Free RedHat EX380 Exam Dumps Questions & Answers

See the solution below in Explanation:
Explanation:
* Patch deployment with preferred podAntiAffinity
* oc -n payments patch deploy api --type=merge -p '{
* "spec":{"template":{"spec":{"affinity":{
* "podAntiAffinity":{
* "preferredDuringSchedulingIgnoredDuringExecution":[{
* "weight":100,
* "podAffinityTerm":{
* "labelSelector":{"matchLabels":{"app":"api"}},
* "topologyKey":"kubernetes.io/hostname"
* }
* }]
* }
* }}}}
* }'
* Encourages spread across nodes to reduce single-node impact.
* Verify spread
* oc -n payments get pods -o wide

See the solution below in Explanation:
Explanation:
* Log in to OpenShift internal registry
* oc registry login
* Allows podman to push to the internal registry.
* Pull external image
* podman pull docker.io/library/nginx:1.25
* Gets the image locally.
* Tag for internal registry destination
* podman tag nginx:1.25 image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Uses the cluster service DNS name (works inside cluster network).
* Push to internal registry
* podman push image-registry.openshift-image-registry.svc:5000/orders/nginx:1.25
* Update deployment to use internal image
* oc -n orders set image deploy/web web=image-registry.openshift-image-registry.svc:5000/orders/nginx:
1.25
* Verify rollout
* oc -n orders rollout status deploy/web
* oc -n orders get pods -o wide

See the solution below in Explanation:
Explanation:
* Taint nodes
* oc adm taint nodes worker-1 dedicated=payments:NoSchedule
* oc adm taint nodes worker-2 dedicated=payments:NoSchedule
* NoSchedule blocks new pods that do not tolerate the taint.
* Confirm taints
* oc describe node worker-1 | grep -i taints -A2
* Ensures taints are present.
* Validate effect
* A normal deployment without tolerations will remain Pending if it can only land on those tainted nodes.

See the solution below in Explanation:
Explanation:
Step 1: Ensure the target project exists.
The lab specifies the namespace/project auth-audit.
Step 2: Run the command:
oc create sa audit -n auth-audit
Step 3: Verify creation.
The lab output shows:
serviceaccount/audit created
Detailed explanation:
This creates a service account named audit in the auth-audit namespace. Service accounts provide non-human identities for workloads and automation processes running inside the cluster. They are also commonly used when controlled API access is needed for scripts, jobs, or external kubeconfig generation. Creating a dedicated service account instead of using the default one is good practice because it supports least privilege and clearer access tracking. In exam and administration scenarios, service accounts are often paired with explicit RBAC bindings to grant only the permissions needed for the intended Task SIMULATION . This step lays the identity foundation before assigning a role in the following Task SIMULATION .

See the solution below in Explanation:
Explanation:
* Start the restore
* velero restore create orders-restore --from-backup orders-full
* Monitor restore status
* velero restore get
* velero restore describe orders-restore --details
* Validate restored resources
* oc -n orders get all
* oc -n orders get pvc
* Ensure deployments/pods/services and PVCs exist and pods become Running.