Design a Multi-Tenant Kubernetes Namespace-Provisioning Self-Service
Overview
What this challenge is about.
Design and build a Backstage scaffolder that lets a squad request a namespace (specifying environment, owners, expected scale). The scaffolder generates a pull request to a GitOps repo that, when merged, creates the namespace via Crossplane (or Terraform Cloud) with: ResourceQuota, NetworkPolicy (default-deny + egress allowlist), required labels (owner, cost-center), and OPA Gatekeeper policies (no privileged containers, allowed registries). Pilot with 2 squads over 2 weeks. Measure lead time, guardrail-compliance rate, support tickets. Deliver source, pilot report, and a 5-page rollout memo for the other 20 squads.
The Brief
What you'll do, and what you'll demonstrate.
Replace ticket-based namespace provisioning with a self-service flow that respects HIPAA-class guardrails and cuts lead time from 4 days to under 1 hour.
Earning criteria — what you'll demonstrate
- Build a self-service flow that respects policy guardrails by construction
- Apply GitOps + policy-as-code to provisioning workflows
- Measure lead-time and compliance honestly during a pilot
- Sequence rollout to a 22-squad org without overwhelming on-call
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.