Exam description

The Red Hat Certified Specialist in Building Resilient Microservices exam (EX328) assesses your competence in the creation and management of a robust network of microservices utilizing Red Hat OpenShift Container Platform and Red Hat OpenShift Service Mesh. This examination emphasizes fundamental skills essential for configuring and overseeing the resilient operation of applications that encompass numerous microservices, including those with persistent data stores.

By successfully clearing this exam, you attain the esteemed title of a Red Hat Certified Specialist in Building Resilient Microservices, which also contributes to your journey towards becoming a Red Hat Certified Architect (RHCA®).

Target Audience:

This certification is particularly beneficial for:

• Administrators or Architects in DevOps Roles: Those responsible for managing or implementing Red Hat OpenShift Container Platform environments.

• Application Developers: Specifically, developers entrusted with the management of multiple microservices or supporting existing microservices within the Red Hat OpenShift Container Platform framework.

Prerequisites:

Candidates are required to possess a practical understanding of Red Hat OpenShift applications, typically obtained through courses such as “Red Hat OpenShift Development II: Containerizing Applications (DO288)” and “Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh (DO328).” Candidates should be adept in utilizing Red Hat OpenShift Container Platform for tasks including creating and managing projects, deploying applications, working with container images, handling Kubernetes resources in JSON or YAML formats, and understanding Kubernetes Custom Resource Definitions (CRD).

In preparation

Study points for the exam

As part of this exam, you should be able to perform these tasks:

• Understand and work with Red Hat Openshift Service Mesh Custom Resources
• Deploy and configure applications on Service Mesh:
  • Install sidecar manually in pod applications 
  • Automatic sidecar injection using annotations
  • Understand the configuration of network policies (Mesh members, external services, etc.)
• Work with request routing and traffic management.
  • Be able to configure static and dynamic request routing to different versions of an application
• Understand the deployment/release pattern strategies that Red Hat OpenShift Service Mesh® can help with, providing more complex operational functionality, including A/B testing and canary releases
• Configure and manage advanced routing techniques to control the flow and API calls between services
  • Traffic shifting migration within the mesh producing between different services A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits, and dark launches for a selective group of users
  • Take profit of the traffic mirroring capabilities to bring changes to the microservices. Be able to produce shadowing launches copying the live traffic
• Send the inbound and outbound traffic from and to the mesh, managing the ingress and egress traffic control policies 
  • Define and control gateway entry points into the mess for the incoming traffic allowing pass requests through the services
  • Enable controlled access to external publicly accessible services from within the istio cluster
• Be able to configure the network resilience and the fault tolerance dynamically at runtime to ensure the failing nodes and prevent localized failures from cascading
  • Control the waiting time for replies defining timeouts
  • Enhance service availability specifying the number of request attempts with retry strategies
  • Limit for calls within a service and prevent access to an overloaded or failing host applying a circuit breaker mechanism
  • Specify the connection and ejection pool policies configuring the load balancing destination rules
• Work and configure Service Mesh policy checks
  • Define enforcement features through policies, configure local and global rate limiting, and define access quotas
  • Enable and configure the authorization for denial and allow policies applied to a workload
• Understand and configure the workload-to-workload communication using the implemented architecture for authentication and authorization security in Service Mesh
  • Provide service-to-service communication with secure naming authorization 
  • Tunnel the service-to-service communication using mutual TLS communication.
  • Map the identity of the service name with secure naming 
  • Define peer authentication policies to enforce the mutual TLS mode
  • Define the required end-user authentication policy check.  Define and configure access authorization rules for service and end-user to workload communications
• Understand and work with the fault injection mechanisms to introduce errors and chaos testing into the system to test the failure recovery capacity of the applications
  • Inject timing failures producing delays to mimic increased network latency or overloaded services
  • Produce crash failures with error response injections and TCP connection failures

• Red Hat recommends the following steps to prepare for the exam:

  1. Training Courses:

  • Consider enrolling in “Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh (DO328)” and “Red Hat OpenShift Development II: Containerizing Applications (DO288)” to gain a comprehensive understanding.
  • Earning the “Red Hat Certified Specialist in OpenShift Application Development (EX288)” is also suggested, but it’s not mandatory.

  2. Course Attendance:

  • While attending Red Hat courses can be valuable, successful completion of the exam relies on more than just course attendance.
  • Prior experience, practice, and innate abilities play crucial roles in achieving success.

  3. Additional Resources:

  • Numerous books and resources on system administration for Red Hat products are available, but Red Hat does not officially endorse any of these materials as preparation guides for their exams.
  • However, supplementary reading can be beneficial to deepen your understanding.

  Exam Format:

  • The exam is practical and hands-on, requiring candidates to perform real-world development tasks.
  • Internet access is not provided during the exam, and candidates are not allowed to bring any hard copy or electronic documentation into the exam, including notes, books, or any other material. However, MicroProfile specification and related documentation are accessible during the exam.

  Scores and Reporting:

  • Official exam scores are solely provided through Red Hat Certification Central, and candidates should not expect examiners or training partners to report results directly to them.
  • Exam scores are generally available within 3 U.S. business days.
  • Scores are reported as total scores, and Red Hat does not disclose performance on individual items or provide additional information upon request.
  • In the event of an unsuccessful first attempt, candidates are eligible for one exam retake. For detailed information, please refer to Red Hat’s Training Policies page.