Bird
0
0

You want to enforce mTLS only between two specific services in a namespace, leaving others unaffected. Which Istio resource should you configure?

hard📝 Workflow Q8 of 15
Kubernetes - Service Mesh
You want to enforce mTLS only between two specific services in a namespace, leaving others unaffected. Which Istio resource should you configure?
AGlobal PeerAuthentication with STRICT mode
BPeerAuthentication with selector for those services
CDestinationRule with TLS mode DISABLE
DServiceEntry for external services
Step-by-Step Solution
Solution:

  1. Step 1: Identify resource for selective mTLS

    PeerAuthentication supports selectors to apply policies to specific workloads.

  2. Step 2: Exclude other options

    Global PeerAuthentication affects all services; DestinationRule DISABLE disables TLS; ServiceEntry is for external services.

  3. Final Answer:

    PeerAuthentication with selector for those services -> Option B

  4. Quick Check:

    Selective mTLS uses PeerAuthentication selectors [OK]
Quick Trick: Use PeerAuthentication selectors for specific services [OK]
Common Mistakes:
  • Using global policy instead of selector
  • Disabling TLS in DestinationRule
  • Confusing ServiceEntry with mTLS policy

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Advanced Deployment Patterns - Why advanced patterns matter - Quiz 10hard Advanced Deployment Patterns - FluxCD for continuous delivery - Quiz 7medium Monitoring and Logging - Kubernetes dashboard - Quiz 3easy Monitoring and Logging - Centralized logging (EFK stack) - Quiz 6medium Production Best Practices - etcd backup and recovery - Quiz 8hard RBAC and Security - Roles and ClusterRoles - Quiz 13medium RBAC and Security - Service accounts - Quiz 10hard Troubleshooting - OOMKilled containers - Quiz 4medium Troubleshooting - Why troubleshooting skills are critical - Quiz 5medium Troubleshooting - Pod in CrashLoopBackOff - Quiz 7medium