be selected.

Verify placementdecision includes only clusters from that set.

This ties together ClusterSets (grouping) and Placement (selection).