Q1: What is Docker, and how does it differ from traditional virtualization?

Answer:

• Docker is a platform for developing, shipping, and running applications in containers.

• Unlike traditional virtualization (e.g., VMs), Docker containers share the host OS kernel,
making them lightweight, fast, and efficient. Containers isolate applications and their
dependencies but do not require a full OS for each application.

Installing Docker on Ubuntu

Q2: How do you install Docker on Ubuntu?

Answer:

Update the package index:

sudo apt-get update
Install dependencies:
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o
/usr/share/keyrings/docker-archive-keyring.gpg
Add the Docker repository:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-
archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install Docker:
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
Verify the installation:
sudo docker --version

Q3: How do you install Docker on CentOS?

Answer:

Install required packages:

sudo yum install -y yum-utils

Add the Docker repository:

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-
ce.repo

Install Docker:

sudo yum install docker-ce docker-ce-cli containerd.io

Start and enable Docker:

sudo systemctl start docker
sudo systemctl enable docker
Verify the installation:
sudo docker --version

Q4: How do you start a Docker host in the cloud using AWS?

Answer:

Launch an EC2 instance with an Amazon Linux 2 AMI.

SSH into the instance:
ssh -i <key.pem> ec2-user@<public-ip>
Install Docker:
 sudo yum update -y
sudo amazon-linux-extras install docker
sudo service docker start
sudo usermod -a -G docker ec2-user
Verify Docker is running:
docker --version

Q5: How do you run the "Hello World" container in Docker?

Answer:
Run the following command:

docker run hello-world

• This command pulls the hello-world image from Docker Hub (if not already available) and
runs it in a container.
• The container prints a "Hello from Docker!" message and exits.

Docker Container in Detached Mode

Q6: How do you run a Docker container in detached mode?

Answer:
Use the -d flag to run a container in detached mode:

docker run -d nginx

• This starts an Nginx container in the background.
• You can check the running containers using:

docker ps

7. Creating, Starting, Stopping, and Removing Containers

Q7: How do you create, start, stop, and remove a Docker container?

Answer:

Create a container (without starting it):

docker create --name my-container nginx
Start the container:
docker start my-container
Stop the container:
docker stop my-container
Remove the container:
docker rm my-container

8. Building a Docker Image with a Dockerfile

Q8: How do you build a Docker image using a Dockerfile?

Answer:

Create a Dockerfile:
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y nginx
CMD ["nginx", "-g", "daemon off;"]
Build the image:
docker build -t my-nginx-image .
Run a container from the image:
 docker run -d --name my-nginx-container my-nginx-image

9. Sharing Data in Your Docker Host with Containers

Q9: How do you share data between the Docker host and a container?

Answer:
Use bind mounts or volumes to share data:

Bind Mount:
docker run -v /host/path:/container/path nginx
• This mounts the host directory /host/path to the container
directory /container/path.
Docker Volume:
docker volume create my-volume
docker run -v my-volume:/container/path nginx
• This creates a Docker volume and mounts it to the container.

10. Additional Questions

Q10: What is the difference between docker run and docker start?

Answer:

• docker run: Creates and starts a new container from an image.

• docker start: Starts an existing stopped container.

Q11: How do you view logs of a running container?

Answer:
Use the docker logs command:

docker logs <container-id>

Q12: How do you remove all stopped containers?

Answer:
Use the following command:

docker container prune

Q13: How do you list all Docker images on your system?

Answer:
Use the following command:

docker images

Q14: How do you remove a Docker image?

Answer:
Use the following command:

docker rmi <image-id>

 Kubernetes

1. Introduction to Kubernetes Architecture

Q1: What are the main components of Kubernetes architecture?

Answer:
Kubernetes architecture consists of the following components:

Control Plane (Master Node):

• API Server: Exposes the Kubernetes API.
• etcd: Distributed key-value store for cluster data.
• Scheduler: Assigns workloads to nodes.
• Controller Manager: Manages controllers like Node Controller, Replication
Controller, etc.
2. Worker Nodes:
• Kubelet: Ensures containers are running in pods.
• Kube Proxy: Manages network rules and load balancing.
• Container Runtime: Runs containers (e.g., Docker, containerd).

Kubernetes Objects

Q2: What are Kubernetes objects, and name a few examples?

Answer:
Kubernetes objects are persistent entities used to represent the state of the cluster.
Examples include:

• Pods: Smallest deployable units in Kubernetes.

• Services: Expose pods to the network.
• Deployments: Manage declarative updates for pods.
• ConfigMaps: Store configuration data.
• Secrets: Store sensitive data.

3. Kubernetes API Primitives

Q3: What are Kubernetes API primitives?

Answer:
Kubernetes API primitives are the building blocks for defining Kubernetes objects.
Examples include:

• Pods
• Services
• Deployments
• ReplicaSets
• Namespaces

4. Creating a Multi-Node Kubernetes Cluster

Q4: How do you create a multi-node Kubernetes cluster using kubeadm?

Answer:

1. Initialize the master node:

sudo kubeadm init --pod-network-cidr=10.244.0.0/16
2. Set up kubectl on the master node:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config
3. Join worker nodes to the cluster:
• Run the kubeadm join command provided during kubeadm init on each worker
node:
kubeadm join <master-ip>:<port> --token <token> --discovery-token-ca-cert-
hash <hash>
4. Deploy a network plugin (e.g., Calico):
5. kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml

5. Starting Containers on a Kubernetes Cluster with Pods

Q5: How do you create a Pod in Kubernetes?

Answer:

1. Create a YAML file (pod.yaml):

apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: nginx
image: nginx
2. Apply the YAML file:

kubectl apply -f pod.yaml

Verify the Pod:
kubectl get pods

6. Using a Replication Controller to Manage the Number of Replicas of a Pod

Q6: How do you create a ReplicationController in Kubernetes?

Answer:

Create a YAML file (rc.yaml):

apiVersion: v1
kind: ReplicationController
metadata:
name: my-rc
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
Apply the YAML file:
kubectl apply -f rc.yaml
Verify the ReplicationController:
kubectl get rc
 7. Running Multiple Containers in a Pod

Q7: How do you run multiple containers in a single Pod?

Answer:

1. Create a YAML file (multi-container-pod.yaml):

apiVersion: v1
kind: Pod
metadata:
name: multi-container-pod
spec:
containers:
- name: nginx
image: nginx
- name: busybox
image: busybox
command: ["sleep", "3600"]
2. Apply the YAML file:
kubectl apply -f multi-container-pod.yaml
3. Verify the Pod:
kubectl get pods

8. Validating Nodes & the Cluster

Q8: How do you validate nodes and the cluster in Kubernetes?

Answer:

1. Check node status:

kubectl get nodes
2. Describe a node for detailed information:

kubectl describe node <node-name>

3. Check cluster health:

kubectl get componentstatuses

9. Running the Kubernetes Dashboard

Q9: How do you deploy and access the Kubernetes Dashboard?

Answer:

1. Deploy the Dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/

deploy/recommended.yaml
2. Create a service account and cluster role binding:

apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Apply the YAML file:

kubectl apply -f dashboard-admin.yaml

3. Access the Dashboard:
• Start a proxy:

kubectl proxy
• Access the Dashboard at:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/
https:kubernetes-dashboard:/proxy/
4. Get the token for authentication:

kubectl -n kubernetes-dashboard create token admin-user

1. How OpenShift, Kubernetes, and Docker Work Together

Q1: How do OpenShift, Kubernetes, and Docker work together?

Answer:

• Docker: Provides the container runtime to build, package, and run applications in
containers.
• Kubernetes: Manages containerized applications across a cluster of nodes, handling
scheduling, scaling, and self-healing.
• OpenShift: Built on top of Kubernetes, OpenShift adds developer and operational tools,
such as:
• Built-in CI/CD pipelines.
• Enhanced security features (e.g., SELinux, RBAC).
• Developer-friendly interfaces (CLI, Web Console).
• Integrated container registry and image builds.
Relationship:

• Docker creates containers.

• Kubernetes orchestrates containers.
• OpenShift enhances Kubernetes with additional features and tools.

2. Accessing Your Cluster and Logging In

Q2: How do you access an OpenShift cluster and log in?

Answer:

1. Install the OpenShift CLI (oc).

2. Log in to the cluster using the oc login command:

oc login -u <username> -p <password> <cluster-url>

Example:

oc login -u admin -p password https://api.openshift.example.com:6443

3. Verify your login:
oc whoami

3. Creating Projects and Deploying Applications

Q3: How do you create a project and deploy an application in OpenShift?

Answer:

1. Create a Project:

oc new-project my-project
2. Deploy an Application:
• rom an existing image

oc new-app quay.io/redhattraining/hello-world-nginx
• From source code (e.g., GitHub):
oc new-app https://github.com/openshift/nodejs-ex.git
3. Verifyhe deployment:

oc get pods
oc get svc

4. Accessing Your Application by Creating Routes

Q4: How do you expose an application using a Route in OpenShift?

Answer:

1. Create a Route for your service:

2. oc expose svc <service-name>

Example:
oc expose svc hello-world-nginx
3. Verify the Route:

oc get routes
4. Access the application using the Route's hostname:

http://<route-hostname>

5. Investigating Application Components

Q5: How do you investigate application components in OpenShift?

Answer:

1. List Pods:

oc get pods
2. Describe a Pod:
oc describe pod <pod-name>
3. View Logs:

oc logs <pod-name>
4. List Services:

oc get svc
5. List Routes:

oc get routes
6. List Deployments:

oc get deployments

6. Comparing Command-Line and Web Workflows

Q6: What are the differences between command-line and web workflows in OpenShift?

Answer:

Aspect Command-Line (CLI) Web Console

Ease of Use Requires familiarity with commands. User-friendly, graphical interface.
Speed Faster for experienced users. Slower for complex tasks.
Automation Easily scriptable and automatable. Limited automation capabilities.
Accessibility Requires CLI access. Accessible via a web browser.
Detailed Information Provides detailed output for debugging. Provides a high-level overview.
Example: Creating a Project

• CLI:

oc new-project my-project
• Web Console:
1. Navigate to the Projects page.
2. Click Create Project.
3. Enter the project name and click Create.

Q7: How do you scale an application in OpenShift?

Answer:

1. Scale a deployment using the CLI:

oc scale deployment <deployment-name> --replicas=3

2. Scale using the Web Console:
• Navigate to the Deployments page.
• Click the up/down arrows to adjust the number of replicas.

Q8: How do you delete a project in OpenShift?

Answer:

1. Using the CLI:

oc delete project <project-name>

2. Using the Web Console:
• Navigate to the Projects page.
• Click the Actions menu next to the project and select Delete Project.

Q9: How do you build an application from source code in OpenShift?

Answer:

1. Using the CLI:

oc new-app https://github.com/openshift/nodejs-ex.git
2. Using the Web Console:
• Navigate to the Developer perspective.
• Select From Git and provide the Git repository URL.

Q10: How do you troubleshoot a failing application in OpenShift?

Answer:

1. Check Pod logs:

oc logs <pod-name>
2. Describe the Pod for details:

oc describe pod <pod-name>

3. Check events in the namespace:

oc get events
4. Verify resource limits and requests:

oc describe pod <pod-name> | grep -i resources

1. Testing Application Resiliency

Q1: How do you test the resiliency of an application in Kubernetes/OpenShift?

Answer:

1. Simulate Pod Failure:

• Delete a Pod and check if it is recreated:

kubectl delete pod <pod-name>

• Verify the Pod is recreated:

• kubectl get pods

2. Simulate Node Failure:
• Drain a node to evict all Pods:

kubectl drain <node-name> --ignore-daemonsets --delete-local-data

• Verify Pods are rescheduled on other nodes:

kubectl get pods -o wide

3. Use Chaos Engineering Tools:
• Tools like LitmusChaos or Chaos Mesh can be used to inject failures and test
resiliency.

2. Working with Labels and Selectors

Q2: How do you use labels and selectors in Kubernetes/OpenShift?

Answer:

1. Add Labels to Resources:

• Add a label to a Pod:

kubectl label pod <pod-name> app=my-app

 • Add a label to a Node:

kubectl label node <node-name> environment=production

2. Use Selectors to Filter Resources:
• List Pods with a specific label:

kubectl get pods -l app=my-app

• List Nodes with a specific label:

kubectl get nodes -l environment=production

3. Use Selectors in Deployments/Services:
• In a Deployment YAML:

selector:
matchLabels:
app: my-app
• In a Service YAML:

selector:
app: my-app

3. Scaling Applications

Q3: How do you scale applications in Kubernetes/OpenShift?

Answer:

1. Manual Scaling:
• Scale a Deployment using the CLI:

kubectl scale deployment <deployment-name> --replicas=3

• Scale using the OpenShift Web Console:
• Navigate to the Deployments page.
• Adjust the number of replicas.
2. Horizontal Pod Autoscaler (HPA):
• Create an HPA to automatically scale based on CPU or memory usage:

kubectl autoscale deployment <deployment-name> --min=2 --max=5 --cpu-

percent=80
• Verify the HPA:

kubectl get hpa

4. Tracking Application Health and Status

Q4: How do you track the health and status of an application in Kubernetes/OpenShift?

Answer:

1. Check Pod Status:

kubectl get pods

• Look for the STATUS column to see if Pods are Running, Pending, or Error.
2. Describe a Pod:

kubectl describe pod <pod-name>

• Check the Events section for errors or warnings.
3. Check Pod Logs:

kubectl logs <pod-name>

4. Liveness and Readiness Probes:
• Define probes in the Pod YAML:

livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
5. Check Cluster Events:

kubectl get events --sort-by=.metadata.creationTimestamp

6. Check Resource Usage:

kubectl top pods

kubectl top nodes

Q5: How do you update an application in Kubernetes/OpenShift?

Answer:

1. Rolling Update:
• Update the image of a Deployment:

kubectl set image deployment/<deployment-name> <container-name>=<new-

image>
• Verify the update:

kubectl rollout status deployment/<deployment-name>

2. Rollback an Update:
• Rollback to a previous revision:

kubectl rollout undo deployment/<deployment-name>

Q6: How do you monitor application performance in Kubernetes/OpenShift?

Answer:

1. Use Prometheus and Grafana for monitoring.

2. Use the kubectl top command to view resource usage:

kubectl top pods

kubectl top nodes
 Q7: How do you configure resource limits for an application?

Answer:

1. Define resource limits in the Pod YAML:

resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
2. Apply the YAML file:

kubectl apply -f pod.yaml

Q8: How do you troubleshoot a failing Pod?

Answer:

1. Check Pod logs:

kubectl logs <pod-name>
2. Describe the Pod for details:

kubectl describe pod <pod-name>

3. Check events in the namespace:

kubectl get events

1. Using Container Metrics

Q1: How do you use container metrics for autoscaling in Kubernetes/OpenShift?

Answer:

• Kubernetes uses metrics (e.g., CPU, memory) to determine when to scale applications.
• Metrics are collected by the Metrics Server, which is required for autoscaling.
• To enable metrics:
1. Deploy the Metrics Server:

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/

download/components.yaml
2. Verify the Metrics Server is running:

kubectl get deployment metrics-server -n kube-system

2. Creating Horizontal Pod Autoscaler (HPA)

Q2: How do you create a Horizontal Pod Autoscaler (HPA) in Kubernetes/OpenShift?

Answer:

1. Create an HPA:
• Use the kubectl autoscale command:

kubectl autoscale deployment <deployment-name> --min=2 --max=5 --cpu-

percent=80
• Example:

kubectl autoscale deployment my-app --min=2 --max=5 --cpu-percent=80

2. Verify the HPA:

kubectl get hpa

3. Describe the HPA:

kubectl describe hpa <hpa-name>

4. HPA YAML Example:

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: my-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80

3. Setting Resource Requests and Limits

Q3: How do you set resource requests and limits for a container?

Answer:

1. Define resource requests and limits in the Pod YAML:

resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
2. Apply the YAML file:

kubectl apply -f pod.yaml

3. Verify resource allocation:

kubectl describe pod <pod-name>

4. Load Testing with the Apache HTTP Server Benchmarking Tool

Q4: How do you perform load testing using the Apache HTTP server benchmarking tool
(ab)?

Answer:

1. Install the ab tool:

• On Ubuntu:

sudo apt-get install apache2-utils

 • On CentOS:
sudo yum install httpd-tools
2. Run a load test:

ab -n 1000 -c 100 http://<application-url>/

• -n 1000: Total number of requests.
• -c 100: Number of concurrent requests.

3. Analyze the results:

• Look for metrics like:
• Requests per second.
• Time per request.
• Percentage of failed requests.
4. Example Output
Requests per second: 200.00 [#/sec] (mean)
Time per request: 5.000 [ms] (mean)

Q5: How do you scale an application manually in Kubernetes/OpenShift?

Answer:

1. Scale a Deployment using the CLI:

kubectl scale deployment <deployment-name> --replicas=3

2. Scale using the OpenShift Web Console:

• Navigate to the Deployments page.
• Adjust the number of replicas.
Q6: How do you monitor the performance of an HPA?

Answer:

1. Check HPA status:

kubectl get hpa

2. Describe the HPA for detailed metrics:

kubectl describe hpa <hpa-name>

Q7: What happens if resource limits are exceeded?

Answer:

• If a container exceeds its CPU limit, it is throttled.

• If a container exceeds its memory limit, it is terminated (OOMKilled).

Q8: How do you troubleshoot an HPA that is not scaling?

Answer:

Verify the Metrics Server is running:

kubectl get deployment metrics-server -n kube-system

Check HPA events:

kubectl describe hpa <hpa-name>

Verify resource requests and limits are set:

kubectl describe pod <pod-name>

 1. Promoting Images

Q1: How do you promote images across environments in OpenShift?

Answer:

1. Tagging Images:
• Tag an image in the internal registry:

oc tag <source-namespace>/<image-name>:<tag> <target-namespace>/

<image-name>:<tag>
• Example:
oc tag dev/my-app:latest prod/my-app:latest
2. Promoting Images Using CI/CD Pipelines:
• Use tools like Jenkins, Tekton, or ArgoCD to automate image promotion across
environments.

2. Invoking Object Triggers

Q2: How do you use object triggers in OpenShift?

Answer:

1. Image Change Triggers:

• Automatically redeploy an application when a new image is available.
• Example in a DeploymentConfig:

triggers:
- type: ImageChange
imageChangeParams:
automatic: true
from:
kind: ImageStreamTag
name: my-app:latest
containerNames:
- my-app-container
2. Config Change Triggers:
• Automatically redeploy an application when a ConfigMap or Secret changes.
• Example in a DeploymentConfig:

triggers:
- type: ConfigChange

3. Service Discovery

Q3: How does service discovery work in Kubernetes/OpenShift?

Answer:

• Kubernetes uses DNS-based service discovery.

• Each Service is assigned a DNS name in the format:

<service-name>.<namespace>.svc.cluster.local
• Example:
• A Service named my-service in the my-namespace namespace can be accessed
at:

my-service.my-namespace.svc.cluster.local
 4. Protecting Sensitive Data with Secrets

Q4: How do you create and use Secrets in Kubernetes/OpenShift?

Answer:

1. Create a Secret:
• From literal values:

kubectl create secret generic my-secret --from-literal=username=admin --from-

literal=password=secret
• From a file:

kubectl create secret generic my-secret --from-file=./username.txt --from-

file=./password.txt
2. Use a Secret in a Pod:
• Mount the Secret as a volume:

volumes:
- name: secret-volume
secret:
secretName: my-secret
containers:
- name: my-container
volumeMounts:
- name: secret-volume
mountPath: /etc/secret
• Use the Secret as an environment variable:

env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: my-secret
key: username

5. Altering Applications with ConfigMaps

Q5: How do you create and use ConfigMaps in Kubernetes/OpenShift?

Answer:

1. Create a ConfigMap:
• From literal values:
kubectl create configmap my-config --from-literal=log_level=debug

• From a file:

kubectl create configmap my-config --from-file=./config.properties

2. Use a ConfigMap in a Pod:
• Mount the ConfigMap as a volume:

Volumes:
- name: config-volume
configMap:
name: my-config
containers:
- name: my-container
volumeMounts:
- name: config-volume
 mountPath: /etc/config
• Use the ConfigMap as an environment variable:

env:
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: my-config
key: log_level

Q6: How do you update a Secret or ConfigMap?

Answer:

1. Update a Secret:

kubectl create secret generic my-secret --from-literal=username=admin --from-

literal=password=new-secret --dry-run=client -o yaml | kubectl apply -f -
2. Update a ConfigMap:

kubectl create configmap my-config --from-literal=log_level=info --dry-run=client -o yaml

| kubectl apply -f -

Q7: How do you trigger a redeployment when a ConfigMap or Secret changes?

Answer:

1. Use a ConfigChange trigger in a DeploymentConfig:

triggers:
- type: ConfigChange
2. Manually restart Pods:

kubectl rollout restart deployment <deployment-name>

Q8: How do you secure sensitive data in CI/CD pipelines?

Answer:

1. Use Kubernetes Secrets to store sensitive data.

2. Use tools like HashiCorp Vault or Sealed Secrets for additional security.
3. Avoid hardcoding sensitive data in pipeline scripts.

Q9: How do you debug a Pod that fails due to a missing Secret or ConfigMap?

Answer:

1. Check Pod logs:

kubectl logs <pod-name>

2. Describe the Pod for errors:

kubectl describe pod <pod-name>

3. Verify the Secret or ConfigMap exists:

kubectl get secret <secret-name>

kubectl get configmap <configmap-name>
 1. Creating and Managing Persistent Storage

Q1: How do you create and manage persistent storage in Kubernetes/OpenShift?

Answer:

1. Create a PersistentVolume (PV):

• Define a PV in a YAML file:

apiVersion: v1
kind: PersistentVolume
metadata:
name: my-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: 192.168.1.100
path: /exports
• Apply the YAML file:
kubectl apply -f pv.yaml

2. Create a PersistentVolumeClaim (PVC):

• Define a PVC in a YAML file:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
• Apply the YAML file:

kubectl apply -f pvc.yaml

3. Verify PV and PVC:

kubectl get pv
kubectl get pvc

2. Using the system:admin User to Administer Your Cluster

Q2: How do you use the system:admin user to administer your OpenShift cluster?

Answer:

1. Log in as system:admin:

oc login -u system:admin
2. Perform administrative tasks, such as:
• Creating PVs and PVCs.
• Managing nodes.
• Configuring cluster-wide resources.
 3. Attaching Persistent Storage to Applications

Q3: How do you attach persistent storage to an application in Kubernetes/OpenShift?

Answer:

1. Mount a PVC in a Pod:

• Define a Pod YAML with a volume and volume mount:

apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: nginx
volumeMounts:
- name: my-storage
mountPath: /data
volumes:
- name: my-storage
persistentVolumeClaim:
claimName: my-pvc
• Apply the YAML file:
kubectl apply -f pod.yaml
2. Verify the Pod:

kubectl get pods

kubectl describe pod my-pod

4. Making Remote Storage Available in Containers

Q4: How do you make remote storage available in containers?

Answer:

1. Use NFS:
• Create a PV with NFS:

apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: 192.168.1.100
path: /exports
• Mount the PV in a Pod using a PVC.
2. Use Cloud Storage:
• Use cloud provider-specific storage classes (e.g., AWS EBS, GCP Persistent Disks).

5. Removing Persistent Storage from Applications

Q5: How do you remove persistent storage from an application?

Answer:

1. Delete the PVC:

 kubectl delete pvc my-pvc
2. Delete the Pod:

kubectl delete pod my-pod

3. Delete the PV (if no longer needed):

kubectl delete pv my-pv

6. Cleaning Up Persistent Storage Volumes

Q6: How do you clean up persistent storage volumes in Kubernetes/OpenShift?

Answer:

1. Delete PVCs:

kubectl delete pvc <pvc-name>

2. Delete PVs:

kubectl delete pv <pv-name>

3. Reclaim Policy:
• Set the persistentVolumeReclaimPolicy to Delete or Retain in the PV definition.
• Example:
persistentVolumeReclaimPolicy: Delete

Q7: How do you troubleshoot a Pod that fails to mount a PVC?

Answer:

1. Check Pod logs:

kubectl logs <pod-name>

2. Describe the Pod for errors:

kubectl describe pod <pod-name>

3. Verify the PVC and PV:

kubectl get pvc

kubectl get pv
Q8: How do you resize a PVC in Kubernetes/OpenShift?

Answer:

1. Edit the PVC to request more storage:

kubectl edit pvc <pvc-name>

2. Update the spec.resources.requests.storage field.
3. Verify the resize:

kubectl get pvc

Q9: How do you back up persistent storage data?

Answer:

1. Use tools like Velero to back up PVs and PVCs.

2. Manually copy data to another storage system:

kubectl cp <pod-name>:/data /backup/data

 1. Deploying Applications on OpenShift Using S2I

Q1: What is Source-to-Image (S2I), and how does it work in OpenShift?

Answer:

• Source-to-Image (S2I) is a framework for building reproducible container images from

source code.
• It works by:
1. Taking application source code as input.
2. Using a builder image (e.g., Node.js, Python, Java) to compile and package the
application.
3. Producing a new container image that runs the application.

2. Introduction to S2I

Q2: What are the benefits of using S2I in OpenShift?

Answer:

• Reproducibility: Ensures consistent builds across environments.

• Speed: Automates the build process, reducing manual steps.
• Flexibility: Supports multiple programming languages and frameworks.
• Integration: Works seamlessly with OpenShift's CI/CD pipelines.

3. Launching a Demo App with Source Strategy

Q3: How do you deploy an application using the S2I source strategy in OpenShift?

Answer:

1. Use the oc new-app command with the source code repository and builder image:

oc new-app https://github.com/openshift/nodejs-ex --strategy=source

2. Verify the build and deployment:

oc get builds
oc get pods

4. S2I Builder Primer

Q4: What is an S2I builder image, and how do you use it?

Answer:

• An S2I builder image is a container image that contains the tools and scripts to build and
run applications for a specific language or framework (e.g., Node.js, Python, Java).
• Example: Use the Node.js S2I builder image:

oc new-app nodejs:latest~https://github.com/openshift/nodejs-ex

5. Deploying a Results App with Node.js S2I Builder

Q5: How do you deploy a Node.js application using the Node.js S2I builder?

Answer:

1. Use the oc new-app command with the Node.js builder image and source code:
 oc new-app nodejs:latest~https://github.com/openshift/nodejs-ex

2. Verify the build and deployment:

oc get builds
oc get pods
3. Expose the application with a Route:

oc expose svc/nodejs-ex

6. Launching a Database with a Template

Q6: How do you deploy a database using a template in OpenShift?

Answer:

1. Use the oc new-app command with a database template:

oc new-app postgresql-persistent
2. Verify the deployment:

oc get pods
oc get pvc

Q7: How do you customize the S2I build process?

Answer:

1. Add a .s2i/bin directory to your source code repository.

2. Include custom scripts:
• assemble: Builds the application.
• run: Runs the application.
• save-artifacts: Saves build artifacts for incremental builds.

Q8: How do you troubleshoot a failed S2I build?

Answer:

1. Check build logs:

oc logs builds/<build-name>
2. Describe the build for errors:

oc describe build <build-name>

Q9: How do you use environment variables in an S2I build?

Answer:

1. Set environment variables in the BuildConfig:

env:
- name: NODE_ENV
value: production
2. Apply the BuildConfig:

oc apply -f buildconfig.yaml

Q10: How do you clean up unused images and builds?

Answer:

1. Delete completed builds:

oc delete builds --field-selector status=Complete
2. Prune unused images:
oc adm prune images

10. Security
1. Adding Permissions to Users by Assigning Roles
Q1: How do you assign roles to users in OpenShift?
Answer:
1. Use the oc adm policy command to assign roles:

oc adm policy add-role-to-user <role> <username> -n <namespace>

Example:

oc adm policy add-role-to-user admin john -n my-project

2. Verify the role assignment:

oc get rolebindings -n <namespace>

2. Managing Project Resource Limits and Quotas
Q2: How do you set resource limits and quotas for a project?
Answer:
1. Create a ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
name: my-quota
namespace: my-project
spec:
hard:
requests.cpu: "2"
requests.memory: "4Gi"
limits.cpu: "4"
limits.memory: "8Gi"
2. Apply the ResourceQuota:

oc apply -f quota.yaml

3. Setting Default Limits and Quotas for Projects

Q3: How do you set default resource limits for a project?
Answer:
1. Create a LimitRange:

apiVersion: v1
kind: LimitRange
metadata:
name: my-limits
namespace: my-project
spec:
limits:
- default:
cpu: "1"
memory: "512Mi"
defaultRequest:
cpu: "500m"
memory: "256Mi"
type: Container
2. Apply the LimitRange:

oc apply -f limitrange.yaml
 4. Examining How Linux Enforces Limits and Quotas
Q4: How does Linux enforce resource limits and quotas?
Answer:
• Linux uses cgroups (control groups) to enforce CPU and memory limits.
• OpenShift integrates with cgroups to enforce resource quotas and limits at the container
level.

5. Learning How SELinux Isolates Container Resources

Q5: How does SELinux enhance container security in OpenShift?
Answer:
• SELinux (Security-Enhanced Linux) provides mandatory access control (MAC) to isolate
containers and restrict their access to host resources.
• OpenShift uses SELinux to enforce security contexts and prevent containers from
accessing unauthorized resources.

6. Understanding Security Contexts and Application Permissions

Q6: What is a security context in OpenShift?
Answer:
• A security context defines privileges and access control settings for a Pod or container.
• Example:

securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
7. Scanning Container Images for Security Issues
Q7: How do you scan container images for security vulnerabilities?
Answer:
1. Use tools like Clair, Trivy, or OpenSCAP to scan images.
2. Example with Trivy:

trivy image quay.io/my-image:latest

8. Using Security Context Constraints (SCCs)
Q8: What are Security Context Constraints (SCCs), and how do you use them?
Answer:
• SCCs control permissions for Pods, such as running as a specific user or accessing the
host network.
• Example: Assign an SCC to a ServiceAccount:

oc adm policy add-scc-to-user privileged -z default -n my-project

9. Analyzing OpenSCAP Security Scan Reports
Q9: How do you analyze OpenSCAP security scan reports?
Answer:
1. Run an OpenSCAP scan:

oscap-podman quay.io/my-image:latest xccdf eval --profile

xccdf_org.ssgproject.content_profile_standard
2. Review the scan report for vulnerabilities and compliance issues.

11. Networking
1. Designing Cluster Networks
Q10: What are the key considerations when designing an OpenShift cluster network?
Answer:
• Pod Network: Assign a CIDR range for Pod IPs.
• Service Network: Assign a CIDR range for Service IPs.
• Node Network: Ensure nodes can communicate with each other and the control plane.
• Network Plugins: Choose a plugin like Open vSwitch (OVS) or Calico.
 2. Understanding Network Traffic Flow in OpenShift
Q11: How does network traffic flow in OpenShift?
Answer:
• Pod-to-Pod: Traffic flows through the Pod network (e.g., OVS).
• Pod-to-Service: Traffic is load-balanced by kube-proxy.
• External Traffic: Ingress controllers route traffic to Services.
3. Configuring Open vSwitch
Q12: How do you configure Open vSwitch (OVS) in OpenShift?
Answer:
1. Install OVS on each node:

yum install openvswitch

2. Configure OVS as the network plugin in the OpenShift cluster.

4. Configuring OpenShift Network Plugins

Q13: How do you configure network plugins in OpenShift?
Answer:
1. Edit the cluster network configuration:

network:
plugin: ovs
clusterNetworkCIDR: 10.128.0.0/14
serviceNetworkCIDR: 172.30.0.0/16
2. Restart the cluster networking components.

5. Using DNS in OpenShift

Q14: How does DNS work in OpenShift?
Answer:
• OpenShift uses CoreDNS to resolve Service and Pod names.
• Example: A Service named my-service in the my-project namespace can be accessed at:
my-service.my-project.svc.cluster.local

Q15: How do you troubleshoot network issues in OpenShift?

Answer:
1. Check Pod logs:

oc logs <pod-name>
2. Verify network policies:

oc get networkpolicies
3. Check node connectivity:

ping <node-ip>
Q16: How do you enforce network policies in OpenShift?
Answer:
1. Create a NetworkPolicy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app
namespace: my-project
spec:
podSelector:
matchLabels:
app: my-app
ingress:
- from:
- podSelector:
 matchLabels:
role: frontend
2. Apply the NetworkPolicy:
oc apply -f networkpolicy.yaml