DiscordSign up
SKILLS.SH

istio-traffic-management

Configure Istio routing, load balancing, circuit breakers, and canary deployments for service mesh traffic policies. Covers four core resources: VirtualService for host-based routing, DestinationRule for service-level policies, Gateway for ingress/egress, and ServiceEntry for external services Includes templates for basic routing, canary deployments (weighted traffic splits), circuit breakers with outlier detection, retries with timeouts, traffic mirroring, and fault injection Supports multiple load balancing strategies including round-robin, least connections, random, and consistent hashing for sticky sessions Provides debugging commands via istioctl for analyzing routes, endpoints, and traffic configuration

INSTALLATION
npx skills add https://github.com/wshobson/agents --skill istio-traffic-management
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Istio Traffic Management

Comprehensive guide to Istio traffic management for production service mesh deployments.

When to Use This Skill

  • Configuring service-to-service routing
  • Implementing canary or blue-green deployments
  • Setting up circuit breakers and retries
  • Load balancing configuration
  • Traffic mirroring for testing
  • Fault injection for chaos engineering

Core Concepts

1. Traffic Management Resources

Resource

Purpose

Scope

VirtualService

Route traffic to destinations

Host-based

DestinationRule

Define policies after routing

Service-based

Gateway

Configure ingress/egress

Cluster edge

ServiceEntry

Add external services

Mesh-wide

2. Traffic Flow

Client → Gateway → VirtualService → DestinationRule → Service

                   (routing)        (policies)        (pods)

Templates

Template 1: Basic Routing

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: reviews-route

  namespace: bookinfo

spec:

  hosts:

    - reviews

  http:

    - match:

        - headers:

            end-user:

              exact: jason

      route:

        - destination:

            host: reviews

            subset: v2

    - route:

        - destination:

            host: reviews

            subset: v1

---

apiVersion: networking.istio.io/v1beta1

kind: DestinationRule

metadata:

  name: reviews-destination

  namespace: bookinfo

spec:

  host: reviews

  subsets:

    - name: v1

      labels:

        version: v1

    - name: v2

      labels:

        version: v2

    - name: v3

      labels:

        version: v3

Template 2: Canary Deployment

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: my-service-canary

spec:

  hosts:

    - my-service

  http:

    - route:

        - destination:

            host: my-service

            subset: stable

          weight: 90

        - destination:

            host: my-service

            subset: canary

          weight: 10

---

apiVersion: networking.istio.io/v1beta1

kind: DestinationRule

metadata:

  name: my-service-dr

spec:

  host: my-service

  trafficPolicy:

    connectionPool:

      tcp:

        maxConnections: 100

      http:

        h2UpgradePolicy: UPGRADE

        http1MaxPendingRequests: 100

        http2MaxRequests: 1000

  subsets:

    - name: stable

      labels:

        version: stable

    - name: canary

      labels:

        version: canary

Template 3: Circuit Breaker

apiVersion: networking.istio.io/v1beta1

kind: DestinationRule

metadata:

  name: circuit-breaker

spec:

  host: my-service

  trafficPolicy:

    connectionPool:

      tcp:

        maxConnections: 100

      http:

        http1MaxPendingRequests: 100

        http2MaxRequests: 1000

        maxRequestsPerConnection: 10

        maxRetries: 3

    outlierDetection:

      consecutive5xxErrors: 5

      interval: 30s

      baseEjectionTime: 30s

      maxEjectionPercent: 50

      minHealthPercent: 30

Template 4: Retry and Timeout

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: ratings-retry

spec:

  hosts:

    - ratings

  http:

    - route:

        - destination:

            host: ratings

      timeout: 10s

      retries:

        attempts: 3

        perTryTimeout: 3s

        retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503

        retryRemoteLocalities: true

Template 5: Traffic Mirroring

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: mirror-traffic

spec:

  hosts:

    - my-service

  http:

    - route:

        - destination:

            host: my-service

            subset: v1

      mirror:

        host: my-service

        subset: v2

      mirrorPercentage:

        value: 100.0

Template 6: Fault Injection

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: fault-injection

spec:

  hosts:

    - ratings

  http:

    - fault:

        delay:

          percentage:

            value: 10

          fixedDelay: 5s

        abort:

          percentage:

            value: 5

          httpStatus: 503

      route:

        - destination:

            host: ratings

Template 7: Ingress Gateway

apiVersion: networking.istio.io/v1beta1

kind: Gateway

metadata:

  name: my-gateway

spec:

  selector:

    istio: ingressgateway

  servers:

    - port:

        number: 443

        name: https

        protocol: HTTPS

      tls:

        mode: SIMPLE

        credentialName: my-tls-secret

      hosts:

        - "*.example.com"

---

apiVersion: networking.istio.io/v1beta1

kind: VirtualService

metadata:

  name: my-vs

spec:

  hosts:

    - "api.example.com"

  gateways:

    - my-gateway

  http:

    - match:

        - uri:

            prefix: /api/v1

      route:

        - destination:

            host: api-service

            port:

              number: 8080

Load Balancing Strategies

apiVersion: networking.istio.io/v1beta1

kind: DestinationRule

metadata:

  name: load-balancing

spec:

  host: my-service

  trafficPolicy:

    loadBalancer:

      simple: ROUND_ROBIN # or LEAST_CONN, RANDOM, PASSTHROUGH

---

# Consistent hashing for sticky sessions

apiVersion: networking.istio.io/v1beta1

kind: DestinationRule

metadata:

  name: sticky-sessions

spec:

  host: my-service

  trafficPolicy:

    loadBalancer:

      consistentHash:

        httpHeaderName: x-user-id

        # or: httpCookie, useSourceIp, httpQueryParameterName

Best Practices

Do's

  • Start simple - Add complexity incrementally
  • Use subsets - Version your services clearly
  • Set timeouts - Always configure reasonable timeouts
  • Enable retries - But with backoff and limits
  • Monitor - Use Kiali and Jaeger for visibility

Don'ts

  • Don't over-retry - Can cause cascading failures
  • Don't ignore outlier detection - Enable circuit breakers
  • Don't mirror to production - Mirror to test environments
  • Don't skip canary - Test with small traffic percentage first

Debugging Commands

# Check VirtualService configuration

istioctl analyze

# View effective routes

istioctl proxy-config routes deploy/my-app -o json

# Check endpoint discovery

istioctl proxy-config endpoints deploy/my-app

# Debug traffic

istioctl proxy-config log deploy/my-app --level debug
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card