Code Room
System designHard
Question
Design a zero-trust service-to-service authentication system for a microservice fleet of 6,000 services across multiple clusters, where every internal call must be mutually authenticated and authorized — no implicit trust from being 'inside the network.' Each workload needs a cryptographic identity, certs must rotate frequently (hours), and a compromised node must not be able to impersonate other services. Target adds <3ms per hop and must not require app-code changes. Cover identity issuance, mTLS enforcement, authorization, and rotation.
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.