Overview
What this challenge is about.
Install Istio (current LTS) in ambient mode where possible, sidecar mode where ambient is not yet supported by the service. Phase 1: enable PERMISSIVE mTLS namespace by namespace — services accept both plain and mTLS. Phase 2: turn on Istio's PeerAuthentication in STRICT mode per namespace after observing 100 percent mTLS traffic for 72 hours. Phase 3: enforce mesh-wide STRICT. Wire Prometheus + Kiali to track plain-vs-mTLS traffic ratio per service. Deliver the Istio manifests, the rollout playbook (6 pages), the per-namespace observability dashboard, and a rollback runbook.
The Brief
What you'll do, and what you'll demonstrate.
Roll out Istio mTLS in PERMISSIVE-then-STRICT mode across 80 microservices with zero downtime and a verifiable per-namespace audit trail.
Earning criteria — what you'll demonstrate
- Design a phased mTLS rollout that survives services with unaware clients
- Configure Istio PeerAuthentication in PERMISSIVE vs STRICT modes correctly
- Use Kiali + Prometheus to observe mTLS coverage per service
- Plan rollback for each phase without breaking ongoing traffic
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.