Setup Service Mesh
Skill Verifiziert AktivDeploy and configure a service mesh (Istio or Linkerd) to enable secure service-to-service communication, traffic management, observability, and policy enforcement in Kubernetes clusters. Covers installation, mTLS configuration, traffic routing, circuit breaking, and integration with monitoring tools. Use when microservices need encrypted service-to-service communication, fine-grained traffic control for canary or A/B deployments, observability across all service interactions without application changes, or consistent circuit breaking and retry policies.
To enable secure service-to-service communication, advanced traffic management, and enhanced observability in Kubernetes microservices architectures by deploying and configuring a service mesh.
Funktionen
- Istio and Linkerd installation and configuration
- Automatic sidecar proxy injection
- mTLS policy enforcement
- Traffic routing, splitting, and retries
- Integration with observability stacks (Prometheus, Grafana, Jaeger)
- Health check and validation procedures
Anwendungsfälle
- When microservices need encrypted service-to-service communication.
- For fine-grained traffic control in canary or A/B deployments.
- To gain observability across all service interactions without application changes.
- To enforce consistent circuit breaking and retry policies.
Nicht-Ziele
- Application-level security configurations beyond infrastructure-level mTLS.
- Detailed monitoring dashboard configuration beyond basic setup.
- Management of Kubernetes clusters themselves (e.g., node provisioning).
Scope
- info:Dry-run previewWhile there isn't a specific '--dry-run' flag for the entire skill, commands like `kubectl apply` and `istioctl install` have preview/dry-run capabilities that could be utilized by a user.
Installation
/plugin install agent-almanac@pjt222-agent-almanacQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Service Mesh Observability
98Implement comprehensive observability for service meshes including distributed tracing, metrics, and visualization. Use when setting up mesh monitoring, debugging latency issues, or implementing SLOs for service communication.
Mtls Configuration
98Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
Linkerd Patterns
97Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead.
K8s Manifest Generator
100Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.
Setup Container Registry
99Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.
Istio Traffic Management
95Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.