This skill provides production-ready patterns for deploying and configuring Linkerd service mesh on Kubernetes, enabling automatic mTLS, traffic management, and zero-trust security policies.
下載技能 ZIP
在 Claude 中上傳
前往 設定 → 功能 → 技能 → 上傳技能
開啟並開始使用
測試它
正在使用「linkerd-patterns」。 Install Linkerd on my Kubernetes cluster
預期結果:
Here is how to install Linkerd:
1. Install the Linkerd CLI:
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
2. Validate your cluster:
linkerd check --pre
3. Install CRDs:
linkerd install --crds | kubectl apply -f -
4. Install control plane:
linkerd install | kubectl apply -f -
5. Verify installation:
linkerd check
正在使用「linkerd-patterns」。 Create a canary deployment setup
預期結果:
Here is a TrafficSplit configuration for canary deployment:
```yaml
apiVersion: split.smi-spec.io/v1alpha1
kind: TrafficSplit
metadata:
name: my-service-canary
namespace: my-namespace
spec:
service: my-service
backends:
- service: my-service-stable
weight: 900m
- service: my-service-canary
weight: 100m
```
This routes 90% to stable and 10% to canary.
正在使用「linkerd-patterns」。 How do I enable automatic retries?
預期結果:
Create a ServiceProfile with retry configuration:
```yaml
apiVersion: linkerd.io/v1alpha2
kind: ServiceProfile
metadata:
name: my-service.my-namespace.svc.cluster.local
spec:
routes:
- name: GET /api/users
condition:
method: GET
pathRegex: /api/users
isRetryable: true
retryBudget:
retryRatio: 0.2
minRetriesPerSecond: 10
ttl: 10s
```
The retryBudget allows up to 20% additional traffic from retries.
安全審計
低風險This skill provides Linkerd service mesh documentation and YAML templates. The static findings are false positives: shell commands are example documentation blocks, URLs point to official Linkerd resources, and the pipe-to-shell pattern is the standard installation method from Linkerd's official docs. No malicious intent detected.
中風險問題 (2)
低風險問題 (1)
風險因素
⚙️ 外部命令 (21)
品質評分
你能建構什麼
DevOps Engineer Setting Up Service Mesh
A DevOps engineer needs to secure microservice communications with automatic mTLS and implement traffic splitting for canary deployments.
Security Engineer Implementing Zero-Trust
A security engineer wants to enforce zero-trust network policies by restricting traffic between services using Linkerd's ServerAuthorization.
Platform Team Managing Multi-Cluster
A platform team needs to extend Linkerd across multiple Kubernetes clusters for high availability and disaster recovery.
試試這些提示
Install Linkerd on my Kubernetes cluster and verify the installation is working correctly.
Show me how to enable automatic mTLS for all pods in namespace 'my-app' and explain how Linkerd handles certificate rotation.
Create a TrafficSplit configuration to route 10% of traffic to 'my-service-canary' and 90% to 'my-service-stable' for canary deployment.
Create ServerAuthorization and Server resources to allow only the 'frontend' service account to access 'my-service' on port 8080 with mesh TLS.
最佳實務
- Always run 'linkerd check' after any configuration change to verify correctness
- Enable ServiceProfiles for all services to get per-route metrics and enable retries
- Start with permissive policies and tighten gradually; use Linkerd's visibility to understand traffic patterns first
避免
- Skipping the pre-installation check with 'linkerd check --pre'
- Applying configurations without understanding the impact on existing traffic
- Setting overly broad ServerAuthorization policies that defeat zero-trust goals