service-mesh-integrator
Configure service mesh solutions including Istio, Linkerd, and Consul for traffic management, security, and observability in microservices. Activates for service mesh setup, mTLS, traffic routing, and mesh configuration.
allowed_tools: Read, Write, Edit, Bash, Grep, Glob
$ Installieren
git clone https://github.com/Dexploarer/hyper-forge /tmp/hyper-forge && cp -r /tmp/hyper-forge/.claude/skills/service-mesh-integrator ~/.claude/skills/hyper-forge// tip: Run this command in your terminal to install the skill
SKILL.md
name: service-mesh-integrator description: Configure service mesh solutions including Istio, Linkerd, and Consul for traffic management, security, and observability in microservices. Activates for service mesh setup, mTLS, traffic routing, and mesh configuration. allowed-tools: [Read, Write, Edit, Bash, Grep, Glob]
Service Mesh Integrator
Configure enterprise service mesh for secure, observable microservices communication.
When to Use
- Setting up Istio, Linkerd, or Consul service mesh
- Implementing mTLS between services
- Configuring traffic routing and load balancing
- Setting up canary deployments
- Implementing circuit breakers and retries
- Configuring observability (metrics, tracing, logging)
Istio Configuration
# Install Istio
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio-control-plane
spec:
profile: production
components:
pilot:
k8s:
resources:
requests:
cpu: 500m
memory: 2Gi
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
replicas: 3
---
# Virtual Service for traffic routing
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: user-service
spec:
hosts:
- user-service
http:
- match:
- headers:
version:
exact: v2
route:
- destination:
host: user-service
subset: v2
weight: 100
- route:
- destination:
host: user-service
subset: v1
weight: 90
- destination:
host: user-service
subset: v2
weight: 10
---
# Destination Rule
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: user-service
spec:
host: user-service
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
connectionPool:
tcp:
maxConnections: 100
http:
http1MaxPendingRequests: 50
http2MaxRequests: 100
outlierDetection:
consecutive5xxErrors: 5
interval: 30s
baseEjectionTime: 30s
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
mTLS Configuration
# Enable mTLS globally
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: istio-system
spec:
mtls:
mode: STRICT
---
# Authorization policy
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: user-service-authz
spec:
selector:
matchLabels:
app: user-service
rules:
- from:
- source:
principals:
- cluster.local/ns/default/sa/order-service
to:
- operation:
methods: ["GET", "POST"]
paths: ["/api/v1/users/*"]
Best Practices
- ✅ Enable mTLS for all service-to-service communication
- ✅ Use traffic splitting for canary deployments
- ✅ Configure circuit breakers and retries
- ✅ Implement rate limiting per service
- ✅ Use observability features (tracing, metrics)
- ✅ Regular security policy audits
Related Skills
microservices-orchestratordistributed-tracing-setupsla-monitor-generator
Repository
Dexploarer
Author
Dexploarer/hyper-forge/.claude/skills/service-mesh-integrator
2
Stars
1
Forks
Updated3d ago
Added1w ago