Openshift

Question 1

What is OpenShift online

Answer 1

It is public PaaS of OpenShift community using which one can build and deploy its application on public cloud. It is red hat hosting platform

Question 2

What is OpenShift ?

Answer 2

OpenShift is a cloud development Platform as a Service.It is an open source development platform by which developer develops and deploys application on cloud

Question 3

What is OpenShift container registry ?

Answer 3

Its an inbuilt storage that is used to store Docker images.

Question 4

What is Routes in OpenShift?

Answer 4

In OpenShift Routes is a way to externalize the services by providing externally reachable hostname.In OpenShift routes are created using routers developed by admin

Question 5

How API are authenticated in OpenShift ?

Answer 5

In OpenShift master has inbuilt OAuth server which generates tokens that can be used for API authentication.

Question 6

What type of build strategies are used in OpenShift?

Answer 6

• Docker Strategy
• Custom Strategy
• Pipeline Strategy
• Source-to-image Strategy

Question 7

What is Source-to-image Strategy ?

Answer 7

In this from source code images are created.In Source-to-image strategy source code is downloaded and compiled and deployed in same container.From same code image is created

Question 8

What are the identity providers in OAuth?

Answer 8

• HTPassword (Configure the htpasswd identity provider to validate user names and passwords against a flat file generated using htpasswd.)
• LDAP
• Basic Authentication
• GitHub
• Google
• OpenID Connect

Question 9

What is Downward API in OpenShift?

Answer 9

The Downward API is a mechanism whereby pods can retrieve their metadata without having to call into the Kubernetes API. The following metadata can be retrieved and used to configure the running pods:

• Labels
• Annotations
• Pod name, namespace, and IP address
• Pod CPU/memory request and limit information
• Certain information can be mounted into the pod as an environment variable,whereas other information can be accessed as files within a volume.

Question 10

What is Build Configurations?

Answer 10

Builds are configured and controlled by build configuration resources. Build configurations contain the details of the chosen build strategy as well as the source of the developer-supplied artifacts such as Git location, the details of the builder image to be used, and the output image.

Question 11

How to run Openshift on AWS?

Answer 11

Using Red Hat OpenShift Service on AWS (ROSA)
Prerequisites:
- An AWS account.
- A Red Hat account to access OpenShift services.

Installer-Provisioned Infrastructure (IPI)
Prerequisites:
- An AWS account with permissions to create resources.
- A valid OpenShift pull secret from the Red Hat OpenShift Cluster Manager.

User-Provisioned Infrastructure (UPI)
Prerequisites:
Similar to IPI but requires more manual setup of infrastructure

Question 12

How Openshift integrate with AWS service using Red Hat OpenShift Service on AWS (ROSA)

Answer 12

Deployment Options

AWS-Specific Services
OpenShift on AWS can leverage AWS-specific services like Amazon RDS for databases, S3 for storage, and Route 53 for DNS management. Other cloud providers may offer similar services but with different integrations and capabilities

Managed Service
Availability:
The Red Hat OpenShift Service on AWS (ROSA) is a fully managed service that simplifies installation and management, which may not be as streamlined on other platforms without similar managed offerings

Question 13

While install Openshift on AWS, what’s a difference in ROSA and other installation method like IPI and UPI

Answer 13

Infrastructure Management
## Control Plane Management
In ROSA, Red Hat manages the control plane, allowing users to focus on application deployment rather than infrastructure management. In contrast, on other platforms or in self-managed installations (like IPI or UPI), users may need to configure and manage the control plane themselves

Question 14

How to run Openshift on Azure

Answer 14

Using Azure Red Hat OpenShift (ARO)
Prerequisites:
- An Azure account with sufficient permissions.
- A Red Hat account for accessing OpenShift services.

Manual Installation Using OpenShift Installer

Question 15

How are build-in operators available in OpenShift

Answer 15

All the Openshift components are installed via the Operators
Several common ones are
1. OpenShift GitOps Operator
- Utilizes Argo CD for managing infrastructure and application configurations using GitOps principles. It allows for the creation of templates for common configurations and automates synchronization with secrets managers.

2. Service Mesh Operator
   
   • Based on the Istio project, this Operator helps manage the communication between microservices in a distributed application. It enables service discovery, load balancing, authentication, and monitoring, making it easier to manage complex application architectures[1].
3. OpenShift Pipelines Operator
   
   • Implements CI/CD capabilities within OpenShift by providing tools for building, deploying, and managing pipelines[1].
4. OpenShift API for Data Protection (OADP) Operator
   
   • Leverages the Velero project to facilitate backup and restore operations for applications running on OpenShift. It is designed to handle the specific needs of OpenShift environments[1].
5. Elasticsearch Operator
   
   • Automates the deployment and management of Elasticsearch clusters within OpenShift, ensuring that they are configured correctly and can scale as needed
6. Prometheus Operator
   
   • Simplifies the deployment and management of Prometheus monitoring instances, allowing users to easily monitor their applications and infrastructure

Question 16

What are the advantages of using OpenShift over AWS EKS or Azure AKS

Answer 16

1. UI
2. CI/CD
3. Oberservability
4. Security
5. Compliance

Question 17

How to compare Red Hat Advanced Cluster Security for Kubernetes (ACS) to Kyverno

Answer 17

Red Hat Advanced Cluster Security (RHACS)
Purpose
1. Comprehensive security for containerized applications throughout their lifecycle.
2. End-to-end security including build, deploy, and runtime phases.
3. Includes components like Central, Scanner, Sensor, Admission Controller, and Collector for monitoring and enforcement.
4. Provides a centralized dashboard for managing security across multiple clusters.

Kyverno
Purpose
1. Policy management for Kubernetes resources.
2. Primarily focused on admission control and resource management
3. Utilizes Kubernetes admission controllers to validate and mutate resources.
4. No dedicated UI; operates through Kubernetes API interactions.

Compliance
- Enforces policies at runtime based on predefined rules and monitors for compliance violations
- Offers compliance auditing with interactive dashboards for various standards (NIST, PCI, HIPAA)

Kyverno
- Validates and mutates resources during creation or updates through admission webhooks
- Lacks built-in compliance auditing capabilities but can enforce policies related to compliance.

Question 18

How do you compare Rancher to Openshift?

Answer 18

1 .Ease of Use
Rancher offers a user-friendly interface ideal for beginners, while OpenShift has a steeper learning curve due to its extensive features tailored for enterprise users.

2. Integration Capabilities
   Rancher supports a wide range of third-party tools and cloud providers, whereas OpenShift integrates deeply with Red Hat products and offers numerous Operators for enhanced functionality.
   Rancher - Application Catalogs - Install method: Helm
   Openshift - Openshift Operator Hub - Install method: Operator
3. Multi-cluster Management
   Rancher excels in managing multiple Kubernetes clusters from a single interface, while OpenShift also supports this but may be more complex due to its enterprise focus.
4. Security and Compliance
   OpenShift provides advanced security features and compliance certifications, making it suitable for organizations with stringent security requirements, while Rancher offers solid security but may need additional configurations.
5. Pricing and Licensing: Rancher is open-source and free to use with optional paid support, whereas OpenShift typically involves higher costs due to its enterprise nature but includes integrated features that justify the investment in complex environments.
   OpenShift opensource version is as OKD - Origin Kubernetes Distribution