RedHat Red Hat Certified Specialist in OpenShift Automation and Integration - EX380 FREE EXAM DUMPS QUESTIONS & ANSWERS
Configure RBAC roles with users and groups
Task Information : Grant edit to group dev-team in namespace payments, and grant view to user auditor1.
Task Information : Grant edit to group dev-team in namespace payments, and grant view to user auditor1.
Correct Answer:
See the solution below in Explanation:
Explanation:
* Create (or switch to) the project
* oc new-project payments
* Namespace must exist before applying rolebindings.
* Grant edit to the group
* oc -n payments policy add-role-to-group edit dev-team
* Members of dev-team can modify most resources in payments.
* Grant view to a user
* oc -n payments policy add-role-to-user view auditor1
* auditor1 can read resources but not change them.
* Verify rolebindings
* oc -n payments get rolebinding
Explanation:
* Create (or switch to) the project
* oc new-project payments
* Namespace must exist before applying rolebindings.
* Grant edit to the group
* oc -n payments policy add-role-to-group edit dev-team
* Members of dev-team can modify most resources in payments.
* Grant view to a user
* oc -n payments policy add-role-to-user view auditor1
* auditor1 can read resources but not change them.
* Verify rolebindings
* oc -n payments get rolebinding
Export and import container images (mirror to internal registry)
Task Information : Pull an image from an external registry, push it into the OpenShift internal registry, and update a deployment to use the mirrored image.
Task Information : Pull an image from an external registry, push it into the OpenShift internal registry, and update a deployment to use the mirrored image.
Correct Answer:
See the solution below in Explanation:
Explanation:
* Log in to OpenShift internal registry
* oc registry login
* Allows podman to push to the internal registry.
* Pull external image
* podman pull docker.io/library/nginx:1.25
* Gets the image locally.
* Tag for internal registry destination
* podman tag nginx:1.25 image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Uses the cluster service DNS name (works inside cluster network).
* Push to internal registry
* podman push image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Update deployment to use internal image
* oc -n orders set image deploy/web web=image-registry.openshift-image-registry.svc:5000/orders/nginx:
1.25
* Verify rollout
* oc -n orders rollout status deploy/web
* oc -n orders get pods -o wide
Explanation:
* Log in to OpenShift internal registry
* oc registry login
* Allows podman to push to the internal registry.
* Pull external image
* podman pull docker.io/library/nginx:1.25
* Gets the image locally.
* Tag for internal registry destination
* podman tag nginx:1.25 image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Uses the cluster service DNS name (works inside cluster network).
* Push to internal registry
* podman push image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Update deployment to use internal image
* oc -n orders set image deploy/web web=image-registry.openshift-image-registry.svc:5000/orders/nginx:
1.25
* Verify rollout
* oc -n orders rollout status deploy/web
* oc -n orders get pods -o wide
Logging Configuration - Configure ClusterLogging in Web Console
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Log in to the OpenShift web console.
This Task is explicitly defined as a GUI workflow.
Step 2: Navigate to Operators .
Installed logging components are managed through the operator framework.
Step 3: Open Installed Operators .
This lists operators already deployed in the cluster.
Step 4: Select Red Hat OpenShift Logging .
This operator manages the cluster logging stack and its custom resources.
Step 5: Open the ClusterLogging instance.
The Task SIMULATION refers to editing the existing ClusterLogging custom resource.
Step 6: Switch to YAML View .
This allows direct editing of the logging custom resource specification.
Step 7: Edit the collection type and set it to vector.
This changes the log collector implementation.
Step 8: Click Save .
The operator will reconcile the resource and apply the updated collector configuration.
Detailed explanation:
The ClusterLogging custom resource controls the logging stack behavior in OpenShift. Changing the collection type to vector updates which collector technology is used for gathering node and container logs. In operator-managed platforms, direct YAML edits to the custom resource are the preferred method for changing managed behavior because the operator then applies and maintains the desired state. This Task tests both navigation skills in the web console and knowledge of where logging behavior is configured. Saving the resource triggers reconciliation, which is a core OpenShift operator pattern: the declared configuration is read and enforced by the operator rather than by manual per-pod changes.
Explanation:
Step 1: Log in to the OpenShift web console.
This Task is explicitly defined as a GUI workflow.
Step 2: Navigate to Operators .
Installed logging components are managed through the operator framework.
Step 3: Open Installed Operators .
This lists operators already deployed in the cluster.
Step 4: Select Red Hat OpenShift Logging .
This operator manages the cluster logging stack and its custom resources.
Step 5: Open the ClusterLogging instance.
The Task SIMULATION refers to editing the existing ClusterLogging custom resource.
Step 6: Switch to YAML View .
This allows direct editing of the logging custom resource specification.
Step 7: Edit the collection type and set it to vector.
This changes the log collector implementation.
Step 8: Click Save .
The operator will reconcile the resource and apply the updated collector configuration.
Detailed explanation:
The ClusterLogging custom resource controls the logging stack behavior in OpenShift. Changing the collection type to vector updates which collector technology is used for gathering node and container logs. In operator-managed platforms, direct YAML edits to the custom resource are the preferred method for changing managed behavior because the operator then applies and maintains the desired state. This Task tests both navigation skills in the web console and knowledge of where logging behavior is configured. Saving the resource triggers reconciliation, which is a core OpenShift operator pattern: the declared configuration is read and enforced by the operator rather than by manual per-pod changes.
Configure project-wide default tolerations
Task Information : Configure the payments namespace so new pods automatically include a default toleration.
Task Information : Configure the payments namespace so new pods automatically include a default toleration.
Correct Answer:
See the solution below in Explanation:
Explanation:
* Annotate the namespace with default tolerations
* oc annotate ns payments \
* scheduler.alpha.kubernetes.io/defaultTolerations='[{"key":"dedicated","operator":"Equal","value":" payments","effect":"NoSchedule"}]' \
* --overwrite
* Some clusters honor this pattern; if not, the fallback is mutating admission or editing workloads.
* Create a new pod/deployment in the namespace
* Then verify its spec includes tolerations:
* oc -n payments get pod < pod > -o yaml | grep -n tolerations -A5
Explanation:
* Annotate the namespace with default tolerations
* oc annotate ns payments \
* scheduler.alpha.kubernetes.io/defaultTolerations='[{"key":"dedicated","operator":"Equal","value":" payments","effect":"NoSchedule"}]' \
* --overwrite
* Some clusters honor this pattern; if not, the fallback is mutating admission or editing workloads.
* Create a new pod/deployment in the namespace
* Then verify its spec includes tolerations:
* oc -n payments get pod < pod > -o yaml | grep -n tolerations -A5
Kubeconfig Management - Use Context
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Make sure the context already exists in the kubeconfig file.
This follows the context creation Task SIMULATION .
Step 2: Run the command:
oc config use-context audit --kubeconfig audit.config
Step 3: Confirm the active context switches successfully.
The lab output shows:
Switched to context "audit".
Detailed explanation:
This command activates the audit context inside the specified kubeconfig file. Once selected, subsequent oc commands using that kubeconfig will default to the cluster, user, and namespace associated with that context.
This is operationally important because many administration mistakes come from running commands against the wrong cluster or project. Using explicit context switching reduces that risk and makes the kubeconfig usable for the intended audit workflow. In exams and real environments alike, the context is what turns separate kubeconfig elements into a working session configuration. Without switching to the correct context, even a well-formed kubeconfig may not be used as expected.
Explanation:
Step 1: Make sure the context already exists in the kubeconfig file.
This follows the context creation Task SIMULATION .
Step 2: Run the command:
oc config use-context audit --kubeconfig audit.config
Step 3: Confirm the active context switches successfully.
The lab output shows:
Switched to context "audit".
Detailed explanation:
This command activates the audit context inside the specified kubeconfig file. Once selected, subsequent oc commands using that kubeconfig will default to the cluster, user, and namespace associated with that context.
This is operationally important because many administration mistakes come from running commands against the wrong cluster or project. Using explicit context switching reduces that risk and makes the kubeconfig usable for the intended audit workflow. In exams and real environments alike, the context is what turns separate kubeconfig elements into a working session configuration. Without switching to the correct context, even a well-formed kubeconfig may not be used as expected.