npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin service-mesh-configuratorWant just this skill?
Then install: npx claudepluginhub u/[userId]/[slug]
Configure this skill configures service meshes like istio and linkerd for microservices. it generates production-ready configurations, implements best practices, and ensures a security-first approach. use this skill when the user asks to "configure service ... Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
This skill is limited to using the following tools:
assets/README.mdassets/error_handling_strategies.mdassets/example_microservices_architecture.mdassets/istio_config_template.yamlassets/linkerd_config_template.yamlreferences/README.mdscripts/README.mdscripts/deploy_config.shscripts/generate_test_traffic.pyscripts/rollback_config.shscripts/validate_config.pyConfiguring Service Meshes
Overview
Configure service meshes (Istio, Linkerd, Consul Connect) for Kubernetes microservices architectures. Generate mTLS configurations, traffic management rules (routing, splitting, mirroring), observability integrations (distributed tracing, metrics), and resilience patterns (retries, circuit breakers, timeouts).
Prerequisites
- Kubernetes cluster accessible via
kubectlwith admin permissions - Service mesh CLI installed:
istioctl,linkerd, orconsul - Helm 3+ for service mesh installation charts
- Understanding of microservice communication patterns and dependencies
- Observability backend available (Jaeger, Zipkin, or Prometheus/Grafana) for tracing and metrics
Instructions
- Select the service mesh based on requirements: Istio for full-featured L7 control, Linkerd for lightweight simplicity, Consul Connect for multi-platform
- Install the control plane:
istioctl install --set profile=productionorlinkerd install | kubectl apply -f - - Enable sidecar injection for target namespaces: label namespaces with
istio-injection=enabledorlinkerd.io/inject=enabled - Configure mTLS: set PeerAuthentication to STRICT mode for zero-trust inter-service communication
- Define traffic management rules: VirtualService for routing, DestinationRule for load balancing and circuit breaking
- Set up traffic splitting for canary deployments: route a percentage of traffic to the new version
- Configure retry policies and timeouts to improve resilience against transient failures
- Integrate observability: connect to Jaeger/Zipkin for distributed tracing, Prometheus for metrics, and Kiali for visualization
- Validate the mesh: verify sidecar injection, mTLS status, and traffic routing with
istioctl analyzeorlinkerd check
Output
- Service mesh installation manifests or Helm values
- PeerAuthentication and AuthorizationPolicy manifests for mTLS and RBAC
- VirtualService and DestinationRule manifests for traffic management
- ServiceEntry manifests for external service access
- Observability integration configuration (Jaeger, Prometheus, Kiali)
Error Handling
| Error | Cause | Solution |
|---|---|---|
sidecar not injected | Namespace not labeled for injection or pod has annotation to skip | Add istio-injection=enabled label to namespace; check pod annotations |
mTLS handshake failed | Mismatched TLS settings between services or missing certificates | Set PeerAuthentication to PERMISSIVE temporarily; check istioctl proxy-status |
503 Service Unavailable | Circuit breaker tripped or upstream connection pool exhausted | Review DestinationRule connection pool settings; increase maxConnections and http2MaxRequests |
traffic not splitting correctly | VirtualService weight percentages misconfigured | Verify weights sum to 100; check VirtualService is bound to the correct gateway/host |
high latency after mesh install | Sidecar proxy adding overhead or misconfigured timeouts | Tune proxy resources; review timeout settings; check if services are using HTTP/2 |
Examples
- "Install Istio with strict mTLS on a production cluster and configure a VirtualService for canary routing: 90% to v1, 10% to v2."
- "Set up Linkerd on a microservices cluster with automatic retries (3 attempts, 500ms timeout) and integrate with Prometheus for golden signal metrics."
- "Configure an Istio AuthorizationPolicy that allows only the frontend service to call the API gateway, blocking all other inter-service traffic."
Resources
- Istio documentation: https://istio.io/latest/docs/
- Linkerd documentation: https://linkerd.io/2/overview/
- Consul Connect: https://developer.hashicorp.com/consul/docs/connect
- Kiali (service mesh observability): https://kiali.io/docs/
Similar Skills
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.