Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



3 Commits

Repository files navigation

Red Hat EX280 - Study Guide


Name: Red Hat Certified OpenShift Administrator

Version: V414K

Disclaimer: My notes may not cover all the commands required for the exam and, they do not guarantee success on exam.

Table of Contents

  1. Common commands

    1.1. With oc-cli

    1.2. With git

  2. Deploy an application

    2.1. Method 1: Using CLI

    2.2. Method 2: Using YAML file

    2.3. Method 3: Using Kustomize

    2.4. Method 4: Using OpenShift Templates

    2.5. Method 5: Using Helm

  3. Manage authentication and authorization

    3.1. Configuring HTPasswd Identity Provider

    3.2. Administering users and groups permissions


Common commands

With oc-cli

Create a new project

$ oc new-project xp

Get the deployment status

$ watch oc get deployments,pods

With git

Clone a Git repository

$ git clone

# It clones a particular branch of the Git repository
# add: -b release-kustomize-v5.4.3
$ git clone -b release-kustomize-v5.4.3

Show all the branches (local and remote) of a Git repository

$ git branch -a

Switch from master to release-kustomize-v5.4.3 branch

$ git checkout release-kustomize-v5.4.3

Deploy an application

Method 1: Using CLI

Deploy a MySQL instance

$ oc create deployment db \
--image \
--port 3306

Note: The deployment db failed due to missing parameters.

Set needed parameters to start the container

$ oc set env deployment/db \
MYSQL_USER=user1 \
MYSQL_PASSWORD=mypa55w0rd \

Method 2: Using YAML file

If no deployment exists, use the command oc create first.

$ oc create -f deployment.yaml

If a deployment exists, it's recommended to use the oc apply command to update the existing deployment.

$ oc apply -f deployment.yaml

Method 3: Using Kustomize

I use the template available in the kubernetes-sig/kustomize repository to learn.

I moved the content into base/ folder to enable working with overlays.

$ tree helloWorld/

├── base
│   ├── configMap.yaml
│   ├── deployment.yaml
│   ├── kustomization.yaml
│   └── service.yaml

Replace the deprecated commonLabels with labels and modify the value of the app key.

$ sed -i 's/commonLabels/labels/g' base/kustomization.yaml
$ sed -i 's/hello/my-hello-world/g' base/kustomization.yaml

Deploy the package

$ cd helloWorld/

$ oc create -k base/

Method 4: Using OpenShift Templates

List available templates

$ oc get templates -n openshift

Show the available parameters for a template

$ oc process mysql-ephemeral --parameters -n openshift

Deploy a MySQL instance using the mysql-ephemeral template.

$ oc new-app db \
--template=mysql-ephemeral \
-p MYSQL_USER=user1 \
-p MYSQL_PASSWORD=mypa55w0rd \

Note: The command oc new-app enables the use of a template from openshift namespace

Method 5: Using Helm

Add a Helm chart repository

$ helm repo add bitnami

List all added Helm repositories

$ helm repo list

Search for Helm charts

# It shows only the most recent version of the chart
$ helm search repo bitnami

# OR

# It shows all the versions available of the chart
# add: --versions
$ helm search repo bitnami --versions

Deploy a MySQL instance using bitnami/mysql chart

# values.yaml
  username: user1
  password: pa55w0rd
# If the namespace is absent, replace --namespace with --create-namespace parameter
$ helm install db \
--namespace xp \
bitnami/mysql \
--version 12.2.0 \
--values values.yaml

# OR

$ helm install db \
--namespace xp \
bitnami/mysql \
--version 12.2.0 \
--set auth.username="user1" \
--set auth.password="pa55w0rd"

List all installed Helm charts

# In the current namespace context
$ helm list

# OR

# Across all namespaces
$ helm list -A

Manage authentication and authorization

Configuring HTPasswd Identity Provider

Create an HTPasswd file

# httpd-tools package needed
$ htpasswd -c -B -b ./htpasswd developer pa55w0rd1

Add a new user to the existing HTPasswd file

$ htpasswd -b ./htpasswd tester pa55w0rd2

Create the secret using the HTPassword file

$ oc create secret generic localusers \
-n openshift-config

Modify the oauth/cluster configuration

$ oc get oauth/cluster -o yaml > oauth.yaml

Add the htpasswd parameters

# .spec.identityProviders[]
- htpasswd:
      name: localusers
  mappingClaim: claim
  name: myusers
  type: HTPasswd

Apply the modified oauth/cluster configuration

$ oc replace -f ./oauth.yaml

Wait for the new configuration to take effect

$ watch oc get pods -n openshift-authentication

Administering Users and Groups permissions

Create a new group

$ oc adm groups new dev-group

Manage users in a group

  • Add a user to a group
$ oc adm groups add-users dev-group developer
  • Remove a user to a group
$ oc adm groups remove-users dev-group developer

List groups and their users

$ oc get groups

Disallow users creating new projects

$ oc get clusterrolebindings | grep self-provisioner

$ oc adm policy remove-role-from-group self-provisioner system:authenticated:oauth

Grant privileges to a group:

  • At the namespace level:
$ oc policy add-role-to-group edit dev-group
  • At the cluster level:
$ oc adm policy add-role-to-group cluster-admin dev-group

Work in progress..


Hoang Thanh VO


This project is MIT licensed.


These are my notes for the EX280 exam.





