Skip to content

Openshift

← Back to all decks

49 cards — 🟢 8 easy | 🟡 18 medium | 🔴 8 hard

🟢 Easy (8)

1. How to check what is the current context?

Show answer `oc whoami --show-context`

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Example: `oc whoami` shows the current user. `oc project` shows the current project. `oc config view` shows the full kubeconfig.

2. What is Random Seek Time?

Show answer The time it takes for a disk to reach the place where the data is located and read a single block/sector.

Bones question: What is the random seek time in SSD and Magnetic Disk?
Answer: Magnetic is about 10ms and SSD is somewhere between 0.08 and 0.16ms

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Number anchor: HDD random seek ~10ms, SSD random seek ~0.1ms. This 100x difference explains why databases on SSD are dramatically faster.

3. What is a route in networking and how does routing work?

Show answer A route is exposing a service by giving it hostname which is externally reachable

Remember: Route = OpenShift's Ingress. Predates K8s Ingress, more TLS options.

4. How to create a MySQL application using an image from Docker Hub?

Show answer `oc new-app mysql`

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

5. What is a storage device? What storage devices are there?

Show answer * Hard Disks
* SSD
* USB
* Magnetic Tape

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Under the hood: In OpenShift/Kubernetes, storage is abstracted via PersistentVolumes (PV) and PersistentVolumeClaims (PVC). The underlying device type is hidden from the application.

6. What is OpenShift Federation?

Show answer Management and deployment of services and workloads across multiple independent clusters from a single API

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Under the hood: Red Hat Advanced Cluster Management (RHACM) replaced the earlier OpenShift Federation approach with a more mature multi-cluster management plane.

7. What is a project in OpenShift?

Show answer A project in OpenShift is a Kubernetes namespace with annotations.
In simpler words, think about it as an isolated environment for users to manage and organize their resources (like Pods, Deployments, Service, etc.).

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Under the hood: A Project is a Namespace with additional annotations for display name, description, and admin user. `oc new-project` creates these automatically.

8. How to list all projects? What the "STATUS" column means in projects list output?

Show answer `oc get projects` will list all projects. The "STATUS" column can be used to see which projects are currently active.

Remember: Project = Namespace + metadata. `oc new-project` creates with defaults.

Example: STATUS=Active means the project is functional. STATUS=Terminating means `oc delete project` was called and cleanup is in progress.

🟡 Medium (18)

1. What Route is consists of?

Show answer - name
- service selector
- (optional) security configuration

Remember: Route = OpenShift's Ingress. Predates K8s Ingress, more TLS options.

Under the hood: OpenShift Routes predate Kubernetes Ingress. Routes support edge, re-encrypt, and passthrough TLS termination modes.

Example: `oc expose svc/myapp --hostname=myapp.example.com` creates a Route from a Service.

2. What are "Security Context Constraints"?

Show answer From [OpenShift Docs](https://docs.openshift.com/container-platform/4.7/authentication/managing-security-context-constraints.html): "Similar to the way that RBAC resources control user access, administrators can use security context constraints (SCCs) to control permissions for pods".

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Under the hood: SCCs are more powerful than K8s PodSecurityPolicies (now deprecated) or PodSecurityStandards. They control SELinux, capabilities, volumes, and UID ranges.

3. What would be the best way to run and manage multiple OpenShift environments?

Show answer Federation (or Red Hat Advanced Cluster Management). It provides a single control plane to deploy, manage, and enforce policies across multiple OpenShift clusters from one dashboard.

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Example: RHACM provides a single dashboard for cluster lifecycle, policy enforcement, and application deployment across hybrid/multi-cloud OpenShift clusters.

4. What types of nodes OpenShift has?

Show answer - Workers: Where the end-user applications are running
- Masters: Responsible for managing the cluster

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Under the hood: OpenShift 4.x also has infrastructure nodes for routers, monitoring, and registry to keep worker nodes focused on application workloads.

5. Which component responsible for determining pod placement?

Show answer The Scheduler — the OpenShift/Kubernetes component that watches for newly created Pods with no assigned node, then selects the best node based on resource requests, affinity/anti-affinity rules, taints, tolerations, and topology constraints.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

6. You have a new team member and you would like to assign to him the "admin" role on your project in OpenShift. How to achieve that?

Show answer `oc adm policy add-role-to-user admin -n ` grants the admin role on a specific project. Common roles: admin (full control), edit (create/modify resources), view (read-only). In OpenShift, a Project is a Namespace with additional metadata and default policies. Use `oc get rolebindings -n ` to verify the assignment.

7. How to find out on which node a certain pod is running?

Show answer `oc get po -o wide`

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Example: `oc get po -o wide` shows NODE, IP, and STATUS columns. For detailed placement info: `oc describe pod | grep Node:`.

8. True or False? Router container can run only on the Master node

Show answer False. It can run on any node.

Remember: Route = OpenShift's Ingress. Predates K8s Ingress, more TLS options.

Under the hood: The OpenShift router uses HAProxy by default. It runs as a DaemonSet on designated infrastructure nodes.

9. How to add the ability for the user user1 to view the project wonderland assuming you are authorized to do so

Show answer `oc adm policy add-role-to-user view user1 -n wonderland` grants read-only access to the wonderland project. The 'view' role allows listing and getting resources but not creating, modifying, or deleting them. To revoke: `oc adm policy remove-role-from-user view user1 -n wonderland`. Always follow least-privilege — start with 'view' and escalate only when needed.

10. OpenShift supports many resources. How to get a list of all these resources?

Show answer `oc api-resources`

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

11. What are some of OpenShift added features on top of Kubernetes?

Show answer - UI: OpenShift provides unified UI out-of-the-box
- Routes: Simple procedure for exposing services
- Developer Workflow Support: built-in CI/CD (openshift pipelines), built-in container registry and tooling for building artifacts from source to container images

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

12. What are some of the event sources you can use with OpenShift Serverless?

Show answer * Kafka
* Kubernetes APIs
* AWS Kinesis
* AWS SQS
* JIRA
* Slack

More are supported and provided with OpenShift.

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Under the hood: OpenShift Serverless is built on Knative Serving (scale-to-zero) and Knative Eventing (event-driven). It\'s the Kubernetes-native alternative to AWS Lambda.

Under the hood: Event sources implement the CloudEvents specification, providing a standardized envelope for events regardless of the source system.

13. What is OpenShift Serverless?

Show answer - In general 'serverless' is a cloud computing model where scaling and provisioning is taken care for application developers, so they can focus on the development aspect rather infrastructure related tasks
- OpenShift Serverless allows you to dynamically scale your applications and provides the ability to build event-driven applications, whether the sources are on Kubernetes, the cloud or on-premise solutions
- OpenShift Serverless is based on the Knative project.

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

14. True or False? To run containers on OpenShift, you have to own root privileges

Show answer False. OpenShift supports rootless containers by default.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

15. What else the scheduler responsible for except pod placement?

Show answer Application high availability by spreading pod replicas between worker nodes

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Under the hood: Pod topology spread constraints and pod anti-affinity rules ensure replicas are distributed across failure domains (nodes, zones, racks).

16. True or False? OpenShift is a IaaS (infrastructure as a service) solution

Show answer False. OpenShift is a PaaS (platform as a service) solution.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Remember: "IaaS = raw compute (EC2, VMs). PaaS = platform (OpenShift, Heroku). SaaS = application (Gmail, Slack)." OpenShift abstracts infrastructure.

17. What is OpenShift and how does it extend Kubernetes?

Show answer OpenShift is a container orchestration platform based on Kubernetes.
It can be used for deploying applications while having minimal management overhead.

Remember: OpenShift = Red Hat K8s + CI/CD + console + registry + OAuth + SCC.

Fun fact: `oc` CLI = kubectl superset. Every kubectl cmd works, plus `oc new-app`.

Fun fact: OpenShift 4.x runs on CoreOS (RHCOS) immutable nodes managed by the Machine Config Operator — the OS itself is managed as code.

18. What is Replication Controller?

Show answer Replication Controller responsible for ensuring the specified number of pods is running at all times.
If more pods are running than needed -> it deletes some of them
If not enough pods are running -> it creates more

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Gotcha: ReplicationControllers are legacy — use Deployments (which create ReplicaSets) instead. Deployments support rolling updates and rollbacks.

🔴 Hard (8)

1. Explain OpenShift CLIs like oc and odo

Show answer oc is used for creating applications, but also for administrating OpenShift cluster
odo is used solely for managing applications on OpenShift (mainly from developers' perspective) and has nothing to do with administrating the cluster

Remember: `oc` extras: new-app, new-project, login, adm. kubectl superset.

Remember: "oc = admin + developer, odo = developer only." odo abstracts Kubernetes complexity for developers who just want to deploy code.

2. Given an example of how a router is used

Show answer 1. Client is using an address of application running on OpenShift
2. DNS resolves to host running the router
3. Router checks whether route exists
4. Router proxies the request to the internal pod

Remember: Route = OpenShift's Ingress. Predates K8s Ingress, more TLS options.

Under the hood: The OpenShift router performs L7 routing. It reads the Host header (HTTP) or SNI (TLS) to select the correct backend Service.

3. Explain Services and their benefits

Show answer - Services in OpenShift define access policy to one or more set of pods.
- They are connecting applications together by enabling communication between them
- They provide permanent internal IP addresses and hostnames for applications
- They are able to provide basic internal load balancing

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Under the hood: OpenShift Services use kube-proxy (iptables or IPVS mode) to load-balance traffic to pods matching the label selector.

4. What happens when a pod fails or exit due to container crash

Show answer Master node automatically restarts the pod unless it fails too often.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Under the hood: The kubelet\'s restartPolicy controls behavior: Always (default for Deployments), OnFailure (for Jobs), Never (for debugging).

5. What happens when a pod fails too often?

Show answer It's marked as bad by the master node and temporary not restarted anymore.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

Under the hood: This is CrashLoopBackOff — Kubernetes exponentially backs off restart attempts (10s, 20s, 40s... up to 5 min). Check logs with `oc logs --previous`.

6. Explain the following in regards to Federation:

Show answer * Multi Cluster - Multiple clusters deployed independently, not being aware of each other
* Federated Cluster - Multiple clusters managed by the OpenShift Federation Control Plane
* Host Cluster - The cluster that runs the Federation Control Plane
* Member Cluster - Cluster that is part of the Federated Cluster and connected to Federation Control Plane

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

7. How OpenShift is related to Kubernetes?

Show answer OpenShift is build on top of Kubernetes while defining its own custom resources in addition to the built-in resources.

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc new-app python~https://github.com/user/repo` — S2I from source.

8. Explain labels. What are they? When do you use them?

Show answer - Labels are used to group or select API objects
- They are simple key-value pairs and can be included in metadata of some objects
- A common use case: group pods, services, deployments, ... all related to a certain application

Remember: OpenShift = K8s + Routes, SCCs, S2I, OperatorHub, built-in CI/CD.

Gotcha: `restricted` SCC blocks root by default — common gotcha for Docker Hub images.

Example: `oc get pods -l app=myapp,tier=frontend` selects pods with both labels. Labels are how Services find their target pods.