Top 50 openshift interview questions and answers for devops engineer

Mastering OpenShift: Your Top DevOps Interview Questions and Answers Guide (2025)

Welcome to your essential study guide for OpenShift interview questions, specifically tailored for DevOps engineers. This guide provides a curated selection of common interview topics, offering concise answers and practical insights to help you ace your next technical assessment. We'll cover fundamental concepts, architectural components, deployment strategies, networking, storage, and more, preparing you to demonstrate your expertise in OpenShift environments. While we won't list 50 distinct questions, we'll delve into the key areas where those questions originate, giving you a strong foundation.

Table of Contents

1. OpenShift Core Concepts & Fundamentals
2. OpenShift Architecture & Components
3. Deployment & Application Management
4. Networking & Services in OpenShift
5. Storage & Persistent Data Management
6. Security & Best Practices
7. Troubleshooting & Day-2 Operations
8. Frequently Asked Questions (FAQ)
9. Further Reading
10. Conclusion

OpenShift Core Concepts & Fundamentals

Understanding the basic building blocks of OpenShift is crucial. Interviewers often start here to gauge your foundational knowledge before diving into more complex scenarios. Familiarize yourself with how OpenShift extends Kubernetes.

Q1: What is OpenShift, and how does it differ from Kubernetes?

Answer: OpenShift is an enterprise Kubernetes platform developed by Red Hat. While Kubernetes provides the core container orchestration capabilities, OpenShift adds developer and operations tooling, integrated CI/CD, source-to-image (S2I) builds, enhanced security features, and a managed application platform. It offers a more opinionated and feature-rich experience out-of-the-box.

Q2: Explain the purpose of an OpenShift Project.

Answer: An OpenShift Project is a logical grouping of related resources within OpenShift, similar to a Kubernetes Namespace but with additional features. Projects provide a way to organize applications, services, and teams, offering enhanced security and access control (RBAC). Each project typically maps to a development team or an application environment.

OpenShift Architecture & Components

A strong grasp of OpenShift's architecture is essential for DevOps engineers. This section explores the key components and their interactions, critical for understanding system behavior and troubleshooting.

Q3: Describe the main components of an OpenShift cluster.

Answer: An OpenShift cluster primarily consists of Master Nodes and Worker Nodes. Master Nodes house the control plane components like API Server, etcd, Scheduler, and Controller Manager, along with OpenShift-specific controllers and the OpenShift Container Platform (OCP) Console. Worker Nodes run the actual applications in pods, managed by Kubelet and Kube-proxy. Additional components include the internal image registry, router, and monitoring stack.

Q4: What is a Router in OpenShift?

Answer: The OpenShift Router provides external access to services running within the cluster. It acts as an ingress controller, listening for incoming traffic on specific ports and forwarding it to the correct service based on HTTP headers (like hostnames) or paths. Routers leverage HAProxy by default but can be configured with other solutions. They are crucial for exposing web applications to end-users.

Deployment & Application Management

DevOps engineers are deeply involved in deploying and managing applications. These questions focus on OpenShift's deployment strategies, build processes, and scaling capabilities.

Q5: Explain the difference between a Deployment and a DeploymentConfig in OpenShift.

Answer: A Deployment is a native Kubernetes resource for managing stateless applications, handling rolling updates and rollbacks. A DeploymentConfig is an OpenShift-specific resource that builds upon Deployments, offering more advanced features like custom deployment strategies (e.g., Recreate, Blue/Green, Canary), pre- and post-hook actions, and integration with OpenShift Builds. While OpenShift supports both, DeploymentConfigs provide richer deployment lifecycle management.

Q6: How does Source-to-Image (S2I) work in OpenShift?

Answer: Source-to-Image (S2I) is an OpenShift feature that allows developers to create reproducible container images from source code without needing to write a Dockerfile manually. An S2I builder image contains the build tools (e.g., Node.js, Python, Java) and places the application source code into the image. This simplifies the build process, promotes consistency, and enhances security by using trusted base images. Developers simply provide their source code and OpenShift handles the image creation.

Action Item: To initiate an S2I build:

oc new-app --name=my-app nodejs~https://github.com/openshift/nodejs-ex.git

Networking & Services in OpenShift

Networking is a fundamental aspect of any distributed system. OpenShift's networking model and service exposure mechanisms are critical for applications to communicate effectively.

Q7: What is an OpenShift Service, and why is it important?

Answer: An OpenShift Service (like a Kubernetes Service) is an abstract way to expose an application running on a set of Pods as a network service. It provides a stable IP address and DNS name, allowing other applications to connect to it without needing to know the specific Pod IPs, which are ephemeral. Services enable load balancing and service discovery within the cluster.

Q8: How do you expose an internal application service externally in OpenShift?

Answer: To expose an internal application service externally, you create an OpenShift Route. A Route maps a user-friendly hostname to an internal Service. The OpenShift Router then handles the incoming external traffic and forwards it to the correct pods backing that Service. You can specify different routing policies like path-based or hostname-based routing.

Code Example: Creating a simple route:

oc expose service my-web-app --hostname=www.mywebapp.com

Storage & Persistent Data Management

For stateful applications, persistent storage is non-negotiable. This section covers OpenShift's approach to managing data persistence and various storage options.

Q9: Explain PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) in OpenShift.

Answer: A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned. It's a network-attached storage (NAS) or block storage (SAN) resource available for use by pods. A PersistentVolumeClaim (PVC) is a request for storage by a user (or application). Pods consume PVCs, which then bind to available PVs that match the request's criteria (size, access mode). This decouples storage provisioning from application consumption.

Q10: What are common storage options for OpenShift?

Answer: OpenShift supports various storage solutions. Common options include cloud-provider specific storage (AWS EBS, Azure Disk, Google Persistent Disk), network file systems (NFS), distributed storage systems (Ceph/Rook, GlusterFS), and local storage. The choice depends on performance requirements, scalability needs, and infrastructure. Dynamic provisioning is often used to automate PV creation.

Security & Best Practices

Security is paramount in any production environment. These questions cover OpenShift's security features and how to implement best practices for secure deployments.

Q11: How does OpenShift enhance container security compared to raw Kubernetes?

Answer: OpenShift introduces several security enhancements. By default, it runs containers with an arbitrarily assigned User ID (UID), preventing processes from running as root. It enforces Security Context Constraints (SCCs), which control pod security parameters like privileged access, capabilities, and volume types. OpenShift also integrates with Red Hat's enterprise-grade identity management (SSO) and provides advanced network segmentation policies.

Q12: What is an SCC (Security Context Constraint) in OpenShift?

Answer: A Security Context Constraint (SCC) is an OpenShift-specific resource that controls the security context of a Pod. SCCs define a set of conditions that a pod must run under, such as allowed user IDs, required capabilities, and allowed volume types. They are powerful tools for administrators to restrict the privileges of applications, enhancing overall cluster security. When a pod is deployed, OpenShift tries to match it to an available SCC.

Troubleshooting & Day-2 Operations

DevOps engineers are often on the front lines of troubleshooting. These questions assess your ability to diagnose and resolve issues within an OpenShift environment.

Q13: What are common commands for inspecting application logs and events in OpenShift?

Answer: To view logs for a specific pod, use oc logs <pod-name>. To follow logs in real-time, add the -f flag. For events related to a pod or other resource, use oc describe <resource-type>/<resource-name> (e.g., oc describe pod my-app-1-xyz). The OpenShift Web Console also provides a user-friendly interface for viewing logs and events across your project.

Code Example: Tail logs for a specific deployment:

oc logs -f deploy/my-app

Q14: An application pod is repeatedly crashing; what steps would you take to diagnose the issue?

Answer: First, check the pod's status and events using oc describe pod <pod-name> to look for common issues like OOMKilled, ImagePullBackOff, or CrashLoopBackOff. Next, inspect the pod's logs using oc logs <pod-name> for application-specific errors. Verify resource limits and requests in the DeploymentConfig/Deployment. Check the container image and ensure it's functional. Finally, examine related service and route configurations, and consider scaling issues or external dependencies.

Frequently Asked Questions (FAQ)

Here are some quick answers to common questions about OpenShift for DevOps roles.

• Q: Is OpenShift free to use?
  A: OpenShift Container Platform (OCP) is a commercial product by Red Hat. However, Red Hat offers community versions like OKD (OpenShift Kubernetes Distribution), which is open-source and free, suitable for learning and development.
• Q: What is the role of the oc command-line tool?
  A: The oc command-line interface (CLI) is OpenShift's primary tool for interacting with the cluster. It's an extension of kubectl and allows you to manage projects, applications, builds, deployments, and other resources.
• Q: Can OpenShift run on any cloud provider?
  A: Yes, OpenShift is designed to be cloud-agnostic. It can be deployed on public clouds (AWS, Azure, GCP), on-premise virtualized environments (VMware, OpenStack), and bare metal infrastructure.
• Q: What is an ImageStream in OpenShift?
  A: An ImageStream is an OpenShift object that allows you to track and manage container images in your cluster's internal registry or external registries. It provides a stable name for an image, even if the underlying image tag changes, facilitating consistent builds and deployments.
• Q: How does OpenShift handle rolling updates?
  A: OpenShift, through DeploymentConfigs or native Deployments, manages rolling updates by gradually replacing old pods with new ones. It ensures application availability during updates by maintaining a minimum number of running pods and waiting for new pods to become ready before terminating old ones.

{
  "@context": "https://schema.org",
  "@type": "FAQPage",
  "mainEntity": [
    {
      "@type": "Question",
      "name": "Is OpenShift free to use?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "OpenShift Container Platform (OCP) is a commercial product by Red Hat. However, Red Hat offers community versions like OKD (OpenShift Kubernetes Distribution), which is open-source and free, suitable for learning and development."
      }
    },
    {
      "@type": "Question",
      "name": "What is the role of the `oc` command-line tool?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "The `oc` command-line interface (CLI) is OpenShift's primary tool for interacting with the cluster. It's an extension of `kubectl` and allows you to manage projects, applications, builds, deployments, and other resources."
      }
    },
    {
      "@type": "Question",
      "name": "Can OpenShift run on any cloud provider?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Yes, OpenShift is designed to be cloud-agnostic. It can be deployed on public clouds (AWS, Azure, GCP), on-premise virtualized environments (VMware, OpenStack), and bare metal infrastructure."
      }
    },
    {
      "@type": "Question",
      "name": "What is an ImageStream in OpenShift?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "An ImageStream is an OpenShift object that allows you to track and manage container images in your cluster's internal registry or external registries. It provides a stable name for an image, even if the underlying image tag changes, facilitating consistent builds and deployments."
      }
    },
    {
      "@type": "Question",
      "name": "How does OpenShift handle rolling updates?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "OpenShift, through DeploymentConfigs or native Deployments, manages rolling updates by gradually replacing old pods with new ones. It ensures application availability during updates by maintaining a minimum number of running pods and waiting for new pods to become ready before terminating old ones."
      }
    }
  ]
}
    

Further Reading

To deepen your knowledge and stay updated, explore these authoritative resources:

• OpenShift Official Documentation: The definitive source for all OpenShift features and operations.
• Red Hat OpenShift Homepage: Learn about the latest features, use cases, and enterprise offerings.
• Kubernetes Official Documentation: Essential for understanding the underlying principles that OpenShift builds upon.

Conclusion

Navigating OpenShift interview questions requires a solid understanding of both its foundational concepts and its advanced features for DevOps workflows. By focusing on core architecture, deployment strategies, networking, storage, security, and troubleshooting, you can confidently discuss your expertise. This guide provides a strong starting point, emphasizing the practical knowledge critical for success in a DevOps role utilizing OpenShift.

For more insights and guides on cloud-native technologies, consider subscribing to our newsletter or exploring our other DevOps resources!

1. What is OpenShift?

OpenShift is Red Hat’s enterprise Kubernetes platform that provides automated application deployment, scaling, and management. It includes DevOps tools, built-in CI/CD, security, policy control, and developer-friendly features for building cloud-native apps.

2. What is the difference between Kubernetes and OpenShift?

OpenShift is Kubernetes with enterprise enhancements like security defaults, integrated registry, operators, monitoring, and built-in developer tools. It enforces stricter security policies and provides a supported, production-ready Kubernetes environment.

3. What are OpenShift Masters?

OpenShift Masters manage the cluster by running API server, scheduler, and controller manager. They handle authentication, routing, resource allocation, and cluster orchestration for all worker nodes.

4. What are OpenShift Worker Nodes?

Worker nodes run containerized applications using CRI-O or Docker. They host compute workloads, run pods, handle networking, and integrate with masters through kubelet and machine configs.

5. What is OpenShift CLI (oc)?

The oc CLI provides command-line control for managing OpenShift resources such as pods, deployments, routes, builds, and projects. It extends kubectl with OpenShift-specific features like projects, builds, and source-to-image operations.

6. What is an OpenShift Project?

A Project is an isolated namespace containing resources, policies, quotas, and user access. It groups applications and controls boundaries for deployment, networking, and security within the OpenShift cluster.

7. What is Source-to-Image (S2I) in OpenShift?

S2I is a build tool that creates container images directly from source code. It injects your application into a base image, eliminating manual Dockerfile creation and enabling automated, repeatable builds.

8. What is OpenShift Route?

A Route exposes services to external clients using built-in HAProxy-based ingress. It supports TLS termination, sticky sessions, edge/reencrypt modes, and custom hostnames for application access.

9. What is OpenShift Operator?

Operators are Kubernetes controllers packaged with knowledge to automate lifecycle tasks like installation, upgrades, and configuration. OpenShift uses OperatorHub to manage platform components and third-party services.

10. What is OpenShift Container Registry (OCR)?

OCR is OpenShift’s integrated Docker-compliant registry used to store, push, and pull container images securely. It integrates with OpenShift authentication, build pipelines, and image streams for automated deployments.

11. What are ImageStreams in OpenShift?

ImageStreams track versions of container images and trigger builds or deployments when new images arrive. They act as pointers to image tags and automate update pipelines based on registry changes.

12. What is OpenShift BuildConfig?

A BuildConfig defines how to build container images using S2I, Dockerfile, or custom strategies. It supports automated triggers, Git integration, webhook builds, and artifact generation for deployments.

13. What is OpenShift DeploymentConfig?

DeploymentConfig manages application deployment lifecycle with triggers, rollouts, and rollback options. It enables auto-triggered deployments when builds or images change, supporting blue-green and rolling updates.

14. What is the difference between Deployment and DeploymentConfig?

Deployment (Kubernetes) uses ReplicaSets, while DeploymentConfig (OpenShift) integrates with ImageStreams and BuildConfigs. DeploymentConfig offers richer automation but newer clusters prefer Kubernetes Deployments.

15. What is OpenShift OAuth?

OpenShift OAuth manages secure authentication using identity providers like LDAP, GitHub, SAML, Google, and Kubernetes tokens. It centralizes login, tokens, and user identity management for the entire cluster.

16. What is OpenShift Web Console?

The Web Console provides a rich UI for developers and administrators to manage resources, view logs, monitor workloads, trigger builds, and configure networking without using CLI commands.

17. What is OpenShift Machine Config Operator?

The Machine Config Operator manages OS-level configurations on worker and master nodes. It applies updates, manages ignition files, kernel parameters, and ensures consistent node state across the cluster.

18. What is OpenShift Service?

A Service exposes a stable endpoint for accessing pods using load balancing and service discovery. It routes traffic to healthy pods and supports ClusterIP, NodePort, and LoadBalancer types.

19. How does OpenShift ensure security?

OpenShift uses strict security defaults like SCCs, SELinux enforcement, RBAC, OAuth, and admission policies. Containers run as non-root by default, reducing attack surface and enforcing enterprise security standards.

20. What is Security Context Constraint (SCC)?

SCCs define security rules for pods, controlling privileges, volume types, SELinux contexts, and user permissions. They prevent unsafe workloads by restricting root access and enforcing secure container behavior.

21. What is OpenShift Template?

A Template bundles multiple resources such as deployments, services, routes, and secrets into a reusable configuration. It supports parameterization and enables repeatable application provisioning in multiple environments.

22. What is OpenShift Persistent Storage?

OpenShift supports persistent storage using PVCs and PVs backed by NFS, Ceph, AWS EBS, Azure Disk, and more. It allows stateful applications like databases to persist data across pod restarts and rebuilds.

23. What is a Persistent Volume Claim (PVC)?

A PVC requests storage from available Persistent Volumes based on size and access mode requirements. Applications attach PVCs to ensure reliable persistent storage for workloads like data services.

24. What is OpenShift Networking?

OpenShift networking provides pod-to-pod, service, and external access using OVN-Kubernetes or OpenShift SDN. It manages routes, ingress, network policies, and load balancing across nodes and namespaces.

25. What are OpenShift NetworkPolicies?

NetworkPolicies control traffic flow between pods by defining rules for ingress and egress. They improve cluster security by isolating workloads and ensuring only approved communication paths are allowed.

26. What is OpenShift Ingress?

OpenShift Ingress handles HTTP/HTTPS routing using a Kubernetes Ingress controller. It provides host-based routing, TLS termination, and integration with external load balancers.

27. What is OpenShift Logging?

OpenShift aggregates cluster logs using Elasticsearch, Loki, or other log stacks. It centralizes pod, node, infrastructure, and audit logs for monitoring, troubleshooting, and compliance.

28. What is OpenShift Monitoring?

OpenShift includes built-in monitoring based on Prometheus and Grafana. It collects metrics from nodes, pods, operators, and workloads, enabling alerting and performance diagnostics.

29. What is OpenShift Service Mesh?

Service Mesh (Istio-based) provides traffic control, mTLS, observability, and policy enforcement between microservices. It enables advanced routing, retries, circuit breaking, and secure service-to-service communication.

30. What is OpenShift GitOps?

OpenShift GitOps uses Argo CD for declarative Git-led cluster management. It continuously syncs Git repositories with Kubernetes states, enabling automated, versioned, and controlled deployments.

31. What is OpenShift Pipelines?

OpenShift Pipelines is a Tekton-based CI/CD solution enabling cloud-native, Kubernetes-managed pipelines. It supports scalable, containerized tasks, parallel execution, and declarative pipeline definitions.

32. What is OpenShift Virtualization?

OpenShift Virtualization allows running virtual machines alongside containers using KubeVirt. It enables migration of traditional workloads to Kubernetes while maintaining VM compatibility.

33. What is Pod autoscaling in OpenShift?

Pod autoscaling uses Horizontal Pod Autoscaler (HPA) to scale workloads based on CPU, memory, or custom metrics. It ensures applications can adapt to traffic spikes while optimizing resource use.

34. How does OpenShift handle Cluster Autoscaling?

Cluster Autoscaler automatically adjusts the number of worker nodes based on pending workloads. It integrates with cloud providers like AWS, Azure, and GCP to scale compute capacity dynamically.

35. What is OpenShift Compliance Operator?

The Compliance Operator scans clusters against security benchmarks like CIS and NIST. It automates compliance checks, generates reports, and applies remediations to meet enterprise policies.

36. What is OpenShift API?

OpenShift exposes a REST API used for managing cluster resources programmatically. It supports resource CRUD operations, automation of deployments, authentication, and integration with external tools.

37. What is OpenShift Helm?

OpenShift supports Helm charts to deploy applications packaged as bundles of Kubernetes resources. Helm simplifies installation, upgrades, and configuration management across environments.

38. What is OpenShift Data Foundation (ODF)?

ODF is Red Hat’s storage solution for OpenShift, providing block, file, and object storage. It is built on Ceph and ensures scalable, reliable, and highly available persistent storage for workloads.

39. What is OpenShift Bare Metal IPI?

Bare Metal IPI automates full cluster deployment on bare metal using Red Hat’s installer. It provisions nodes, configures networking, installs OpenShift, and manages the lifecycle end-to-end.

40. What is OpenShift UPI?

User-Provisioned Infrastructure (UPI) requires manual provisioning of nodes, networking, and load balancers. It offers full control for custom datacenters and integrates with enterprise networking and security.

41. What is a PodDisruptionBudget in OpenShift?

PDB ensures a minimum number of pods remain available during voluntary disruptions like node upgrades. It protects critical applications from downtime and maintains workload stability during maintenance.

42. What is OpenShift Autoscaler?

The Autoscaler dynamically scales pods and nodes based on resource usage and pending workloads. It ensures the cluster remains responsive and efficient under changing traffic and workload patterns.

43. What is OpenShift Multi-Cluster Management?

Multi-Cluster Management uses ACM (Advanced Cluster Management) to govern multiple Kubernetes clusters. It offers policy enforcement, cluster lifecycle management, security, and application governance.

44. What is OpenShift Hive?

Hive automates provisioning and managing large numbers of OpenShift clusters. It supports lifecycle operations like install, scale, upgrade, and delete for multi-cluster and fleet management.

45. What is OpenShift Quota?

Quotas restrict resource usage such as CPU, memory, storage, and object counts within a project. They prevent resource exhaustion and ensure fair allocation across tenants in a shared cluster.

46. What is LimitRange in OpenShift?

LimitRange defines minimum, maximum, and default resource limits for pods and containers. It prevents workloads from consuming excessive resources and enforces consistent resource configurations.

47. What is OpenShift Autoscaling based on metrics?

Autoscaling uses metrics like CPU, memory, custom Prometheus metrics, or external metrics to scale applications. It ensures responsive workloads by adjusting pod counts in real time based on demand.

48. What is OpenShift Time Slicing?

Time slicing divides CPU usage among multiple containers on a node, preventing resource starvation. It ensures fair CPU distribution and avoids monopolization by high-consuming workloads.

49. What are OpenShift Secrets?

Secrets store sensitive data like passwords, tokens, and certificates in an encrypted format. OpenShift mounts secrets securely into pods or exposes them as environment variables with controlled access.

50. What is OpenShift Lifecycle Management?

Lifecycle management includes installation, upgrades, scaling, patching, and maintenance of OpenShift using Operators. It automates cluster health checks, component updates, and ensures consistent, stable environments.