RedHat Red Hat Certified Specialist in OpenShift Automation and Integration (EX380) Free Practice Test
Question 1
Backup and Restore - Restore Application from Existing Backup
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Make sure Velero is installed and configured in the environment.
The Task SIMULATION assumes an existing backup named backup-app-daily is already present.
Step 2: Run the restore command:
velero restore create --from-backup backup-app-daily
Step 3: Confirm the restore request is submitted.
The lab output shows:
Restore request "backup-app-daily-2024" submitted successfully.
Detailed explanation:
This command instructs Velero to create a restore operation using the existing backup called backup-app- daily. Velero is commonly used to protect Kubernetes and OpenShift resources by backing up object definitions and, when configured, persistent data integrations. The command does not manually recreate resources one by one; instead, it leverages the metadata captured during backup. A successful restore submission means the request has been accepted, not necessarily that every object has already been fully restored. In practical administration, you would often follow this by checking restore status and validating the application namespace, pods, services, routes, and storage bindings. This lab Task SIMULATION focuses specifically on initiating the restore from the named backup source.
Explanation:
Step 1: Make sure Velero is installed and configured in the environment.
The Task SIMULATION assumes an existing backup named backup-app-daily is already present.
Step 2: Run the restore command:
velero restore create --from-backup backup-app-daily
Step 3: Confirm the restore request is submitted.
The lab output shows:
Restore request "backup-app-daily-2024" submitted successfully.
Detailed explanation:
This command instructs Velero to create a restore operation using the existing backup called backup-app- daily. Velero is commonly used to protect Kubernetes and OpenShift resources by backing up object definitions and, when configured, persistent data integrations. The command does not manually recreate resources one by one; instead, it leverages the metadata captured during backup. A successful restore submission means the request has been accepted, not necessarily that every object has already been fully restored. In practical administration, you would often follow this by checking restore status and validating the application namespace, pods, services, routes, and storage bindings. This lab Task SIMULATION focuses specifically on initiating the restore from the named backup source.
Question 2
GitOps and MachineConfig - Push MachineConfig to Git
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Make sure the MachineConfig YAML has already been created or modified in the local Git repository.
This Task assumes the file change is ready to be committed.
Step 2: Run the command:
git commit -am "Add MachineConfig for motd" & & git push origin main
Step 3: Verify the commit succeeds and the push goes to the main branch.
The lab output shows:
[main 8d32a1] Add MachineConfig for motd
Detailed explanation:
This Task is part of a GitOps workflow. Instead of manually applying changes directly to the cluster, the desired configuration is stored in Git, and a GitOps controller such as Argo CD synchronizes the cluster to match the repository state. The command commits all tracked modified files with the message Add MachineConfig for motd and then pushes the change to the main branch. In this model, Git becomes the source of truth. A MachineConfig is typically used to manage node-level operating system configuration in OpenShift, so pushing it through GitOps ensures the change is auditable, repeatable, and reconciled declaratively. If the commit does not include the intended YAML, the synchronization mechanism will not apply the desired change.
Explanation:
Step 1: Make sure the MachineConfig YAML has already been created or modified in the local Git repository.
This Task assumes the file change is ready to be committed.
Step 2: Run the command:
git commit -am "Add MachineConfig for motd" & & git push origin main
Step 3: Verify the commit succeeds and the push goes to the main branch.
The lab output shows:
[main 8d32a1] Add MachineConfig for motd
Detailed explanation:
This Task is part of a GitOps workflow. Instead of manually applying changes directly to the cluster, the desired configuration is stored in Git, and a GitOps controller such as Argo CD synchronizes the cluster to match the repository state. The command commits all tracked modified files with the message Add MachineConfig for motd and then pushes the change to the main branch. In this model, Git becomes the source of truth. A MachineConfig is typically used to manage node-level operating system configuration in OpenShift, so pushing it through GitOps ensures the change is auditable, repeatable, and reconciled declaratively. If the commit does not include the intended YAML, the synchronization mechanism will not apply the desired change.
Question 3
GitOps and MachineConfig - Trigger Argo CD Synchronization by Repository Update
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Confirm that the repository being pushed to is the same repository watched by the GitOps/Argo CD application.
This linkage is essential because GitOps acts only on configured source repositories and paths.
Step 2: Commit the MachineConfig changes.
The lab uses:
git commit -am "Add MachineConfig for motd"
Step 3: Push the changes to the tracked branch.
The lab uses:
git push origin main
Step 4: Allow Argo CD to detect the repository change and begin synchronization.
In a standard GitOps model, the controller compares the Git repository to the cluster state and applies drift correction or new desired resources.
Detailed explanation:
This sub Task SIMULATION is the operational purpose behind the previous Git command Task SIMULATION . The point is not merely to store a file in Git; it is to update the declarative source that Argo CD uses to reconcile the cluster. Once the repository is updated, Argo CD detects the new commit and syncs the MachineConfig into the cluster according to its application definition. This demonstrates a core automation principle in OpenShift GitOps: administrators do not treat the cluster as the primary editable surface. Instead, they modify Git and let the automation layer enforce state. That provides traceability, peer review potential, rollback capability, and consistency across environments.
Explanation:
Step 1: Confirm that the repository being pushed to is the same repository watched by the GitOps/Argo CD application.
This linkage is essential because GitOps acts only on configured source repositories and paths.
Step 2: Commit the MachineConfig changes.
The lab uses:
git commit -am "Add MachineConfig for motd"
Step 3: Push the changes to the tracked branch.
The lab uses:
git push origin main
Step 4: Allow Argo CD to detect the repository change and begin synchronization.
In a standard GitOps model, the controller compares the Git repository to the cluster state and applies drift correction or new desired resources.
Detailed explanation:
This sub Task SIMULATION is the operational purpose behind the previous Git command Task SIMULATION . The point is not merely to store a file in Git; it is to update the declarative source that Argo CD uses to reconcile the cluster. Once the repository is updated, Argo CD detects the new commit and syncs the MachineConfig into the cluster according to its application definition. This demonstrates a core automation principle in OpenShift GitOps: administrators do not treat the cluster as the primary editable surface. Instead, they modify Git and let the automation layer enforce state. That provides traceability, peer review potential, rollback capability, and consistency across environments.
Question 4
Deploy Event Router and capture Kubernetes events in logging
Task Information : Deploy an event router so Kubernetes events are recorded as logs, then trigger events and confirm they appear in logging queries.
Task Information : Deploy an event router so Kubernetes events are recorded as logs, then trigger events and confirm they appear in logging queries.
Correct Answer:
See the solution below in Explanation:
* Deploy event router resources
* Apply a deployment/serviceaccount/rolebinding manifest for eventrouter:
* oc apply -f eventrouter.yaml -n openshift-logging
* Eventrouter watches event API and writes them to stdout (collected by logging).
* Verify eventrouter pod is running
* oc -n openshift-logging get pods | grep -i event
* Trigger some events
* oc -n default run evtest --image=busybox --restart=Never -- sleep 1
* oc -n default delete pod evtest
* Creation/deletion generates events.
* Query logs for events
* In the logging UI/backend, search for the namespace/pod name evtest or eventrouter messages.
* Explanation: Validates that events are being converted to searchable logs.
* Deploy event router resources
* Apply a deployment/serviceaccount/rolebinding manifest for eventrouter:
* oc apply -f eventrouter.yaml -n openshift-logging
* Eventrouter watches event API and writes them to stdout (collected by logging).
* Verify eventrouter pod is running
* oc -n openshift-logging get pods | grep -i event
* Trigger some events
* oc -n default run evtest --image=busybox --restart=Never -- sleep 1
* oc -n default delete pod evtest
* Creation/deletion generates events.
* Query logs for events
* In the logging UI/backend, search for the namespace/pod name evtest or eventrouter messages.
* Explanation: Validates that events are being converted to searchable logs.
Question 5
Kubeconfig Management - Set Credentials in Kubeconfig
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Ensure the client certificate and private key files are available.
The lab uses audit.crt and tls.key.
Step 2: Run the command:
oc config set-credentials audit --client-certificate audit.crt --client-key tls.key --embed-certs --kubeconfig audit.config Step 3: Confirm the user entry is written.
The lab output shows:
User "audit" set.
Detailed explanation:
This command creates or updates the audit user entry inside the kubeconfig file audit.config. It points the user to a client certificate and private key, and the --embed-certs option stores certificate material directly inside the kubeconfig rather than only referencing external files. That makes the kubeconfig more portable because it can be moved and used without separately copying the certificate files, provided the embedded content is valid. In certificate-based authentication, the private key proves client possession while the certificate presents the approved identity. If the certificate and key do not match, authentication will fail. This step does not yet define what cluster or namespace the user works against; it only defines the credential identity.
Explanation:
Step 1: Ensure the client certificate and private key files are available.
The lab uses audit.crt and tls.key.
Step 2: Run the command:
oc config set-credentials audit --client-certificate audit.crt --client-key tls.key --embed-certs --kubeconfig audit.config Step 3: Confirm the user entry is written.
The lab output shows:
User "audit" set.
Detailed explanation:
This command creates or updates the audit user entry inside the kubeconfig file audit.config. It points the user to a client certificate and private key, and the --embed-certs option stores certificate material directly inside the kubeconfig rather than only referencing external files. That makes the kubeconfig more portable because it can be moved and used without separately copying the certificate files, provided the embedded content is valid. In certificate-based authentication, the private key proves client possession while the certificate presents the approved identity. If the certificate and key do not match, authentication will fail. This step does not yet define what cluster or namespace the user works against; it only defines the credential identity.