Skill

configuring-service-meshes

Configures Istio, Linkerd, and Consul Connect for Kubernetes microservices. Generates mTLS, traffic routing, resilience policies, and observability configs.

Kubernetes

Bash

devops

security

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin service-mesh-configurator

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGrepGlobBash(cmd:*)

Preview

Configure service meshes (Istio, Linkerd, Consul Connect) for Kubernetes microservices architectures. Generate mTLS configurations, traffic management rules (routing, splitting, mirroring), observability integrations (distributed tracing, metrics), and resilience patterns (retries, circuit breakers, timeouts).

Supporting Assets

assets/README.mdassets/error_handling_strategies.mdassets/example_microservices_architecture.mdassets/istio_config_template.yamlassets/linkerd_config_template.yamlreferences/README.mdscripts/README.mdscripts/deploy_config.shscripts/generate_test_traffic.pyscripts/rollback_config.shscripts/validate_config.py

SKILL.md

Similar Skills

setup-service-mesh

Deploys and configures Istio or Linkerd service mesh in Kubernetes for secure mTLS communication, traffic management, observability, circuit breaking, and policy enforcement. Use for microservices needing canary deployments or service-level observability.

1 file1 tool

agent-almanac

service-mesh-expert

682

Implements and optimizes Istio/Linkerd service meshes for Kubernetes traffic management, mTLS security, observability, and multi-cluster federation.

rmyndharis-antigravity-skills

service-mesh-expert

36.5k

Architects service meshes using Istio and Linkerd for Kubernetes, covering traffic management, mTLS security, observability, multi-cluster federation, and canary deployments.

antigravity-awesome-skills

Stats

Parent Repo Stars1853

Parent Repo Forks248

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Configuring Service Meshes

Overview

Prerequisites

Kubernetes cluster accessible via kubectl with admin permissions
Service mesh CLI installed: istioctl, linkerd, or consul
Helm 3+ for service mesh installation charts
Understanding of microservice communication patterns and dependencies
Observability backend available (Jaeger, Zipkin, or Prometheus/Grafana) for tracing and metrics

Instructions

Select the service mesh based on requirements: Istio for full-featured L7 control, Linkerd for lightweight simplicity, Consul Connect for multi-platform
Install the control plane: istioctl install --set profile=production or linkerd install | kubectl apply -f -
Enable sidecar injection for target namespaces: label namespaces with istio-injection=enabled or linkerd.io/inject=enabled
Configure mTLS: set PeerAuthentication to STRICT mode for zero-trust inter-service communication
Define traffic management rules: VirtualService for routing, DestinationRule for load balancing and circuit breaking
Set up traffic splitting for canary deployments: route a percentage of traffic to the new version
Configure retry policies and timeouts to improve resilience against transient failures
Integrate observability: connect to Jaeger/Zipkin for distributed tracing, Prometheus for metrics, and Kiali for visualization
Validate the mesh: verify sidecar injection, mTLS status, and traffic routing with istioctl analyze or linkerd check

Output

Service mesh installation manifests or Helm values
PeerAuthentication and AuthorizationPolicy manifests for mTLS and RBAC
VirtualService and DestinationRule manifests for traffic management
ServiceEntry manifests for external service access
Observability integration configuration (Jaeger, Prometheus, Kiali)

Error Handling

Error	Cause	Solution
`sidecar not injected`	Namespace not labeled for injection or pod has annotation to skip	Add `istio-injection=enabled` label to namespace; check pod annotations
`mTLS handshake failed`	Mismatched TLS settings between services or missing certificates	Set PeerAuthentication to PERMISSIVE temporarily; check `istioctl proxy-status`
`503 Service Unavailable`	Circuit breaker tripped or upstream connection pool exhausted	Review DestinationRule connection pool settings; increase `maxConnections` and `http2MaxRequests`
`traffic not splitting correctly`	VirtualService weight percentages misconfigured	Verify weights sum to 100; check VirtualService is bound to the correct gateway/host
`high latency after mesh install`	Sidecar proxy adding overhead or misconfigured timeouts	Tune proxy resources; review timeout settings; check if services are using HTTP/2

Examples

"Install Istio with strict mTLS on a production cluster and configure a VirtualService for canary routing: 90% to v1, 10% to v2."
"Set up Linkerd on a microservices cluster with automatic retries (3 attempts, 500ms timeout) and integrate with Prometheus for golden signal metrics."
"Configure an Istio AuthorizationPolicy that allows only the frontend service to call the API gateway, blocking all other inter-service traffic."

Resources

Istio documentation: https://istio.io/latest/docs/
Linkerd documentation: https://linkerd.io/2/overview/
Consul Connect: https://developer.hashicorp.com/consul/docs/connect
Kiali (service mesh observability): https://kiali.io/docs/