
RedHat Red Hat Certified Specialist in OpenShift Automation and Integration - EX380 Exam Questions
QUESTION NO: 1
Maintain group synchronization on a schedule (CronJob)
Task Information : Create a CronJob that runs LDAP group sync on a schedule using a service account that has the required permissions.
Maintain group synchronization on a schedule (CronJob)
Task Information : Create a CronJob that runs LDAP group sync on a schedule using a service account that has the required permissions.
Correct Answer:
See the solution below in Explanation:
Explanation:
* Create a namespace for the sync job
* oc new-project id-sync
* Keeps the automation components organized.
* Create a service account for the sync job
* oc -n id-sync create sa group-sync
* CronJob runs under this SA identity.
* Grant cluster permissions to manage groups
* oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:id-sync:group-sync
* In real environments you should scope down, but lab Task SIMULATIONs often accept cluster- admin for speed.
* Create a ConfigMap for groupsync.yaml and Secret(s) for bind password/CA
* Mount them into the job container.
* Create CronJob to run group sync
* Command inside job:
* oc adm groups sync --sync-config=/config/groupsync.yaml --confirm
* The CronJob ensures periodic reconciliation with LDAP.
* Verify job runs
* oc -n id-sync get cronjob
* oc -n id-sync get jobs
* oc -n id-sync logs job/ < job-name >
Explanation:
* Create a namespace for the sync job
* oc new-project id-sync
* Keeps the automation components organized.
* Create a service account for the sync job
* oc -n id-sync create sa group-sync
* CronJob runs under this SA identity.
* Grant cluster permissions to manage groups
* oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:id-sync:group-sync
* In real environments you should scope down, but lab Task SIMULATIONs often accept cluster- admin for speed.
* Create a ConfigMap for groupsync.yaml and Secret(s) for bind password/CA
* Mount them into the job container.
* Create CronJob to run group sync
* Command inside job:
* oc adm groups sync --sync-config=/config/groupsync.yaml --confirm
* The CronJob ensures periodic reconciliation with LDAP.
* Verify job runs
* oc -n id-sync get cronjob
* oc -n id-sync get jobs
* oc -n id-sync logs job/ < job-name >
QUESTION NO: 2
Deploy Event Router and capture Kubernetes events in logging
Task Information : Deploy an event router so Kubernetes events are recorded as logs, then trigger events and confirm they appear in logging queries.
Deploy Event Router and capture Kubernetes events in logging
Task Information : Deploy an event router so Kubernetes events are recorded as logs, then trigger events and confirm they appear in logging queries.
Correct Answer:
See the solution below in Explanation:
* Deploy event router resources
* Apply a deployment/serviceaccount/rolebinding manifest for eventrouter:
* oc apply -f eventrouter.yaml -n openshift-logging
* Eventrouter watches event API and writes them to stdout (collected by logging).
* Verify eventrouter pod is running
* oc -n openshift-logging get pods | grep -i event
* Trigger some events
* oc -n default run evtest --image=busybox --restart=Never -- sleep 1
* oc -n default delete pod evtest
* Creation/deletion generates events.
* Query logs for events
* In the logging UI/backend, search for the namespace/pod name evtest or eventrouter messages.
* Explanation: Validates that events are being converted to searchable logs.
* Deploy event router resources
* Apply a deployment/serviceaccount/rolebinding manifest for eventrouter:
* oc apply -f eventrouter.yaml -n openshift-logging
* Eventrouter watches event API and writes them to stdout (collected by logging).
* Verify eventrouter pod is running
* oc -n openshift-logging get pods | grep -i event
* Trigger some events
* oc -n default run evtest --image=busybox --restart=Never -- sleep 1
* oc -n default delete pod evtest
* Creation/deletion generates events.
* Query logs for events
* In the logging UI/backend, search for the namespace/pod name evtest or eventrouter messages.
* Explanation: Validates that events are being converted to searchable logs.
QUESTION NO: 3
Kubeconfig Management - Set Context in Kubeconfig
Kubeconfig Management - Set Context in Kubeconfig
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Verify the cluster name, namespace, and user name that should be referenced.
The lab uses cluster api-ocp4-example-com:6443, namespace audit-ns, and user audit-sa.
Step 2: Run the command:
oc config set-context audit --cluster api-ocp4-example-com:6443 --namespace audit-ns --user audit-sa -- kubeconfig audit.config Step 3: Confirm context creation.
The lab output shows:
Context "audit" created.
Detailed explanation:
A kubeconfig context ties together three things: a cluster endpoint, a user identity, and optionally a default namespace. This Task creates a context named audit in the file audit.config. Contexts are useful because they simplify repeated administration by letting the user switch between prepared working environments instead of re-entering cluster and namespace details each time. The namespace portion is especially helpful for project- scoped operations, because commands run under that context default to the chosen namespace. Accuracy matters here: if the user name in the context does not match the credentials entry or the cluster name does not exist in the kubeconfig, the context will not function as intended.
Explanation:
Step 1: Verify the cluster name, namespace, and user name that should be referenced.
The lab uses cluster api-ocp4-example-com:6443, namespace audit-ns, and user audit-sa.
Step 2: Run the command:
oc config set-context audit --cluster api-ocp4-example-com:6443 --namespace audit-ns --user audit-sa -- kubeconfig audit.config Step 3: Confirm context creation.
The lab output shows:
Context "audit" created.
Detailed explanation:
A kubeconfig context ties together three things: a cluster endpoint, a user identity, and optionally a default namespace. This Task creates a context named audit in the file audit.config. Contexts are useful because they simplify repeated administration by letting the user switch between prepared working environments instead of re-entering cluster and namespace details each time. The namespace portion is especially helpful for project- scoped operations, because commands run under that context default to the chosen namespace. Accuracy matters here: if the user name in the context does not match the credentials entry or the cluster name does not exist in the kubeconfig, the context will not function as intended.
QUESTION NO: 4
GitOps and MachineConfig - Trigger Argo CD Synchronization by Repository Update
GitOps and MachineConfig - Trigger Argo CD Synchronization by Repository Update
Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Confirm that the repository being pushed to is the same repository watched by the GitOps/Argo CD application.
This linkage is essential because GitOps acts only on configured source repositories and paths.
Step 2: Commit the MachineConfig changes.
The lab uses:
git commit -am "Add MachineConfig for motd"
Step 3: Push the changes to the tracked branch.
The lab uses:
git push origin main
Step 4: Allow Argo CD to detect the repository change and begin synchronization.
In a standard GitOps model, the controller compares the Git repository to the cluster state and applies drift correction or new desired resources.
Detailed explanation:
This sub Task SIMULATION is the operational purpose behind the previous Git command Task SIMULATION . The point is not merely to store a file in Git; it is to update the declarative source that Argo CD uses to reconcile the cluster. Once the repository is updated, Argo CD detects the new commit and syncs the MachineConfig into the cluster according to its application definition. This demonstrates a core automation principle in OpenShift GitOps: administrators do not treat the cluster as the primary editable surface. Instead, they modify Git and let the automation layer enforce state. That provides traceability, peer review potential, rollback capability, and consistency across environments.
Explanation:
Step 1: Confirm that the repository being pushed to is the same repository watched by the GitOps/Argo CD application.
This linkage is essential because GitOps acts only on configured source repositories and paths.
Step 2: Commit the MachineConfig changes.
The lab uses:
git commit -am "Add MachineConfig for motd"
Step 3: Push the changes to the tracked branch.
The lab uses:
git push origin main
Step 4: Allow Argo CD to detect the repository change and begin synchronization.
In a standard GitOps model, the controller compares the Git repository to the cluster state and applies drift correction or new desired resources.
Detailed explanation:
This sub Task SIMULATION is the operational purpose behind the previous Git command Task SIMULATION . The point is not merely to store a file in Git; it is to update the declarative source that Argo CD uses to reconcile the cluster. Once the repository is updated, Argo CD detects the new commit and syncs the MachineConfig into the cluster according to its application definition. This demonstrates a core automation principle in OpenShift GitOps: administrators do not treat the cluster as the primary editable surface. Instead, they modify Git and let the automation layer enforce state. That provides traceability, peer review potential, rollback capability, and consistency across environments.
QUESTION NO: 5
Create a full application backup (resources + PV data)
Task Information : Create a Velero backup of namespace orders including PV snapshots.
Create a full application backup (resources + PV data)
Task Information : Create a Velero backup of namespace orders including PV snapshots.
Correct Answer:
See the solution below in Explanation:
Explanation:
* Confirm resources and PVCs exist
* oc -n orders get all
* oc -n orders get pvc
* Ensures there is something meaningful to back up.
* Create backup including volume snapshots
* velero backup create orders-full --include-namespaces orders --snapshot-volumes
* Captures Kubernetes objects and requests PV snapshots where supported.
* Check status/details
* velero backup describe orders-full --details
* velero backup logs orders-full
* Review warnings/errors and confirm snapshot actions.
Explanation:
* Confirm resources and PVCs exist
* oc -n orders get all
* oc -n orders get pvc
* Ensures there is something meaningful to back up.
* Create backup including volume snapshots
* velero backup create orders-full --include-namespaces orders --snapshot-volumes
* Captures Kubernetes objects and requests PV snapshots where supported.
* Check status/details
* velero backup describe orders-full --details
* velero backup logs orders-full
* Review warnings/errors and confirm snapshot actions.




