0
0
Kubernetesdevops~20 mins

Istio overview in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Istio Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What is the primary role of Istio in Kubernetes?

Istio is often used with Kubernetes clusters. What is its main purpose?

ATo manage and secure service-to-service communication within the cluster
BTo replace Kubernetes as the container orchestrator
CTo provide persistent storage for Kubernetes pods
DTo monitor CPU and memory usage of nodes only
Attempts:
2 left
💡 Hint

Think about what happens when many microservices need to talk securely and reliably.

💻 Command Output
intermediate
1:30remaining
What does this Istio command output?

Run the command istioctl version in a terminal connected to a Kubernetes cluster with Istio installed. What output do you expect?

Kubernetes
istioctl version
AError: command not found
BPod istio-ingressgateway not found
CNo resources found in default namespace
D
Client version: 1.17.1
Control plane version: 1.17.1
Data plane version: 1.17.1 (5 proxies)
Attempts:
2 left
💡 Hint

This command shows versions of Istio components installed.

Configuration
advanced
2:30remaining
Which Istio configuration snippet correctly enables mutual TLS for all services?

Choose the correct YAML snippet to enable mutual TLS (mTLS) for all services in the default namespace.

A
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: default
  namespace: default
spec:
  action: ALLOW
B
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: default
  namespace: default
spec:
  trafficPolicy:
    tls:
      mode: DISABLE
C
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
  namespace: default
spec:
  mtls:
    mode: STRICT
D
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: default-gateway
  namespace: default
spec:
  selector:
    istio: ingressgateway
Attempts:
2 left
💡 Hint

mTLS is configured using PeerAuthentication resource with mode STRICT.

Troubleshoot
advanced
2:00remaining
Why might Istio sidecar proxies not inject into new pods?

You deployed Istio with automatic sidecar injection enabled, but new pods in the namespace do not have the Istio proxy container. What could cause this?

AThe namespace label <code>istio-injection=enabled</code> is missing
BThe pod spec uses hostNetwork: false
CThe Kubernetes API server is down
DThe pod has resource limits set
Attempts:
2 left
💡 Hint

Istio uses namespace labels to decide where to inject sidecars automatically.

🔀 Workflow
expert
3:00remaining
Order the steps to deploy a new version of a microservice using Istio traffic shifting

Put these steps in the correct order to safely deploy a new version of a microservice using Istio's traffic shifting feature.

A2,1,3,4
B1,2,3,4
C1,3,2,4
D1,2,4,3
Attempts:
2 left
💡 Hint

Think about deploying first, then routing traffic, then monitoring, then increasing traffic.