Networking

Question 1

review the configuration of the DNS operator

Answer 1

oc describe dns.operator/default

Question 2

Expose a service so it is accessible with a given hostname

Answer 2

oc expose service api-frontend –hostname api.apps.acme.com

Question 3

create a secure edge route with a TLS certificate

Answer 3

oc create route edge
–service api-frontend
–hostname api.apps.acme.com
–key api.key
–cert api.crt

Question 4

Create the network policy

Answer 4

oc create -n network-policy -f allow-specific.yaml

Question 5

View the network policies in the network-policy namespace

Answer 5

oc get networkpolicies -n network-policy

Question 6

apply the name=network-test label to a namespace

Answer 6

oc label namespace network-test name=network-test

Question 7

label a node with env=dev

Answer 7

oc label node master01 env=dev

Question 8

change an existing label

Answer 8

oc label node master01 env=prod –overwrite

Question 9

Remove a label

Answer 9

oc label node master01 env-

Question 10

see labels assigned to a node

Answer 10

oc get node master02 –show-labels

Question 11

determine the value of a single label for a node

Answer 11

oc get node -L failure-domain.beta.kubernetes.io/region

Question 12

Get list of machines

Answer 12

oc get machines -n openshift-machine-api -o wide

Question 13

Get list of machine sets

Answer 13

oc get machineset -n openshift-machine-api

Question 14

edit a machine set

Answer 14

oc edit machineset ocp-qz7hf-worker-us-west-1b -n openshift-machine-api

Question 15

configure app so that its pods only run on nodes with label env=qa

Answer 15

oc patch deployment/myapp –patch \
> ‘{“spec”:{“template”:{“spec”:{“nodeSelector”:{“env”:”dev”}}}}}’

Question 16

creates a new project named demo, where all pods will be deployed to nodes that have the label of tier=1

Answer 16

oc adm new-project demo –node-selector “tier=1”

Question 17

configure a default node selector for an existing project

Answer 17

oc annotate namespace demo \
> openshift.io/node-selector=”tier=2” –overwrite

Question 18

scaled number of pods in a deployment to three

Answer 18

oc scale –replicas 3 deployment/myapp

Question 19

Import content of file into mysql

Answer 19

mysql -u root items < /tmp/db-data.sql

Question 20

How do you print a service IP and nothing else

Answer 20

oc get service/mysql -o jsonpath=”{.spec.clusterIP}”

Question 21

Connect to mysql using curl

Answer 21

curl -v telnet://172.30.103.29:3306

Question 22

How do you retrieve the internal IP of a POD

Answer 22

oc get pods -o wide

Question 23

Troubleshooting steps frontend-mysql

Answer 23

1) Get mysql external and internal IP addresses
2) Start debug frontend pod
3) From debug frontend pod check if mysql is reachable
4) Get frontend IP address
5) Start debug mysql pod
6) From debug mysql pod, check if frontend is reachable
7) Review frontend service: check selector, check endpoint

Question 24

Network policy to deny all pods network in the namespace

Answer 24

Question 25

Network policy to allow traffic to hello pod in the network-policy namespace from sample-app pod in network-test namespace over TCP on port 8080.

Answer 25

Question 26

Network policy to allow trafic from default ingress controller

Answer 26

Question 27

Second step to allow traffic from default ingress control

Answer 27

put label on default namespace that contains default ingress controller:

oc label namespace default network.openshift.io/policy-group=ingress

Question 28

Remove the label env from all nodes

Answer 28

oc label node -l env env-

Question 29

Create secure route

Answer 29

oc create route edge todo-https
–service todo-http
–hostname todo-https.apps.ocp4.example.com

Question 30

Get svc IP

Answer 30

oc get svc -o wide

Question 31

Create a debug pod for the todo-http deployment using specific image

Answer 31

oc debug deployment/todo-http –image registry.access.redhat.com/ubi8/ubi:8.4