Automation with OpenShift

Question 1

Show the “schema” of an object or its properties

Answer 1

oc explain deployment.status.replicas

Question 2

jsonpath construct to iterate over lists in the resource

Answer 2

c get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.status.conditions[*].type}’

Question 3

Get a specific item in a list using jsonpath

Answer 3

c get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.spec.template.spec.containers[0].name}’

Question 4

Filter items in a list with jsonpath

Answer 4

oc get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.status.conditions[?(@.type==”Available”)].status}’

Question 5

list a single property from many objects

Answer 5

oc get route -n openshift-monitoring \
-o jsonpath=’{.items[*].spec.host}’

Question 6

print specific properties in a tabular format

Answer 6

oc get pod –all-namespaces -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName

Question 7

With jsonpath, extract single property with multiple nesting

Answer 7

oc get pods -A -o jsonpath=’{.items[].spec.containers[].image}’

Question 8

Extract multiple properties at different levels of nesting

Answer 8

oc get pods -A -o jsonpath=’{range .items[*]}’ \
‘{.metadata.namespace} {.metadata.creationTimestamp}{“\n”}’

Question 9

Execute jsonpath from file

Answer 9

oc get nodes -o jsonpath-file=not_ready_nodes.jsonpath

Question 10

Capture the host name of the web console in a variable

Answer 10

console=$(oc get route -n openshift-console console \
-o jsonpath=’{.spec.host}’)

Question 11

Use the curl command to display the expiry date of the OpenShift Router TLS certificate

Answer 11

curl https://$console -k -v 2>&1 | grep ‘expire date’

Question 12

Get the host names for all routes and store them in a variable

Answer 12

hosts=$(oc get route -A \
-o jsonpath=’{.items[*].spec.host}’)

Question 13

Use curl to get the HTTP status for each route

Answer 13

Question 14

locate the name of the secret that contains the users

Answer 14

oc get oauth cluster -o json

Question 15

extract the secret name from the identity provider named htpasswd_provider

Answer 15

filter=’?(.name==”htpasswd_provider”)’

oc get oauth cluster -o jsonpath=”{.spec.identityProviders[$filter].htpasswd.fileData.name}{‘\n’}”

Question 16

Where does OCP store service account token

Answer 16

In the running pod under /var/run/secrets/kubernetes.io/serviceaccount/token

Question 17

How do you get an operational script to authenticate with OCP

Answer 17

Create a service account for the purpose

Question 18

service accounts belong to a namespace yes or no?

Answer 18

yes

Question 19

CR for creating a service account

Answer 19

Question 20

Why prefer using CR vs oc cli

Answer 20

declarative YAML or JSON text files encourages the DevOps practices of version control and code review

Question 21

By default, the service account does not have permission to make requests to the OpenShift API server. True or False?

Answer 21

True.
roles and role bindings must be defined for the sa

Question 22

Roles are namespaced. True or False?

Answer 22

True

Question 23

ClusterRoles are namespaced. True or False?

Answer 23

True

Question 24

RoleBinding are namespaced. True or False?

Answer 24

True

Question 25

What are valid subjects for role binding?

Answer 25

users, groups, or service accounts.

Question 26

How do you create a binding?

Answer 26

oc policy add-role-to-user

Question 27

Cron Job CR

Answer 27

Question 28

Job CR

Answer 28

Question 29

What are container script deployment strategies?

Answer 29

1) container command 2) volume 3) container image

Question 30

Explain the container command script deployment strategy

Answer 30

Specify short Bash scripts as arguments to a container in the spec. This method is easy to deploy, but makes reviewing and automated tests more difficult.

Question 31

Explain the volume script deployment straregy

Answer 31

Mount a ConfigMap or persistent storage as a volume.

Question 32

Explain the image script deployment strategy

Answer 32

Package the script in a container image with all necessary dependencies. Use a GitOps pipeline with build, test, and deployment automation.

Question 33

get jobs in all namescapes

Answer 33

oc get jobs -A

Question 34

curl command to get api version

Answer 34

curl -k --header "Authorization: Bearer $(oc whoami -t)" $(oc whoami --show-server)/api

Question 35

Find the list of APis using curl

Answer 35

curl -k --header "Authorization: Bearer $(oc whoami -t)" $(oc whoami --show-server)/apis

Question 36

Create a project using REST API

Answer 36

curl -k --header "Authorization: Bearer qfyV5ULvv...i712kJT" \ --header 'Content-Type: application/json' -d "$(< project.json)" \ -X POST https://api.example.com/apis/project.openshift.io/v1/projects

Question 37

Content of json file for creating a project

Answer 37

{ "apiVersion": "project.openshift.io/v1", "kind": "Project", "metadata": { "name": "example" } }

Question 38

Ansible OCP modules

Answer 38

1) k8s: manages k8s objects, allowing you to create, update, or delete Kubernetes objects 2) k8s_auth: returns api_key that other modules can use 3) k8s_info: Retrieves info about k8s objects 4) k8s_scale: sets new sizes for a Deployment, ReplicaSet, rc, or Job 5) k8s_service: manages services on k8s

Question 39

Ansible block to configure defauts

Answer 39

Question 40

Ansible play to login into OCP

Answer 40

Question 41

Ansible task to create objects from file

Answer 41

Question 42

Ansible task to get info about Pods that are web apps in dev or test

Answer 42

Question 43

Ansible task to scale up deployment

Answer 43

Question 44

Ansible task to expose https port with ClusterIP

Answer 44

Question 45

Prequisites for CP ansible modules

Answer 45

1) openshift >= 0.6.2 2) PyYAML >= 3.11 3) urllib3 4) requests 5) requests-oauthlib

Question 46

Ansible playbook to get route info

Answer 46

Question 47

Ansible task a URL and print the response code

Answer 47