The Red Hat Certified Specialist in Building Resilient Microservices exam (EX328) tests your skills and knowledge with regard to creating and managing a resilient mesh of microservices, using Red Hat OpenShift Container Platform and Red Hat OpenShift Service Mesh. The exam focuses on the basic skills required to use Red Hat Service Mesh to configure and manage the resilient operation of an application composed of several microservices with a persistent data store.
This exam is based on Red Hat® OpenShift® Service Mesh 2.1 on Red Hat® OpenShift® Container Platform 4.6.
By passing this exam, you become a Red Hat Certified Specialist in Building Resilient Microservices, which also counts toward earning a Red Hat Certified Architect (RHCA®) certification.
The following audiences may be interested in earning the Red Hat Certified Specialist in Building Resilient Microservices credential:
- Administrators or architects in a DevOps role who are responsible for managing a Red Hat OpenShift Container Platform environment
- Administrators or architects in a DevOps role who are responsible for implementing a Red Hat OpenShift Container Platform environment
- Application developers who are responsible for managing multiple microservices or supporting an existing group of microservices on the Red Hat OpenShift Container Platform
Duration: 4.00 hours
Red Hat encourages you to consider taking Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh (DO328) and Red Hat OpenShift Development II: Containerizing Applications (DO288) to prepare, and earning Red Hat Certified Specialist in OpenShift Application Development (EX288).
Attendance in these classes is not required; students can choose to take just the exam.
While attending Red Hat classes can be an important part of your preparation, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
Many books and other resources on system administration for Red Hat products are available. Red Hat does not endorse any of these materials as preparation guides for exams. Nevertheless, you may find additional reading helpful to deepen your understanding.
This exam is a hands-on, practical exam that requires you to undertake real-world development tasks. Internet access is not provided during the exam, and you will not be permitted to bring any hard copy or electronic documentation into the exam. This prohibition includes notes, books, or any other material. MicroProfile specification and related documentation is available during the exam.
Scores and reporting
Official scores for exams come exclusively from Red Hat Certification Central. Red Hat does not authorize examiners or training partners to report results to candidates directly. Scores on the exam are usually reported within 3 U.S. business days.
Exam results are reported as total scores. Red Hat does not report performance on individual items, nor will it provide additional information upon request.
The prerequisites for this exam are a working knowledge of Red Hat OpenShift applications such as that provided by the Red Hat OpenShift Development II: Containerizing Applications (DO288) and Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh (DO328) courses. Specifically, candidates for this exam should able to use Red Hat OpenShift Container Platform to:
- Create and work with multiple Red Hat OpenShift projects
- Deploy applications
- Work with container images
- Work with Kubernetes resources written in either JSON or YAML format
- Understand the Kubernetes Custom Resource Definitions (CRD)
Study points for the exam
As part of this exam, you should be able to perform these tasks:
- Understand and work with Red Hat Openshift Service Mesh Custom Resources
- Deploy and configure applications on Service Mesh:
- Install sidecar manually in pod applications
- Automatic sidecar injection using annotations
- Understand the configuration of network policies (Mesh members, external services, etc.)
- Work with request routing and traffic management.
- Be able to configure static and dynamic request routing to different versions of an application
- Understand the deployment/release pattern strategies that Red Hat OpenShift Service Mesh® can help with, providing more complex operational functionality, including A/B testing and canary releases
- Configure and manage advanced routing techniques to control the flow and API calls between services
- Traffic shifting migration within the mesh producing between different services A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits, and dark launches for a selective group of users
- Take profit of the traffic mirroring capabilities to bring changes to the microservices. Be able to produce shadowing launches copying the live traffic
- Send the inbound and outbound traffic from and to the mesh, managing the ingress and egress traffic control policies
- Define and control gateway entry points into the mess for the incoming traffic allowing pass requests through the services
- Enable controlled access to external publicly accessible services from within the istio cluster
- Be able to configure the network resilience and the fault tolerance dynamically at runtime to ensure the failing nodes and prevent localized failures from cascading
- Control the waiting time for replies defining timeouts
- Enhance service availability specifying the number of request attempts with retry strategies
- Limit for calls within a service and prevent access to an overloaded or failing host applying a circuit breaker mechanism
- Specify the connection and ejection pool policies configuring the load balancing destination rules
- Work and configure Service Mesh policy checks
- Define enforcement features through policies, configure local and global rate limiting, and define access quotas
- Enable and configure the authorization for denial and allow policies applied to a workload
- Understand and configure the workload-to-workload communication using the implemented architecture for authentication and authorization security in Service Mesh
- Provide service-to-service communication with secure naming authorization
- Tunnel the service-to-service communication using mutual TLS communication.
- Map the identity of the service name with secure naming
- Define peer authentication policies to enforce the mutual TLS mode
- Define the required end-user authentication policy check. Define and configure access authorization rules for service and end-user to workload communications
- Understand and work with the fault injection mechanisms to introduce errors and chaos testing into the system to test the failure recovery capacity of the applications
- Inject timing failures producing delays to mimic increased network latency or overloaded services
- Produce crash failures with error response injections and TCP connection failures