Skills istio-traffic-management
πŸ•ΈοΈ

istio-traffic-management

Safe 🌐 Network accessβš™οΈ External commands

Configure Istio traffic management fast

Managing Istio traffic policies across services is complex and error prone. This skill provides ready templates and guidance for routing, canary rollouts, and resilience controls.

Supports: Claude Codex Code(CC)
πŸ“Š 69 Adequate
1

Download the skill ZIP

2

Upload in Claude

Go to Settings β†’ Capabilities β†’ Skills β†’ Upload skill

3

Toggle on and start using

Test it

Using "istio-traffic-management". Set up a 95 5 canary for payments with stable and canary subsets

Expected outcome:

  • VirtualService routes payments with 95 percent stable and 5 percent canary
  • DestinationRule defines stable and canary subsets with version labels
  • Notes on adjusting weights during the rollout

Using "istio-traffic-management". Configure circuit breakers for my-api with max connections and outlier detection

Expected outcome:

  • DestinationRule sets connection pool limits and outlier detection thresholds
  • Circuit breaker triggers after 5 consecutive 5xx errors
  • Ejection removes unhealthy instances for 30 seconds base time

Using "istio-traffic-management". Add retries and timeouts to the ratings service VirtualService

Expected outcome:

  • VirtualService includes 3 retry attempts with 3 second per-try timeout
  • Timeout set to 10 seconds per request
  • Retries trigger on connect-failure, refused-stream, unavailable, and cancelled

Security Audit

Safe
v4 β€’ 1/17/2026

This skill contains only static documentation with YAML configuration templates for Istio traffic management. No executable code, data access, network communication, or file manipulation is present. The 57 static findings are all false positives caused by YAML field names being misinterpreted as cryptographic terms, code block markers being flagged as shell backticks, and hash values being flagged as weak algorithms.

2
Files scanned
502
Lines analyzed
2
findings
4
Total audits

Risk Factors

🌐 Network access (4)
skill-report.json:6 SKILL.md:323 SKILL.md:324 SKILL.md:325
βš™οΈ External commands (19)
SKILL.md:32-35 SKILL.md:35-41 SKILL.md:41-81 SKILL.md:81-85 SKILL.md:85-125 SKILL.md:125-129 SKILL.md:129-151 SKILL.md:151-155 SKILL.md:155-173 SKILL.md:173-177 SKILL.md:177-195 SKILL.md:195-199 SKILL.md:199-220 SKILL.md:220-224 SKILL.md:224-261 SKILL.md:261-265 SKILL.md:265-288 SKILL.md:288-307 SKILL.md:307-319
Audited by: claude View Audit History β†’

Quality Score

38
Architecture
100
Maintainability
85
Content
21
Community
100
Security
91
Spec Compliance

What You Can Build

Standardize mesh routing

Generate consistent VirtualService and DestinationRule patterns for team services.

Harden service resilience

Define retries, timeouts, and circuit breakers to reduce cascading failures.

Run safe canaries

Create weighted splits for stable and canary versions during rollouts.

Try These Prompts

Basic routing 
Create a VirtualService and DestinationRule for reviews with v1 and v2 subsets. Route header end-user jason to v2 and others to v1.
Canary rollout 
Generate Istio manifests for my-service with stable and canary subsets. Use 90 percent stable and 10 percent canary.
Resilience policy 
Provide a DestinationRule with connection pools and outlier detection for my-service. Add a VirtualService with retries and timeouts.
Ingress gateway 
Create a Gateway for *.example.com with TLS and a VirtualService that routes /api/v1 to api-service on port 8080.

Best Practices

  • Use clear version labels for subsets
  • Set conservative timeouts and retry limits
  • Start canaries with small traffic weights

Avoid

  • Mirroring traffic to production targets
  • Unlimited retries without backoff
  • Skipping outlier detection on critical paths

Frequently Asked Questions

Which Istio versions are supported
Templates use networking v1beta1 APIs that are supported in recent Istio releases.
What can this skill not do
It does not deploy resources or validate policies against a live cluster.
Can I integrate this with CI or GitOps
Yes, you can generate manifests and apply them in your existing pipelines.
Does it collect or send my data
No, it only provides static guidance and templates without data collection.
What if routing rules do not apply
Use istioctl analyze and proxy-config commands to inspect config and endpoints.
How is this different from Kubernetes Ingress
It adds mesh-aware routing, traffic shaping, and resilience policies.

Developer Details

Author

wshobson

License

MIT

Repository

https://github.com/wshobson/agents/tree/main/plugins/cloud-infrastructure/skills/istio-traffic-management

Ref

main

File structure

πŸ“„ SKILL.md