0
0
Kubernetesdevops~20 mins

Service mesh concept overview in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Service Mesh Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the primary role of a service mesh in Kubernetes?

Choose the best description of what a service mesh does in a Kubernetes environment.

AIt stores container images and manages image versions for deployments.
BIt schedules pods onto nodes based on resource availability and affinity rules.
CIt manages network traffic between microservices, providing features like load balancing, security, and observability.
DIt monitors CPU and memory usage of nodes and automatically scales the cluster size.
Attempts:
2 left
💡 Hint

Think about what helps microservices communicate securely and reliably inside Kubernetes.

💻 Command Output
intermediate
2:00remaining
Output of Istio sidecar injection command

What is the output when you run the following command to label a namespace for automatic Istio sidecar injection?

kubectl label namespace default istio-injection=enabled
Anamespace/default labeled
BError from server (NotFound): namespaces "default" not found
CWarning: label istio-injection already exists
Dnamespace/default created
Attempts:
2 left
💡 Hint

Labeling a namespace adds a label; it does not create or delete namespaces.

Configuration
advanced
3:00remaining
Correct YAML snippet for enabling mutual TLS in Istio

Which YAML snippet correctly enables mutual TLS (mTLS) for all services in the default namespace using Istio PeerAuthentication?

A
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
  namespace: default
spec:
  mtls:
    mode: STRICT
B
apiVersion: security.istio.io/v1alpha1
kind: PeerAuthentication
metadata:
  name: default
  namespace: default
spec:
  mtls:
    enabled: true
C
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: default
  namespace: default
spec:
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
D
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: default
  namespace: default
spec:
  rules:
  - from:
    - source:
        principals: ["*"]
Attempts:
2 left
💡 Hint

Look for the correct apiVersion and kind that configures mTLS mode strictly.

Troubleshoot
advanced
3:00remaining
Troubleshooting failed service-to-service communication in a service mesh

You deployed two microservices in Kubernetes with Istio service mesh enabled. Service A cannot reach Service B. Which of the following is the most likely cause?

AThe cluster's DNS server is down, so pod names cannot be resolved.
BService B's pod does not have the Istio sidecar proxy injected.
CService A's container image is outdated and missing dependencies.
DThe Kubernetes node running Service A is out of disk space.
Attempts:
2 left
💡 Hint

In a service mesh, communication depends on sidecar proxies intercepting traffic.

Best Practice
expert
3:00remaining
Best practice for securing service-to-service communication in a service mesh

Which practice is considered best for securing communication between microservices in a service mesh?

AUse plain HTTP for internal services and HTTPS only for external traffic.
BDisable encryption to reduce latency and rely on network firewalls only.
CManually configure IP whitelists for each service instead of using mesh policies.
DEnable mutual TLS (mTLS) with strict mode and rotate certificates regularly.
Attempts:
2 left
💡 Hint

Think about encryption and automated security features in service meshes.