npx skills add https://github.com/wshobson/agents --skill istio-traffic-managementHow Istio Traffic Management fits into a Paperclip company.
Istio Traffic Management drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.
Pre-configured AI company — 18 agents, 18 skills, one-time purchase.
SKILL.md321 linesExpandCollapse
---name: istio-traffic-managementdescription: Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.--- # Istio Traffic Management Comprehensive guide to Istio traffic management for production service mesh deployments. ## When to Use This Skill - Configuring service-to-service routing- Implementing canary or blue-green deployments- Setting up circuit breakers and retries- Load balancing configuration- Traffic mirroring for testing- Fault injection for chaos engineering ## Core Concepts ### 1. Traffic Management Resources | Resource | Purpose | Scope || ------------------- | ----------------------------- | ------------- || **VirtualService** | Route traffic to destinations | Host-based || **DestinationRule** | Define policies after routing | Service-based || **Gateway** | Configure ingress/egress | Cluster edge || **ServiceEntry** | Add external services | Mesh-wide | ### 2. Traffic Flow ```Client → Gateway → VirtualService → DestinationRule → Service (routing) (policies) (pods)``` ## Templates ### Template 1: Basic Routing ```yamlapiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: reviews-route namespace: bookinfospec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1---apiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata: name: reviews-destination namespace: bookinfospec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 - name: v3 labels: version: v3``` ### Template 2: Canary Deployment ```yamlapiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: my-service-canaryspec: hosts: - my-service http: - route: - destination: host: my-service subset: stable weight: 90 - destination: host: my-service subset: canary weight: 10---apiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata: name: my-service-drspec: host: my-service trafficPolicy: connectionPool: tcp: maxConnections: 100 http: h2UpgradePolicy: UPGRADE http1MaxPendingRequests: 100 http2MaxRequests: 1000 subsets: - name: stable labels: version: stable - name: canary labels: version: canary``` ### Template 3: Circuit Breaker ```yamlapiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata: name: circuit-breakerspec: host: my-service trafficPolicy: connectionPool: tcp: maxConnections: 100 http: http1MaxPendingRequests: 100 http2MaxRequests: 1000 maxRequestsPerConnection: 10 maxRetries: 3 outlierDetection: consecutive5xxErrors: 5 interval: 30s baseEjectionTime: 30s maxEjectionPercent: 50 minHealthPercent: 30``` ### Template 4: Retry and Timeout ```yamlapiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: ratings-retryspec: hosts: - ratings http: - route: - destination: host: ratings timeout: 10s retries: attempts: 3 perTryTimeout: 3s retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503 retryRemoteLocalities: true``` ### Template 5: Traffic Mirroring ```yamlapiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: mirror-trafficspec: hosts: - my-service http: - route: - destination: host: my-service subset: v1 mirror: host: my-service subset: v2 mirrorPercentage: value: 100.0``` ### Template 6: Fault Injection ```yamlapiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: fault-injectionspec: hosts: - ratings http: - fault: delay: percentage: value: 10 fixedDelay: 5s abort: percentage: value: 5 httpStatus: 503 route: - destination: host: ratings``` ### Template 7: Ingress Gateway ```yamlapiVersion: networking.istio.io/v1beta1kind: Gatewaymetadata: name: my-gatewayspec: selector: istio: ingressgateway servers: - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE credentialName: my-tls-secret hosts: - "*.example.com"---apiVersion: networking.istio.io/v1beta1kind: VirtualServicemetadata: name: my-vsspec: hosts: - "api.example.com" gateways: - my-gateway http: - match: - uri: prefix: /api/v1 route: - destination: host: api-service port: number: 8080``` ## Load Balancing Strategies ```yamlapiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata: name: load-balancingspec: host: my-service trafficPolicy: loadBalancer: simple: ROUND_ROBIN # or LEAST_CONN, RANDOM, PASSTHROUGH---# Consistent hashing for sticky sessionsapiVersion: networking.istio.io/v1beta1kind: DestinationRulemetadata: name: sticky-sessionsspec: host: my-service trafficPolicy: loadBalancer: consistentHash: httpHeaderName: x-user-id # or: httpCookie, useSourceIp, httpQueryParameterName``` ## Best Practices ### Do's - **Start simple** - Add complexity incrementally- **Use subsets** - Version your services clearly- **Set timeouts** - Always configure reasonable timeouts- **Enable retries** - But with backoff and limits- **Monitor** - Use Kiali and Jaeger for visibility ### Don'ts - **Don't over-retry** - Can cause cascading failures- **Don't ignore outlier detection** - Enable circuit breakers- **Don't mirror to production** - Mirror to test environments- **Don't skip canary** - Test with small traffic percentage first ## Debugging Commands ```bash# Check VirtualService configurationistioctl analyze # View effective routesistioctl proxy-config routes deploy/my-app -o json # Check endpoint discoveryistioctl proxy-config endpoints deploy/my-app # Debug trafficistioctl proxy-config log deploy/my-app --level debug```Accessibility Compliance
This walks you through implementing proper WCAG 2.2 compliance with real code patterns for screen readers, keyboard navigation, and mobile accessibility. It cov
Airflow Dag Patterns
If you're building data pipelines with Airflow, this skill gives you production-ready DAG patterns that actually work in the real world. It covers TaskFlow API
Angular Migration
Migrating from AngularJS to Angular is notoriously painful, and this skill tackles the practical stuff that makes or breaks these projects. It covers hybrid app