{"id":"f22a5ea8-b6c0-49ab-8903-99073721996e","shortId":"4TVzrn","kind":"skill","title":"linkerd-patterns","tagline":"Production patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes.","description":"\n\n# Linkerd Patterns\n\nProduction patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes.\n\n## Do not use this skill when\n\n- The task is unrelated to linkerd patterns\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources/implementation-playbook.md`.\n\n## Use this skill when\n\n- Setting up a lightweight service mesh\n- Implementing automatic mTLS\n- Configuring traffic splits for canary deployments\n- Setting up service profiles for per-route metrics\n- Implementing retries and timeouts\n- Multi-cluster service mesh\n\n## Core Concepts\n\n### 1. Linkerd Architecture\n\n```\n┌─────────────────────────────────────────────┐\n│ Control Plane │\n│ ┌─────────┐ ┌──────────┐ ┌──────────────┐ │\n│ │ destiny │ │ identity │ │ proxy-inject │ │\n│ └─────────┘ └──────────┘ └──────────────┘ │\n└─────────────────────────────────────────────┘\n │\n┌─────────────────────────────────────────────┐\n│ Data Plane │\n│ ┌─────┐ ┌─────┐ ┌─────┐ │\n│ │proxy│────│proxy│────│proxy│ │\n│ └─────┘ └─────┘ └─────┘ │\n│ │ │ │ │\n│ ┌──┴──┐ ┌──┴──┐ ┌──┴──┐ │\n│ │ app │ │ app │ │ app │ │\n│ └─────┘ └─────┘ └─────┘ │\n└─────────────────────────────────────────────┘\n```\n\n### 2. Key Resources\n\n| Resource | Purpose |\n|----------|---------|\n| **ServiceProfile** | Per-route metrics, retries, timeouts |\n| **TrafficSplit** | Canary deployments, A/B testing |\n| **Server** | Define server-side policies |\n| **ServerAuthorization** | Access control policies |\n\n## Templates\n\n### Template 1: Mesh Installation\n\n```bash\n# Install CLI\ncurl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh\n\n# Validate cluster\nlinkerd check --pre\n\n# Install CRDs\nlinkerd install --crds | kubectl apply -f -\n\n# Install control plane\nlinkerd install | kubectl apply -f -\n\n# Verify installation\nlinkerd check\n\n# Install viz extension (optional)\nlinkerd viz install | kubectl apply -f -\n```\n\n### Template 2: Inject Namespace\n\n```yaml\n# Automatic injection for namespace\napiVersion: v1\nkind: Namespace\nmetadata:\n name: my-app\n annotations:\n linkerd.io/inject: enabled\n---\n# Or inject specific deployment\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app\n annotations:\n linkerd.io/inject: enabled\nspec:\n template:\n metadata:\n annotations:\n linkerd.io/inject: enabled\n```\n\n### Template 3: Service Profile with Retries\n\n```yaml\napiVersion: linkerd.io/v1alpha2\nkind: ServiceProfile\nmetadata:\n name: my-service.my-namespace.svc.cluster.local\n namespace: my-namespace\nspec:\n routes:\n - name: GET /api/users\n condition:\n method: GET\n pathRegex: /api/users\n responseClasses:\n - condition:\n status:\n min: 500\n max: 599\n isFailure: true\n isRetryable: true\n - name: POST /api/users\n condition:\n method: POST\n pathRegex: /api/users\n # POST not retryable by default\n isRetryable: false\n - name: GET /api/users/{id}\n condition:\n method: GET\n pathRegex: /api/users/[^/]+\n timeout: 5s\n isRetryable: true\n retryBudget:\n retryRatio: 0.2\n minRetriesPerSecond: 10\n ttl: 10s\n```\n\n### Template 4: Traffic Split (Canary)\n\n```yaml\napiVersion: split.smi-spec.io/v1alpha1\nkind: TrafficSplit\nmetadata:\n name: my-service-canary\n namespace: my-namespace\nspec:\n service: my-service\n backends:\n - service: my-service-stable\n weight: 900m # 90%\n - service: my-service-canary\n weight: 100m # 10%\n```\n\n### Template 5: Server Authorization Policy\n\n```yaml\n# Define the server\napiVersion: policy.linkerd.io/v1beta1\nkind: Server\nmetadata:\n name: my-service-http\n namespace: my-namespace\nspec:\n podSelector:\n matchLabels:\n app: my-service\n port: http\n proxyProtocol: HTTP/1\n---\n# Allow traffic from specific clients\napiVersion: policy.linkerd.io/v1beta1\nkind: ServerAuthorization\nmetadata:\n name: allow-frontend\n namespace: my-namespace\nspec:\n server:\n name: my-service-http\n client:\n meshTLS:\n serviceAccounts:\n - name: frontend\n namespace: my-namespace\n---\n# Allow unauthenticated traffic (e.g., from ingress)\napiVersion: policy.linkerd.io/v1beta1\nkind: ServerAuthorization\nmetadata:\n name: allow-ingress\n namespace: my-namespace\nspec:\n server:\n name: my-service-http\n client:\n unauthenticated: true\n networks:\n - cidr: 10.0.0.0/8\n```\n\n### Template 6: HTTPRoute for Advanced Routing\n\n```yaml\napiVersion: policy.linkerd.io/v1beta2\nkind: HTTPRoute\nmetadata:\n name: my-route\n namespace: my-namespace\nspec:\n parentRefs:\n - name: my-service\n kind: Service\n group: core\n port: 8080\n rules:\n - matches:\n - path:\n type: PathPrefix\n value: /api/v2\n - headers:\n - name: x-api-version\n value: v2\n backendRefs:\n - name: my-service-v2\n port: 8080\n - matches:\n - path:\n type: PathPrefix\n value: /api\n backendRefs:\n - name: my-service-v1\n port: 8080\n```\n\n### Template 7: Multi-cluster Setup\n\n```bash\n# On each cluster, install with cluster credentials\nlinkerd multicluster install | kubectl apply -f -\n\n# Link clusters\nlinkerd multicluster link --cluster-name west \\\n --api-server-address https://west.example.com:6443 \\\n | kubectl apply -f -\n\n# Export a service to other clusters\nkubectl label svc/my-service mirror.linkerd.io/exported=true\n\n# Verify cross-cluster connectivity\nlinkerd multicluster check\nlinkerd multicluster gateways\n```\n\n## Monitoring Commands\n\n```bash\n# Live traffic view\nlinkerd viz top deploy/my-app\n\n# Per-route metrics\nlinkerd viz routes deploy/my-app\n\n# Check proxy status\nlinkerd viz stat deploy -n my-namespace\n\n# View service dependencies\nlinkerd viz edges deploy -n my-namespace\n\n# Dashboard\nlinkerd viz dashboard\n```\n\n## Debugging\n\n```bash\n# Check injection status\nlinkerd check --proxy -n my-namespace\n\n# View proxy logs\nkubectl logs deploy/my-app -c linkerd-proxy\n\n# Debug identity/TLS\nlinkerd identity -n my-namespace\n\n# Tap traffic (live)\nlinkerd viz tap deploy/my-app --to deploy/my-backend\n```\n\n## Best Practices\n\n### Do's\n- **Enable mTLS everywhere** - It's automatic with Linkerd\n- **Use ServiceProfiles** - Get per-route metrics and retries\n- **Set retry budgets** - Prevent retry storms\n- **Monitor golden metrics** - Success rate, latency, throughput\n\n### Don'ts\n- **Don't skip check** - Always run `linkerd check` after changes\n- **Don't over-configure** - Linkerd defaults are sensible\n- **Don't ignore ServiceProfiles** - They unlock advanced features\n- **Don't forget timeouts** - Set appropriate values per route\n\n## Resources\n\n- [Linkerd Documentation](https://linkerd.io/2.14/overview/)\n- [Service Profiles](https://linkerd.io/2.14/features/service-profiles/)\n- [Authorization Policy](https://linkerd.io/2.14/features/server-policy/)\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["linkerd","patterns","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-linkerd-patterns","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/linkerd-patterns","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34726 github stars · SKILL.md body (7,672 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T12:51:10.299Z","embedding":null,"createdAt":"2026-04-18T21:39:59.817Z","updatedAt":"2026-04-23T12:51:10.299Z","lastSeenAt":"2026-04-23T12:51:10.299Z","tsv":"'/2.14/features/server-policy/)':798 '/2.14/features/service-profiles/)':793 '/2.14/overview/)':788 '/8':496 '/api':559 '/api/users':294,299,313,318,328,334 '/api/v2':537 '/exported=true':616 '/inject:':242,260,268 '/install':184 '/v1alpha1':355 '/v1alpha2':280 '/v1beta1':402,434,471 '/v1beta2':507 '0.2':341 '1':124,171 '10':343,389 '10.0.0.0':495 '100m':388 '10s':345 '2':142,222 '3':271 '4':347 '5':391 '500':304 '599':306 '5s':336 '6':498 '7':569 '8080':530,553,567 '90':381 '900m':380 'a/b':157 'access':166 'action':74 'address':600 'advanc':501,772 'allow':426,440,462,477 'allow-frontend':439 'allow-ingress':476 'alway':751 'annot':239,257,265 'api':542,598 'api-server-address':597 'apivers':230,248,277,352,399,431,468,504 'app':139,140,141,238,256,418 'appli':66,197,205,219,586,603 'appropri':779 'apps/v1':249 'architectur':126 'ask':832 'author':393,794 'automat':96,226,720 'backend':373 'backendref':546,560 'bash':174,574,630,673 'best':68,711 'boundari':840 'budget':734 'c':690 'canari':102,155,350,363,386 'chang':756 'check':189,210,624,646,674,678,750,754 'cidr':494 'clarif':834 'clarifi':60 'clear':807 'cli':176 'client':430,453,490 'cluster':119,187,572,577,580,589,594,610,620 'cluster-nam':593 'command':629 'concept':123 'condit':295,301,314,330 'configur':98,761 'connect':621 'constraint':62 'control':127,167,200 'core':122,528 'crds':192,195 'credenti':581 'criteria':843 'cross':619 'cross-clust':618 'curl':177 'dashboard':668,671 'data':134 'debug':672,694 'default':323,763 'defin':160,396 'depend':659 'deploy':103,156,247,251,652,663 'deploy/my-app':637,645,689,708 'deploy/my-backend':710 'describ':811 'destini':129 'detail':79 'differ':52 'document':785 'domain':53 'e.g':465 'edg':662 'enabl':243,261,269,715 'environ':823 'environment-specif':822 'everywher':717 'exampl':80 'expert':828 'export':605 'extens':213 'f':198,206,220,587,604 'fals':325 'featur':773 'first':14,31 'forget':776 'frontend':441,457 'gateway':627 'get':293,297,327,332,725 'goal':61 'golden':739 'group':527 'header':538 'http':410,423,452,489 'http/1':425 'httprout':499,509 'https':179 'id':329 'ident':130,697 'identity/tls':695 'ignor':768 'implement':95,113 'ingress':467,478 'inject':133,223,227,245,675 'input':65,837 'instal':173,175,191,194,199,203,208,211,217,578,584 'instruct':59 'isfailur':307 'isretry':309,324,337 'key':143 'kind':232,250,281,356,403,435,472,508,525 'kubectl':196,204,218,585,602,611,687 'kubernet':18,35 'label':612 'latenc':743 'lightweight':11,28,92 'limit':799 'link':588,592 'linkerd':2,7,19,24,47,125,188,193,202,209,215,582,590,622,625,634,642,649,660,669,677,692,696,705,722,753,762,784 'linkerd-pattern':1 'linkerd-proxi':691 'linkerd.io':241,259,267,279,787,792,797 'linkerd.io/2.14/features/server-policy/)':796 'linkerd.io/2.14/features/service-profiles/)':791 'linkerd.io/2.14/overview/)':786 'linkerd.io/inject:':240,258,266 'linkerd.io/v1alpha2':278 'live':631,704 'log':686,688 'match':532,554,808 'matchlabel':417 'max':305 'mesh':9,16,26,33,94,121,172 'meshtl':454 'metadata':234,252,264,283,358,405,437,474,510 'method':296,315,331 'metric':112,151,641,729,740 'min':303 'minretriespersecond':342 'mirror.linkerd.io':615 'mirror.linkerd.io/exported=true':614 'miss':845 'monitor':628,738 'mtls':97,716 'multi':118,571 'multi-clust':117,570 'multiclust':583,591,623,626 'my-app':236,254 'my-namespac':287,365,412,443,459,480,516,654,665,681,699 'my-rout':512 'my-servic':370,419,522 'my-service-canari':360,383 'my-service-http':407,449,486 'my-service-st':375 'my-service-v1':562 'my-service-v2':548 'my-service.my-namespace.svc.cluster.local':285 'n':653,664,680,698 'name':235,253,284,292,311,326,359,406,438,448,456,475,485,511,521,539,547,561,595 'namespac':224,229,233,286,289,364,367,411,414,442,445,458,461,479,482,515,518,656,667,683,701 'need':50 'network':493 'open':83 'option':214 'outcom':72 'output':817 'outsid':56 'over-configur':759 'parentref':520 'path':533,555 'pathprefix':535,557 'pathregex':298,317,333 'pattern':3,5,20,22,48 'per':110,149,639,727,781 'per-rout':109,148,638,726 'permiss':838 'plane':128,135,201 'podselector':416 'polici':164,168,394,795 'policy.linkerd.io':401,433,470,506 'policy.linkerd.io/v1beta1':400,432,469 'policy.linkerd.io/v1beta2':505 'port':422,529,552,566 'post':312,316,319 'practic':69,712 'pre':190 'prevent':735 'product':4,21 'profil':107,273,790 'proto':178 'provid':73 'proxi':132,136,137,138,647,679,685,693 'proxy-inject':131 'proxyprotocol':424 'purpos':146 'rate':742 'relev':67 'requir':64,82,836 'resourc':144,145,783 'resources/implementation-playbook.md':84 'responseclass':300 'retri':114,152,275,731,733,736 'retryabl':321 'retrybudget':339 'retryratio':340 'review':829 'rout':111,150,291,502,514,640,644,728,782 'rule':531 'run':752 'run.linkerd.io':183 'run.linkerd.io/install':182 'safeti':839 'scope':58,810 'secur':13,30 'security-first':12,29 'sensibl':765 'server':159,162,392,398,404,447,484,599 'server-sid':161 'serverauthor':165,436,473 'servic':8,15,25,32,93,106,120,272,362,369,372,374,377,382,385,409,421,451,488,524,526,550,564,607,658,789 'serviceaccount':455 'serviceprofil':147,282,724,769 'set':89,104,732,778 'setup':573 'sh':185 'side':163 'skill':40,87,802 'skill-linkerd-patterns' 'skip':749 'source-sickn33' 'spec':262,290,368,415,446,483,519 'specif':246,429,824 'split':100,349 'split.smi-spec.io':354 'split.smi-spec.io/v1alpha1':353 'ssfl':181 'stabl':378 'stat':651 'status':302,648,676 'step':75 'stop':830 'storm':737 'substitut':820 'success':741,842 'svc/my-service':613 'tap':702,707 'task':43,806 'templat':169,170,221,263,270,346,390,497,568 'test':158,826 'throughput':744 'timeout':116,153,335,777 'tlsv1.2':180 'tool':55 'top':636 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'traffic':99,348,427,464,632,703 'trafficsplit':154,357 'treat':815 'true':308,310,338,492 'ts':746 'ttl':344 'type':534,556 'unauthent':463,491 'unlock':771 'unrel':45 'use':38,85,723,800 'v1':231,565 'v2':545,551 'valid':71,186,825 'valu':536,544,558,780 'verif':77 'verifi':207,617 'version':543 'view':633,657,684 'viz':212,216,635,643,650,661,670,706 'weight':379,387 'west':596 'west.example.com:6443':601 'x':541 'x-api-vers':540 'yaml':225,276,351,395,503","prices":[{"id":"06c31552-fde6-4415-a442-20b54ba9c0d8","listingId":"f22a5ea8-b6c0-49ab-8903-99073721996e","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:39:59.817Z"}],"sources":[{"listingId":"f22a5ea8-b6c0-49ab-8903-99073721996e","source":"github","sourceId":"sickn33/antigravity-awesome-skills/linkerd-patterns","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/linkerd-patterns","isPrimary":false,"firstSeenAt":"2026-04-18T21:39:59.817Z","lastSeenAt":"2026-04-23T12:51:10.299Z"}],"details":{"listingId":"f22a5ea8-b6c0-49ab-8903-99073721996e","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"linkerd-patterns","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34726,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-23T06:41:03Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"dfcda5459bafea796fccf26dfb39cd22a9064c44","skill_md_path":"skills/linkerd-patterns/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/linkerd-patterns"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"linkerd-patterns","description":"Production patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/linkerd-patterns"},"updatedAt":"2026-04-23T12:51:10.299Z"}}