Skills linkerd-patterns

📦

linkerd-patterns

Name: linkerd-patterns
Author: wshobson

Safe 🌐 Network access⚙️ External commands

Set up Linkerd Service Mesh

Implementing a service mesh adds complexity to Kubernetes clusters. This skill provides ready-to-use templates and patterns for Linkerd, the lightweight CNCF service mesh that enables automatic mTLS, traffic splitting, and zero-trust networking with minimal configuration overhead.

Supports: Claude Codex Code(CC)

📊 69 Adequate

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "linkerd-patterns". Generate a TrafficSplit for canary deployment with 90/10 split

Expected outcome:

```yaml
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
name: my-service-canary
namespace: my-namespace
spec:
service: my-service
backends:
- service: my-service-stable
weight: 900m
- service: my-service-canary
weight: 100m
```

Using "linkerd-patterns". Create ServerAuthorization for authenticated clients only

Expected outcome:

```yaml
apiVersion: policy.linkerd.io/v1beta1
kind: ServerAuthorization
metadata:
name: allow-frontend
namespace: my-namespace
spec:
server:
name: my-service-http
client:
meshTLS:
serviceAccounts:
- name: frontend
namespace: my-namespace
```

Security Audit

Safe

v5 • 1/21/2026

All static findings evaluated as false positives. The skill contains only documentation and YAML templates for Linkerd service mesh. Patterns detected (URLs, shell pipes, network CIDRs) are legitimate infrastructure documentation. No actual code execution, cryptographic operations, or malicious patterns present.

Files scanned

748

Lines analyzed

findings

Total audits

Audited by: claude View Audit History →

Quality Score

Architecture

100

Maintainability

Content

Community

100

Security

Spec Compliance

What You Can Build

Setting up Linkerd for the First Time

DevOps engineers new to Linkerd can use this skill to generate complete installation commands, namespace injection configurations, and verification steps for a production-ready service mesh deployment.

Configuring Advanced Traffic Management

SREs and traffic engineers can create ServiceProfile configurations with custom retries, timeouts, and TrafficSplit resources for blue-green deployments and canary releases.

Implementing Zero-Trust Network Policies

Security teams can generate ServerAuthorization policies that restrict service-to-service communication to authenticated clients, supporting compliance requirements for zero-trust architectures.

Try These Prompts

Install Linkerd on Kubernetes

Generate the commands and YAML templates to install Linkerd on my Kubernetes cluster. Include pre-check validation, CRD installation, control plane setup, and the viz extension for observability.

Create Service Profile with Retries

Create a Linkerd ServiceProfile for my api-service with retry configuration. GET requests should be retryable with a 0.2 retry ratio. Set a 5 second timeout on endpoint calls.

Set Up Canary Deployment

Generate a TrafficSplit configuration to route 10% of traffic to my-service-canary while keeping 90% on my-service-stable for a controlled canary rollout.

Configure Authorization Policy

Create a ServerAuthorization policy that allows only my frontend service account to access the api-server on port 8080. All other traffic should be denied by default.

Best Practices

Always run linkerd check after any configuration change to validate the mesh is healthy before deploying changes to production traffic.
Enable automatic mTLS on all namespaces by default to ensure all service-to-service communication is encrypted and authenticated without manual certificate management.
Use ServiceProfiles to define per-route timeouts and retries that match your application semantics, preventing cascade failures during upstream issues.

Avoid

Skipping linkerd check after installation or configuration changes can lead to silent failures where the service mesh is not functioning as expected.
Configuring overly broad ServerAuthorization policies with unauthenticated access defeats the purpose of zero-trust networking and should be limited to specific ingress paths.
Setting retry budgets too high can cause retry storms during outages, overwhelming downstream services and degrading overall system stability.

Frequently Asked Questions

Does this skill execute commands on my cluster?

No, this skill only generates YAML configurations and kubectl commands based on your requirements. You review and apply them manually in your terminal.

What version of Linkerd is supported?

This skill targets Linkerd 2.x which is the current stable version. Templates use v1alpha2 and v1beta1 API versions common in 2.14 and later releases.

Can I use this with managed Kubernetes services?

Yes, Linkerd works with any conformant Kubernetes cluster including EKS, GKE, AKS, and self-managed clusters. The installation commands are identical.

How does Linkerd differ from Istio?

Linkerd is designed to be lightweight and simpler to operate with automatic mTLS, smaller resource footprint, and a focused feature set compared to Istio's extensive capabilities.

Do I need to generate certificates manually?

No, Linkerd handles mTLS certificate rotation automatically. The service mesh identity system manages certificates without operator intervention.

Can this skill help with troubleshooting?

The skill generates monitoring commands like linkerd viz top and linkerd viz stat to help diagnose traffic issues, but cannot interpret results or fix problems automatically.

Developer Details

Author

wshobson

License

MIT

Repository

https://github.com/wshobson/agents/tree/main/plugins/cloud-infrastructure/skills/linkerd-patterns

Ref

main

File structure

📄 SKILL.md