Fähigkeiten service-mesh-expert
📦

service-mesh-expert

Sicher

Design Service Mesh Architectures with Istio and Linkerd

Microservices need secure, observable communication without complexity. This skill provides expert guidance on Istio and Linkerd deployments with zero-trust networking and traffic management.

UnterstĂĽtzt: Claude Codex Code(CC)
🥉 74 Bronze
1

Die Skill-ZIP herunterladen

2

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

3

Einschalten und loslegen

Teste es

Verwendung von "service-mesh-expert". Request for mTLS configuration

Erwartetes Ergebnis:

Step-by-step PeerAuthentication and DestinationRule configurations to enforce strict mTLS cluster-wide, starting with permissive mode migration path and verification commands to confirm encryption.

Verwendung von "service-mesh-expert". Debug service connectivity issue

Erwartetes Ergebnis:

Systematic troubleshooting checklist including sidecar injection verification, VirtualService routing analysis, authorization policy conflicts, and istioctl debug commands with expected outputs.

Sicherheitsaudit

Sicher
v1 • 2/25/2026

Static analysis flagged 4 patterns that are all false positives. Line 22 uses Markdown backticks for documentation reference, not shell execution. Lines 3, 46, and 60 contain no cryptographic code - they reference mTLS conceptually in documentation. This is a markdown-only skill with no executable code, external commands, or security risks.

1
Gescannte Dateien
61
Analysierte Zeilen
0
befunde
1
Gesamtzahl Audits
Keine Sicherheitsprobleme gefunden
Auditiert von: claude

Qualitätsbewertung

38
Architektur
100
Wartbarkeit
87
Inhalt
50
Community
100
Sicherheit
91
Spezifikationskonformität

Was du bauen kannst

Kubernetes Platform Engineer

Deploy Istio service mesh with mTLS enforcement and traffic policies for a production microservices platform handling high-availability requirements.

DevOps Team Lead

Implement canary deployments with traffic splitting and automated rollback using Istio VirtualService and DestinationRule configurations.

Security Architect

Design zero-trust network architecture with service-to-service authentication using mTLS and AuthorizationPolicy enforcement across all namespaces.

Probiere diese Prompts

Basic Service Mesh Setup 
Help me set up Istio service mesh on my Kubernetes cluster. I have 3 namespaces (dev, staging, prod) and need basic mTLS between services. What are the installation steps and initial configuration?
Traffic Routing Configuration 
I need to route 90% of traffic to version-1 and 10% to version-2 of my payment service. Create the Istio VirtualService and DestinationRule YAML configurations with explanation.
Circuit Breaker Implementation 
Design a circuit breaker configuration for my order service that handles upstream failures gracefully. Include connection pool settings, outlier detection, and retry policies with Istio.
Multi-Cluster Federation 
Plan a multi-cluster Istio mesh across AWS EKS and GCP GKE. Include requirements for cross-cluster service discovery, certificate management, and traffic federation between the two meshes.

Bewährte Verfahren

  • Start with PERMISSIVE mTLS mode and gradually migrate to STRICT after verifying all services communicate correctly
  • Implement circuit breakers and retry policies before production deployment, not after failures occur
  • Use namespace-level policy isolation to apply different security and traffic rules per environment

Vermeiden

  • Enabling strict mTLS cluster-wide without testing in permissive mode first - causes immediate service disruptions
  • Skipping circuit breaker configuration assuming services are reliable - cascading failures will occur under load
  • Over-provisioning sidecar resources without monitoring actual CPU and memory usage - increases costs unnecessarily

Häufig gestellte Fragen

What is the difference between Istio and Linkerd for my use case?
Istio offers comprehensive traffic management, security, and observability with more configuration options but higher complexity. Linkerd provides simpler mTLS and basic observability with lower resource overhead. Choose Istio for complex routing needs, Linkerd for straightforward mTLS with minimal operational burden.
Does service mesh add significant latency to my services?
Typical sidecar proxy overhead is 3-10ms per request for mTLS and routing. Linkerd generally has lower overhead (2-5ms) than Istio (5-10ms). The security and observability benefits usually outweigh the latency cost, but measure your specific workload before production deployment.
Can I use service mesh with non-Kubernetes workloads?
Istio supports VMs through istio-vm integration, allowing hybrid deployments. Linkerd requires Kubernetes. For mixed environments, Istio is the better choice with proper VM sidecar proxy configuration.
How do I handle database connections through the service mesh?
Database traffic typically bypasses the mesh using traffic exclusion rules. Configure sidecar interception exclusions for database ports, or use egress gateways for controlled external access with proper TLS origination.
What monitoring should I set up for the service mesh?
Monitor sidecar proxy CPU and memory, request latency percentencies (p50, p95, p99), error rates, mTLS connection status, and configuration sync health. Integrate with Prometheus and Grafana using built-in Istio or Linkerd dashboards.
How do I roll back a problematic mesh configuration?
Keep versioned Istio configurations in Git. Use kubectl apply with previous manifest versions for immediate rollback. For critical issues, disable sidecar injection at namespace level and redeploy pods to bypass the mesh temporarily.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/service-mesh-expert

Ref

main

Dateistruktur

đź“„ SKILL.md