Mockpreps
🧑💼
🪴
Login now and master your exams with Mockpreps’ mock tests!
Top Interview Questions
OpenShift is an enterprise-grade Kubernetes platform developed by Red Hat that allows organizations to build, deploy, and manage containerized applications at scale. It provides developers and IT operations teams with a flexible, secure, and automated environment for managing modern applications in cloud-native architectures.
OpenShift goes beyond Kubernetes by offering enhanced developer productivity, integrated CI/CD pipelines, built-in monitoring, and enterprise security, making it a complete container application platform for hybrid and multi-cloud environments.
OpenShift was launched by Red Hat in 2011 as a Platform-as-a-Service (PaaS) solution for deploying applications in containers. Initially, it focused on simplifying application deployment on private and public clouds.
Key milestones in OpenShift history:
2011: OpenShift 1.0 released as a PaaS for developers to deploy web applications.
2015: OpenShift 3.0 introduced Kubernetes as its core orchestration engine, shifting from a proprietary PaaS to a Kubernetes-native platform.
2016-Present: OpenShift evolved to support hybrid cloud, multi-cloud, serverless computing, and advanced DevOps integrations.
2020s: OpenShift integrates with Red Hat OpenShift Container Storage, Service Mesh, GitOps, and AI/ML workloads, becoming a comprehensive enterprise Kubernetes platform.
Today, OpenShift is widely adopted by enterprises in banking, healthcare, retail, telecommunications, and government, serving as a foundation for cloud-native application modernization.
At its core, OpenShift is a Kubernetes-based container orchestration platform with enterprise-grade enhancements. It enables developers to deploy, scale, and manage applications in containers efficiently while giving IT operations teams tools for security, monitoring, and compliance.
Key characteristics of OpenShift:
Kubernetes-Based: Uses Kubernetes for container orchestration but adds developer-friendly tools, enterprise security, and automation.
Platform-as-a-Service (PaaS) and Container Platform: Supports deploying apps with minimal operational overhead.
Hybrid and Multi-Cloud Support: Deploy applications on on-premises, private cloud, or public cloud environments.
DevOps and CI/CD Integration: Provides pipelines and automation for faster software delivery.
OpenShift architecture is built to combine Kubernetes orchestration with enterprise enhancements, consisting of the following components:
Manage the cluster state, API server, scheduling, and authentication.
Key components: API Server, Controller Manager, Scheduler, etcd (distributed key-value store).
Ensures cluster health, scaling, and orchestration.
Run containerized applications in pods.
Components include Kubelet, container runtime (Docker or CRI-O), and networking proxies.
Hosts OpenShift SDN for network communication and service discovery.
Manages external traffic routing to services inside the cluster.
Supports ingress rules, TLS termination, and load balancing.
Built-in OpenShift Container Registry stores and manages Docker images.
Supports private image repositories and secure access.
Integrates Jenkins pipelines, GitOps, Tekton pipelines, and automated builds.
Provides developers with automated workflows for building, testing, and deploying apps.
Prometheus and Grafana for metrics and visualization.
Elasticsearch, Fluentd, Kibana (EFK) stack for centralized logging.
Ensures operational visibility and troubleshooting.
OpenShift uses Operators to automate application deployment, upgrades, and lifecycle management.
Example: Database operators for PostgreSQL, MongoDB, or Redis.
Adds security, compliance, and management features to standard Kubernetes.
Supports role-based access control (RBAC) and multi-tenant environments.
Built-in CLI and Web Console for application management.
Automated build and deployment pipelines for faster development.
Supports multiple programming languages and frameworks (Java, Python, Node.js, .NET, Ruby).
Deploy applications consistently across on-premises, AWS, Azure, GCP, or edge locations.
Supports cloud-native workloads and containerized legacy applications.
Build automation and pipelines for continuous integration, testing, and deployment.
GitOps support for declarative application management.
Built-in SELinux, network policies, and encryption.
Compliance with enterprise standards like HIPAA, GDPR, and PCI DSS.
Automated patching and updates for cluster security.
Horizontal pod autoscaling and cluster autoscaling.
Multi-zone deployments for fault tolerance and resilience.
Supports stateful and stateless applications.
Metrics, logging, tracing, and alerting in one platform.
Enables proactive monitoring and performance tuning.
OpenShift can be deployed in several models depending on enterprise needs:
OpenShift Container Platform: Self-managed, on-premises or private cloud Kubernetes platform.
OpenShift Dedicated: Managed OpenShift service hosted by Red Hat on public cloud providers.
Red Hat OpenShift on AWS/Azure/GCP: Cloud provider integrations with managed Kubernetes services.
OpenShift Online: Public cloud SaaS offering for small projects and developers.
Enterprise-Grade Kubernetes: Secure, reliable, and fully supported Kubernetes distribution.
Developer Productivity: Simplified deployment, CI/CD pipelines, and automation.
Hybrid Cloud Flexibility: Consistent platform across multiple infrastructures.
Security: Built-in security policies, SELinux, and compliance tools.
Scalable and Highly Available: Supports autoscaling, multi-node clusters, and disaster recovery.
Rich Ecosystem: Integrates with cloud-native tools, Operators, and third-party services.
Monitoring and Observability: Centralized dashboards and alerts for operational visibility.
Complexity: Advanced features require skilled administrators and DevOps engineers.
Resource Intensive: Requires significant compute and memory for cluster management.
Cost: Licensing for enterprise editions may be expensive compared to vanilla Kubernetes.
Learning Curve: Developers and IT teams must learn OpenShift-specific concepts, CLI, and web console workflows.
Enterprises modernize legacy apps into containerized microservices.
Supports DevOps practices with automated pipelines.
Deploy applications seamlessly across on-premises and multiple cloud providers.
Example: Banking apps running sensitive workloads on-premises while leveraging cloud elasticity.
OpenShift’s built-in pipelines streamline code build, testing, and deployment.
Ensures faster time-to-market for enterprise applications.
Supports GPU-enabled clusters for machine learning and analytics workloads.
Integrates with frameworks like TensorFlow, PyTorch, and Spark.
OpenShift supports lightweight clusters for IoT, telco, and edge applications.
Enables real-time processing closer to data sources.
Serverless OpenShift: Knative integration for event-driven, serverless applications.
GitOps: Declarative deployment pipelines using Git as the source of truth.
Service Mesh: Red Hat OpenShift Service Mesh for microservice communication, traffic control, and observability.
Cloud-Native Storage: Integrated Red Hat OpenShift Container Storage for persistent volumes and scalable storage.
AI/ML Enablement: GPU scheduling and accelerated computing for data science workloads.
OpenShift is a leading enterprise Kubernetes platform that combines developer productivity, operational automation, and enterprise-grade security to support modern application deployment and management. It enables organizations to adopt cloud-native architectures, automate DevOps workflows, and scale applications across hybrid and multi-cloud environments.
By providing integrated CI/CD pipelines, monitoring, security, and hybrid cloud flexibility, OpenShift empowers enterprises to accelerate innovation while maintaining reliability, compliance, and operational control. As businesses increasingly rely on containers, microservices, and cloud-native technologies, OpenShift continues to be a critical platform for enterprise digital transformation.
Q1. What is OpenShift?
Answer:
"OpenShift is a Kubernetes-based container platform developed by Red Hat. It enables developers and administrators to build, deploy, and manage containerized applications with features like automated scaling, CI/CD pipelines, and multi-cloud support."
Q2. Difference between OpenShift and Kubernetes
| Feature | Kubernetes | OpenShift |
|---|---|---|
| Installation | Requires manual setup | Pre-configured with tools |
| Security | Basic RBAC | Enhanced security and policies |
| UI | Dashboard available but limited | Integrated web console |
| Registry | External required | Built-in container registry |
Q3. What are containers?
"Containers are lightweight, portable units that package an application and its dependencies, ensuring consistent execution across different environments."
Q4. What is Docker and its relation to OpenShift?
"Docker is a container runtime for building and running containers. OpenShift supports Docker or other container runtimes to run containerized applications."
Q5. What is a Pod in OpenShift?
"A Pod is the smallest deployable unit in OpenShift, representing one or more containers that share networking, storage, and configuration."
Q6. What is a Node?
"A Node is a physical or virtual machine in the OpenShift cluster that runs pods and is managed by the master/control plane."
Q7. What is a Cluster in OpenShift?
"A Cluster is a set of nodes managed by OpenShift’s control plane, providing high availability and orchestration for containers."
Q8. What is a Project in OpenShift?
"A Project is a namespace that groups related applications, services, and resources, with role-based access control for users."
Q9. Difference between Namespace and Project
| Feature | Namespace | Project |
|---|---|---|
| Scope | Kubernetes concept | OpenShift abstraction on namespace |
| Access control | Basic RBAC | Enhanced RBAC, user-friendly |
Q10. What is a Deployment in OpenShift?
"A Deployment manages application replicas, ensuring the desired state is maintained, performing rolling updates, and enabling rollback."
Q11. What are the main components of OpenShift architecture?
Master/Control Plane: API server, Scheduler, Controller
Nodes/Workers: Run pods and containers
etcd: Distributed key-value store for cluster configuration
Router/Ingress: Routes traffic to applications
Registry: Built-in container image storage
Q12. What is etcd in OpenShift?
"etcd is a distributed key-value store that stores cluster configuration and state data. It is critical for OpenShift’s high availability."
Q13. What is the OpenShift Router?
"Router provides external access to services running in the cluster using routes and manages load balancing."
Q14. What is the OpenShift Registry?
"The internal container registry stores and manages container images built and deployed within the OpenShift cluster."
Q15. What is OpenShift Control Plane?
"The Control Plane manages the cluster, maintaining desired states, scheduling pods, and exposing APIs to users and administrators."
Q16. Difference between OpenShift Master and Node
| Feature | Master | Node |
|---|---|---|
| Role | Cluster management | Run workloads (pods/containers) |
| Components | API server, scheduler, etcd | Kubelet, container runtime |
| Responsibility | Orchestration | Execution of pods |
Q17. What is OpenShift API Server?
"The API server exposes the Kubernetes API to users and tools, allowing cluster management, application deployment, and automation."
Q18. What is a BuildConfig in OpenShift?
"BuildConfig defines how source code is built into a container image, supporting strategies like Source-to-Image (S2I), Docker builds, or pipeline builds."
Q19. What is Source-to-Image (S2I)?
"S2I is a build tool in OpenShift that automatically converts source code into a runnable Docker image by injecting source code into a builder image."
Q20. What are Routes in OpenShift?
"Routes expose services to external traffic using DNS names, enabling users to access applications from outside the cluster."
Q21. Difference between Service and Route
| Feature | Service | Route |
|---|---|---|
| Purpose | Internal communication | External access |
| Protocol | Cluster IP | HTTP/HTTPS |
Q22. What is a DeploymentConfig (DC)?
"DeploymentConfig is an OpenShift-specific resource similar to Deployment, allowing triggers for deployments based on image changes or config changes."
Q23. Difference between Deployment and DeploymentConfig
| Feature | Deployment | DeploymentConfig |
|---|---|---|
| Trigger | Only manual or automatic scaling | Supports image/config triggers |
| Rollback | Built-in | Manual rollback |
Q24. What is a PodTemplate?
"A PodTemplate defines the specifications for a pod that a Deployment or DeploymentConfig uses to create actual pods."
Q25. What is a ConfigMap in OpenShift?
"ConfigMap stores configuration data as key-value pairs that can be injected into pods without rebuilding images."
Q26. What is a Secret?
"Secret stores sensitive information like passwords, tokens, or certificates, and can be mounted into pods securely."
Q27. Difference between ConfigMap and Secret
| Feature | ConfigMap | Secret |
|---|---|---|
| Security | Plain text | Base64 encoded / encrypted |
| Use case | General config | Sensitive data |
Q28. What is Horizontal Pod Autoscaler (HPA)?
"HPA automatically scales the number of pod replicas based on CPU/memory usage or custom metrics."
Q29. Difference between Vertical and Horizontal Scaling
| Type | Vertical Scaling | Horizontal Scaling |
|---|---|---|
| Approach | Increase pod resources | Increase pod replicas |
| Limit | Limited by node capacity | Can scale across nodes |
Q30. How to deploy an application in OpenShift?
Build an image (S2I or Dockerfile)
Create a Deployment/DeploymentConfig
Expose service via ClusterIP
Create Route for external access
Q31. What is Persistent Volume (PV)?
"PV is cluster storage resource provisioned by the admin to provide persistent storage to pods."
Q32. What is Persistent Volume Claim (PVC)?
"PVC is a request by a pod for storage, which binds to a matching PV automatically."
Q33. Difference between PV and PVC
| Feature | PV | PVC |
|---|---|---|
| Ownership | Admin-managed | User-requested |
| Purpose | Provides storage | Claims storage |
Q34. What types of storage does OpenShift support?
NFS, iSCSI, GlusterFS, Ceph
Cloud storage: AWS EBS, Azure Disk, GCP Persistent Disk
Dynamic and static provisioning
Q35. What is OpenShift Security Context?
"Security Context defines security settings for pods, like user ID, group ID, file permissions, and capabilities."
Q36. What is Role-Based Access Control (RBAC) in OpenShift?
"RBAC restricts access to OpenShift resources based on roles assigned to users or service accounts."
Q37. What is a ServiceAccount?
"ServiceAccount is an identity for pods to access cluster resources securely."
Q38. Difference between ClusterRole and Role
| Feature | Role | ClusterRole |
|---|---|---|
| Scope | Namespace-specific | Cluster-wide |
| Access | Limited to one namespace | Access across all namespaces |
Q39. What is NetworkPolicy in OpenShift?
"NetworkPolicy defines rules for pod communication, controlling which pods/services can communicate with each other."
Q40. Difference between ClusterIP, NodePort, and LoadBalancer Services
| Type | Purpose |
|---|---|
| ClusterIP | Internal cluster access only |
| NodePort | Access via node IP and port |
| LoadBalancer | External access via cloud LB |
Q41. How to monitor OpenShift clusters?
OpenShift Console metrics
Prometheus and Grafana integration
Alerts via Alertmanager
Logging via EFK stack (Elasticsearch, Fluentd, Kibana)
Q42. What is OpenShift Logging Stack?
"EFK stack collects, stores, and visualizes logs from pods, nodes, and system components."
Q43. What is OpenShift Metrics Stack?
"Prometheus-based metrics stack monitors cluster performance, resource usage, and custom application metrics."
Q44. How to troubleshoot pod failures?
Check pod status: oc get pods
Inspect logs: oc logs <pod>
Describe pod: oc describe pod <pod>
Check events and node health
Q45. Difference between oc and kubectl
| Tool | Purpose |
|---|---|
| kubectl | Kubernetes cluster management |
| oc | OpenShift CLI with extra features like builds, routes, and projects |
Q46. What is OpenShift Operator?
"Operators automate the deployment, scaling, and management of applications on OpenShift, encapsulating operational knowledge."
Q47. Difference between Deployment and StatefulSet
| Feature | Deployment | StatefulSet |
|---|---|---|
| Use case | Stateless apps | Stateful apps like databases |
| Pod identity | Dynamic | Stable network ID and storage |
Q48. What is a CronJob in OpenShift?
"CronJob runs pods on a scheduled basis, similar to Linux cron jobs, for periodic tasks like backups."
Q49. What is OpenShift Build Pipeline?
"Build Pipeline automates the CI/CD process by building, testing, and deploying applications using Jenkins or OpenShift Pipelines (Tekton)."
Q50. Best practices for OpenShift administration
Use namespaces/projects for multi-tenancy
Monitor resource usage with HPA and metrics
Secure pods with RBAC and Security Context
Use persistent storage for stateful apps
Regularly update OpenShift components
Answer:
OpenShift is an enterprise Kubernetes platform from Red Hat that provides container orchestration, developer tooling, CI/CD integration, security policies, and an opinionated workflow on top of Kubernetes.
Key differences:
Security defaults: Enforces non‑root containers by default.
Built‑in registry: Internal image registry.
S2I builds: Source‑to‑Image build workflows.
OpenShift Routes: Native load‑balanced external access.
Web Console & DevOps tooling: Integrated UI, pipelines, and ecosystem.
OpenShift leverages Kubernetes but adds enterprise features, user experience, RBAC defaults, and automation.
Answer:
Projects are namespaces with additional OpenShift metadata and policies. Each project includes:
Resource quota
Network policies
Role binding scope
Security context constraints (SCC)
Projects isolate workloads and govern access control for teams or applications.
Answer:
Operators extend the Kubernetes API to manage applications automatically using Custom Resource Definitions (CRDs) and Controllers. They encode:
Installation logic
Deployment
Upgrades
Backup/Recovery
Scaling
Example built‑in Operators: OpenShift Logging, Prometheus, Service Mesh, Elasticsearch, MongoDB Operators.
Answer:
A Route exposes a service externally by creating a hostname and mapping it to a service. It functions like an Ingress, but with features like:
Host/path routing
TLS termination options
Edge, passthrough, re‑encrypt strategies
Routes make apps reachable outside the cluster.
Answer:
BuildConfig defines how source code is transformed into a container image. It supports multiple build strategies:
Source‑to‑Image (S2I)
Docker strategy
Custom strategy
Pipeline strategy (Tekton)
BuildConfigs automate builds, triggers (Git, Image, Config), and caching.
Answer:
DeploymentConfig is an OpenShift controller that manages app deployments with features like:
Hooks (pre, post)
Rollback strategy
Triggers based on image changes
Kubernetes Deployment is standard Kubernetes API with ReplicaSets and rollout strategies. OpenShift DeploymentConfig adds richer build integration and lifecycle hooks.
Answer:
StatefulSet manages stateful applications requiring:
Stable network identity
Persistent volumes
Ordered scaling and deployment
Used for databases (e.g., PostgreSQL, MongoDB), Kafka, Zookeeper, etc.
Answer:
DaemonSets ensure that a copy of a pod runs on all or selected nodes (based on node selectors). Use cases:
Logging agents
Monitoring agents
Network plugins
Answer:
OpenShift uses the Horizontal Pod Autoscaler (HPA) to scale workloads based on metrics like CPU, memory, or custom metrics via Prometheus Adapter.
Example:
oc autoscale dc/myapp --min 2 --max 10 --cpu-percent=70
Answer:
CronJob schedules pods to run at specified intervals (like Linux cron). It’s useful for:
Backups
Batch jobs
Data processing tasks
Answer:
OpenShift Software Defined Network (SDN) provides:
Pod‑to‑Pod connectivity
Network isolation per project
Multiple network plugin options: OVN‑Kubernetes, OpenShift SDN
NetworkPolicy support
It abstracts IPAM, routing, and isolation.
Answer:
A Service exposes a set of pods through a stable DNS name and a virtual IP (ClusterIP), and can be:
ClusterIP (internal)
NodePort
LoadBalancer (via cloud integration)
Services decouple workload from underlying pods.
Answer:
Route: OpenShift native external endpoint abstraction.
Ingress: Kubernetes standard for HTTP routing.
OpenShift Routes are more flexible with edge/passthrough TLS, host rewriting, and advanced policies.
Answer:
External IP: Node reachable IP exposed by Service.
LoadBalancer: Provisioned by cloud provider to distribute traffic externally.
OpenShift can integrate with cloud LB services (AWS ELB, GCP LB, Azure LB).
Answer:
Pods receive network addresses from cluster CIDR blocks. Traffic is routed via SDN overlays (VXLAN, Geneve) and managed by CNI plugins (OVN‑Kubernetes or OpenShift SDN).
Answer:
SCC define what actions pods can perform and what resources they can access. Key controls:
Running as non‑root
Allowed capabilities
SELinux context
Volume access
Host networking
SCCs harden pod execution.
Answer:
OAuth clients are applications configured in OpenShift for authentication via OAuth flows, often used for CLI or web‑based auth scenarios.
Answer:
Role‑Based Access Control is implemented using:
ClusterRoles
Roles
ClusterRoleBindings
RoleBindings
Roles grant permissions (verbs on resources). Bindings attach roles to users/group/service accounts.
Answer:
Secrets store sensitive data (passwords, tokens). Managed through:
oc create secret generic my‑secret --from‑literal=key=value
oc set env dc/myapp ‑‑from=secret/my‑secret
Secrets are mounted as files or environment variables.
Answer:
ServiceAccounts provide an identity for pods to authenticate with the cluster API. Tokens are auto‑mounted and can be scoped with RBAC.
Answer:
PV: Cluster resource representing storage.
PVC: Request for storage by a pod.
Claim binds to available PV based on size and access mode.
Answer:
StorageClass defines dynamic provisioning parameters (type, reclaim policy, QoS) for PVs.
Example:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast‑ssd
provisioner: kubernetes.io/aws‑ebs
Answer:
ReadWriteOnce (RWO)
ReadOnlyMany (ROX)
ReadWriteMany (RWX)
RWX is required for shared file systems (NFS, CSI drivers).
Answer:
StorageClass allows automatic creation of storage on demand when PVCs are requested.
Answer:
With:
oc patch pvc my‑pvc ‑p '{"spec": {"resources": {"requests": {"storage": "20Gi"}}}}'
Requires support from storage provider.
Answer:
S2I builds container images directly from source code with builder images without writing Dockerfiles manually.
Answer:
OpenShift uses Tekton pipelines for CI/CD automation.
Tasks run sequential or parallel steps, enabling builds, tests, and deployments.
Answer:
Builds can be triggered by:
Git commits
Image changes
Config changes
Manual triggers
Triggers automate deployment workflows.
Answer:
An ImageStream tracks images (from registry or internal) and triggers actions based on changes. Important in build and deployment pipelines.
Answer:
Use:
oc rollout undo dc/myapp
This uses rollout history to rollback to previous revision.
Answer:
oc logs my‑pod
oc logs ‑f my‑pod
Supports previous containers and selected containers within a pod.
Answer:
oc exec ‑it my‑pod ‑‑ /bin/bash
Useful for debugging inside containers.
Answer:
oc scale dc/myapp ‑‑replicas=5
Answer:
Use:
oc get nodes
oc get co
oc get events
Also review metrics via Prometheus and alerts.
Answer:
Using CLI or web console:
Plan upgrade path
Use oc adm upgrade
Cluster will roll nodes in controlled fashion
Operators help manage component upgrades.
Answer:
Certificates are managed by the cluster, often via the Machine Config Operator or manually replaced for specific services.
Answer:
OpenShift Cluster Autoscaler manages node groups in cloud environments to add/remove worker nodes based on pod resource requests.
Answer:
Taints: Prevent pods from scheduling on nodes unless tolerated.
Tolerations: Pod config that allows crossing taints.
Useful for specialized workloads (GPU nodes, critical services).
Answer:
OpenShift includes:
Prometheus (metrics collection)
Alertmanager (alerting)
Grafana (dashboards)
Cluster Monitoring Operator for integration
Answer:
Provides a UI for developers and admins to:
Create projects
Deploy applications
View logs and metrics
Manage cluster resources and roles
Useful for visibility and governance.
Answer:
Assess Kubernetes manifests and compatibility.
Convert Deployment to DeploymentConfig or use pure Kubernetes Deployment.
Adjust RBAC, Routes instead of Ingress, SCC policies.
Migrate PVCs and StorageClass names.
Test in staging.
Answer:
Optimize number of replicas and resource limits.
Review autoscaling policies.
Enable efficient scheduling via taints/tolerations and node selectors.
Optimize container images for smaller size.
Answer:
Review build logs: oc logs bc/mybuild
Check builder image environment
Validate triggers and source repo access
Review pipeline logs for Tekton
Answer:
Enable mTLS via Service Mesh
Use NetworkPolicy to restrict traffic
RBAC for API access controls
Answer:
Store secrets in Vault or external secret manager.
Update Kubernetes Secrets.
Trigger rolling deployments.
Answer:
Node resource usage (CPU, Memory)
Pod restart counts
Build durations
Failed deployments
API server latencies
Answer:
Identify expiring certs via monitoring and use:
oc adm ca sign
Or use Operators to regenerate certs.
Answer:
Using NetworkPolicies or EgressRouter to manage outbound traffic from pods for security and compliance.
Answer:
Via:
Jenkins OpenShift plugin
Webhooks
BuildConfigs and pipeline triggers
Shared repository integrations
Answer:
Multi‑master setup
Distributed ETCD
Redundant etcd backups
Multiple worker nodes
Load balancing for API endpoints
✔ Provide real scenarios (clusters you architected, migrations you did)
✔ Quote commands you’ve used in production
✔ Explain the why behind choices (security, performance, compliance)
✔ Demonstrate depth: RBAC, SCC, routes, pipelines, upgrades
