OpenShift Security Interview Questions¶

Introduction¶

OpenShift security combines Kubernetes RBAC with Security Context Constraints, service accounts, project isolation, and image controls. Troubleshoot security by testing the same identity that runs the workload.

Why This Matters¶

OpenShift adds security defaults such as SCCs, project isolation, and integrated OAuth/RBAC behavior. These protections are useful only when permissions are granted narrowly and verified.

Step-by-Step Configuration¶

oc project app

oc get pods -n app

oc get events -n app --sort-by=.lastTimestamp

oc describe pod web-7c9d7f6f8b-jx4mk -n app

Example output:

NAME      SECRETS   AGE
web-sa    0         3d

yes

Verification¶

oc auth can-i get pods -n app --as=developer

oc auth can-i use scc/anyuid --as=system:serviceaccount:app:web-sa

oc get rolebinding -n app

Security Best Practices¶

Grant the smallest role or SCC that works, prefer service-account-specific access, keep secrets out of Git, and verify permissions with oc auth can-i.

Common Mistakes¶

• Looking only at the final error and ignoring events.
• Checking the wrong project with oc.
• Changing several objects at once before confirming the current state.

Troubleshooting¶

Compare the failing user or service account with the role binding, SCC admission error, project quota, or OAuth status shown in OpenShift events.

Related Guides¶

• Openshift Security Context Constraints Explained
• Openshift RBAC Security Explained
• Openshift Security Checklist

Summary¶

OpenShift Security Interview Questions is safest when permissions are explicit, namespace-scoped where possible, and validated from the same identity that runs the workload.