Stage 05 · Operations · 8 min
Day-2 SRE Ops
RefreshPOD, rolling restart, cache, certs, Vault onboarding
TALKING POINT · #31
Day-2 operations usually depend on tribal knowledge — knowing the right oc commands, flags, sequencing, and safety checks. At 2am, that becomes risk.With Bob, operations become intent-driven. Instead of remembering commands, you describe what you need to accomplish.
Bob doesn't just run the command — it watches the result, validates it, and tells you if something went wrong.
It removes cognitive overhead and makes safe production operations accessible to everyone.
PRESENTER NOTE · #32
This is a great moment to demonstrate BobShell directly from the terminal.From a terminal session:
1. Log in to your OpenShift cluster.
2. Type
bob to launch BobShell.3. Paste the prompt below and observe how Bob executes Day-2 operational tasks in real time.
It's a simple way to show how routine SRE activities, such as pod refresh, rolling restarts, cache invalidation, certificate rotation, or Vault onboarding, can be handled conversationally without switching tools or manually stitching together commands.
TIP · #54
You don't have to run all of these — just run one or two is sufficient enough to demonstrate the capability.
Prompts
5a · RefreshPOD
▼
Refresh the pods for payment-app in bob-demo-staging namespace.
Delete pods one at a time with a 30-second grace period.
Wait for each replacement pod to pass readiness checks
before deleting the next one. Report status after each pod. Use oc commands.
5b · Rolling Restart
▼
Perform a rolling restart of payment-app in bob-demo-staging namespace.
Use oc rollout restart. Monitor the rollout status.
Confirm zero downtime by checking that the PodDisruptionBudget
is respected and at least 2 pods are available at all times.
5c · Cache Refresh
▼
Clear the local cache on all payment-app pods in bob-demo-staging namespace.
For each pod, call POST /admin/cache/clear endpoint (using the most appropriate
method: exec, port-forward, or direct service access). Report the HTTP status code and response body from each pod in a table format.
If any pod returns a non-200 response, flag it and suggest specific remediation steps.
5d · Certificate Renewal · [VALIDATION IN PROGRESS]
▼
The TLS certificate for payment-service-tls in bob-demo namespace
is expiring in 7 days. Generate a renewal script that:
1. Creates a new self-signed cert (RSA 2048, 365 day validity)
2. Validates the new cert with openssl
3. Updates the OpenShift TLS secret
4. Triggers a rolling restart to pick up the new cert
5. Verifies the new cert is served by checking the Route
5e · Vault Onboarding · [VALIDATION IN PROGRESS]
▼
A new client "acme-corp" needs to be onboarded to our payment platform.
Using HashiCorp Vault, generate the onboarding script that:
1. Creates a Vault path: secret/clients/acme-corp/
2. Generates and stores: API key, DB password, encryption key
3. Creates a Vault policy scoping read access to only acme-corp secrets
4. Binds the policy to the payment-service service account in OpenShift
5. Restarts payment-service to pick up the new Vault path