{"id":"581bd0b8-3067-43bb-a977-46ab85587735","shortId":"5yUngy","kind":"skill","title":"istio-traffic-management","tagline":"Comprehensive guide to Istio traffic management for production service mesh deployments.","description":"# Istio Traffic Management\n\nComprehensive guide to Istio traffic management for production service mesh deployments.\n\n## Do not use this skill when\n\n- The task is unrelated to istio traffic management\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources/implementation-playbook.md`.\n\n## Use this skill when\n\n- Configuring service-to-service routing\n- Implementing canary or blue-green deployments\n- Setting up circuit breakers and retries\n- Load balancing configuration\n- Traffic mirroring for testing\n- Fault injection for chaos engineering\n\n## Core Concepts\n\n### 1. Traffic Management Resources\n\n| Resource | Purpose | Scope |\n|----------|---------|-------|\n| **VirtualService** | Route traffic to destinations | Host-based |\n| **DestinationRule** | Define policies after routing | Service-based |\n| **Gateway** | Configure ingress/egress | Cluster edge |\n| **ServiceEntry** | Add external services | Mesh-wide |\n\n### 2. Traffic Flow\n\n```\nClient → Gateway → VirtualService → DestinationRule → Service\n                   (routing)        (policies)        (pods)\n```\n\n## Templates\n\n### Template 1: Basic Routing\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: reviews-route\n  namespace: bookinfo\nspec:\n  hosts:\n    - reviews\n  http:\n    - match:\n        - headers:\n            end-user:\n              exact: jason\n      route:\n        - destination:\n            host: reviews\n            subset: v2\n    - route:\n        - destination:\n            host: reviews\n            subset: v1\n---\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: reviews-destination\n  namespace: bookinfo\nspec:\n  host: reviews\n  subsets:\n    - name: v1\n      labels:\n        version: v1\n    - name: v2\n      labels:\n        version: v2\n    - name: v3\n      labels:\n        version: v3\n```\n\n### Template 2: Canary Deployment\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: my-service-canary\nspec:\n  hosts:\n    - my-service\n  http:\n    - route:\n        - destination:\n            host: my-service\n            subset: stable\n          weight: 90\n        - destination:\n            host: my-service\n            subset: canary\n          weight: 10\n---\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: my-service-dr\nspec:\n  host: my-service\n  trafficPolicy:\n    connectionPool:\n      tcp:\n        maxConnections: 100\n      http:\n        h2UpgradePolicy: UPGRADE\n        http1MaxPendingRequests: 100\n        http2MaxRequests: 1000\n  subsets:\n    - name: stable\n      labels:\n        version: stable\n    - name: canary\n      labels:\n        version: canary\n```\n\n### Template 3: Circuit Breaker\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: circuit-breaker\nspec:\n  host: my-service\n  trafficPolicy:\n    connectionPool:\n      tcp:\n        maxConnections: 100\n      http:\n        http1MaxPendingRequests: 100\n        http2MaxRequests: 1000\n        maxRequestsPerConnection: 10\n        maxRetries: 3\n    outlierDetection:\n      consecutive5xxErrors: 5\n      interval: 30s\n      baseEjectionTime: 30s\n      maxEjectionPercent: 50\n      minHealthPercent: 30\n```\n\n### Template 4: Retry and Timeout\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: ratings-retry\nspec:\n  hosts:\n    - ratings\n  http:\n    - route:\n        - destination:\n            host: ratings\n      timeout: 10s\n      retries:\n        attempts: 3\n        perTryTimeout: 3s\n        retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503\n        retryRemoteLocalities: true\n```\n\n### Template 5: Traffic Mirroring\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: mirror-traffic\nspec:\n  hosts:\n    - my-service\n  http:\n    - route:\n        - destination:\n            host: my-service\n            subset: v1\n      mirror:\n        host: my-service\n        subset: v2\n      mirrorPercentage:\n        value: 100.0\n```\n\n### Template 6: Fault Injection\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: fault-injection\nspec:\n  hosts:\n    - ratings\n  http:\n    - fault:\n        delay:\n          percentage:\n            value: 10\n          fixedDelay: 5s\n        abort:\n          percentage:\n            value: 5\n          httpStatus: 503\n      route:\n        - destination:\n            host: ratings\n```\n\n### Template 7: Ingress Gateway\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: Gateway\nmetadata:\n  name: my-gateway\nspec:\n  selector:\n    istio: ingressgateway\n  servers:\n    - port:\n        number: 443\n        name: https\n        protocol: HTTPS\n      tls:\n        mode: SIMPLE\n        credentialName: my-tls-secret\n      hosts:\n        - \"*.example.com\"\n---\napiVersion: networking.istio.io/v1beta1\nkind: VirtualService\nmetadata:\n  name: my-vs\nspec:\n  hosts:\n    - \"api.example.com\"\n  gateways:\n    - my-gateway\n  http:\n    - match:\n        - uri:\n            prefix: /api/v1\n      route:\n        - destination:\n            host: api-service\n            port:\n              number: 8080\n```\n\n## Load Balancing Strategies\n\n```yaml\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: load-balancing\nspec:\n  host: my-service\n  trafficPolicy:\n    loadBalancer:\n      simple: ROUND_ROBIN  # or LEAST_CONN, RANDOM, PASSTHROUGH\n---\n# Consistent hashing for sticky sessions\napiVersion: networking.istio.io/v1beta1\nkind: DestinationRule\nmetadata:\n  name: sticky-sessions\nspec:\n  host: my-service\n  trafficPolicy:\n    loadBalancer:\n      consistentHash:\n        httpHeaderName: x-user-id\n        # or: httpCookie, useSourceIp, httpQueryParameterName\n```\n\n## Best Practices\n\n### Do's\n- **Start simple** - Add complexity incrementally\n- **Use subsets** - Version your services clearly\n- **Set timeouts** - Always configure reasonable timeouts\n- **Enable retries** - But with backoff and limits\n- **Monitor** - Use Kiali and Jaeger for visibility\n\n### Don'ts\n- **Don't over-retry** - Can cause cascading failures\n- **Don't ignore outlier detection** - Enable circuit breakers\n- **Don't mirror to production** - Mirror to test environments\n- **Don't skip canary** - Test with small traffic percentage first\n\n## Debugging Commands\n\n```bash\n# Check VirtualService configuration\nistioctl analyze\n\n# View effective routes\nistioctl proxy-config routes deploy/my-app -o json\n\n# Check endpoint discovery\nistioctl proxy-config endpoints deploy/my-app\n\n# Debug traffic\nistioctl proxy-config log deploy/my-app --level debug\n```\n\n## Resources\n\n- [Istio Traffic Management](https://istio.io/latest/docs/concepts/traffic-management/)\n- [Virtual Service Reference](https://istio.io/latest/docs/reference/config/networking/virtual-service/)\n- [Destination Rule Reference](https://istio.io/latest/docs/reference/config/networking/destination-rule/)\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["istio","traffic","management","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-istio-traffic-management","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/istio-traffic-management","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34768 github stars · SKILL.md body (7,447 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T18:51:33.724Z","embedding":null,"createdAt":"2026-04-18T21:39:19.713Z","updatedAt":"2026-04-23T18:51:33.724Z","lastSeenAt":"2026-04-23T18:51:33.724Z","tsv":"'/api/v1':549 '/latest/docs/concepts/traffic-management/)':739 '/latest/docs/reference/config/networking/destination-rule/)':751 '/latest/docs/reference/config/networking/virtual-service/)':745 '/v1beta1':172,208,245,282,327,374,420,460,497,530,566,597 '1':117,165 '10':278,351,476 '100':300,305,344,347 '100.0':451 '1000':307,349 '10s':391 '2':152,238 '3':320,353,394 '30':364 '30s':358,360 '3s':396 '4':366 '443':512 '4xx':408 '5':356,413,482 '50':362 '503':409,484 '5s':478 '6':453 '7':490 '8080':558 '90':269 'abort':479 'action':69 'add':146,628 'alway':639 'analyz':702 'api':554 'api-servic':553 'api.example.com':540 'apivers':169,205,242,279,324,371,417,457,494,527,563,594 'appli':61 'ask':785 'attempt':393 'backoff':647 'balanc':104,560,573 'base':131,139 'baseejectiontim':359 'bash':697 'basic':166 'best':63,622 'blue':94 'blue-green':93 'bookinfo':181,217 'boundari':793 'breaker':100,322,334,675 'canari':91,239,253,276,315,318,688 'cancel':405 'cascad':666 'caus':665 'chao':113 'check':698,714 'circuit':99,321,333,674 'circuit-break':332 'clarif':787 'clarifi':55 'clear':636,760 'client':155 'cluster':143 'command':696 'complex':629 'comprehens':5,19 'concept':116 'config':709,720,728 'configur':84,105,141,640,700 'conn':586 'connect':399 'connect-failur':398 'connectionpool':297,341 'consecutive5xxerrors':355 'consist':589 'consistenthash':612 'constraint':57 'core':115 'credentialnam':520 'criteria':796 'debug':695,723,732 'defin':133 'delay':473 'deploy':15,29,96,240 'deploy/my-app':711,722,730 'describ':764 'destin':128,194,200,215,261,270,387,435,486,551,746 'destinationrul':132,158,210,284,329,568,599 'detail':74 'detect':672 'differ':47 'discoveri':716 'domain':48 'dr':290 'edg':144 'effect':704 'enabl':643,673 'end':189 'end-us':188 'endpoint':715,721 'engin':114 'environ':684,776 'environment-specif':775 'exact':191 'exampl':75 'example.com':526 'expert':781 'extern':147 'failur':400,667 'fault':110,454,466,472 'fault-inject':465 'first':694 'fixeddelay':477 'flow':154 'gateway':140,156,492,499,504,541,544 'goal':56 'green':95 'guid':6,20 'h2upgradepolicy':302 'hash':590 'header':187 'host':130,183,195,201,219,255,262,271,292,336,383,388,429,436,443,469,487,525,539,552,575,606 'host-bas':129 'http':185,259,301,345,385,433,471,545 'http1maxpendingrequests':304,346 'http2maxrequests':306,348 'httpcooki':619 'httpheadernam':613 'httpqueryparameternam':621 'https':514,516 'httpstatus':483 'id':617 'ignor':670 'implement':90 'increment':630 'ingress':491 'ingress/egress':142 'ingressgateway':508 'inject':111,455,467 'input':60,790 'instruct':54 'interv':357 'istio':2,8,16,22,41,507,734 'istio-traffic-manag':1 'istio.io':738,744,750 'istio.io/latest/docs/concepts/traffic-management/)':737 'istio.io/latest/docs/reference/config/networking/destination-rule/)':749 'istio.io/latest/docs/reference/config/networking/virtual-service/)':743 'istioctl':701,706,717,725 'jaeger':654 'jason':192 'json':713 'kiali':652 'kind':173,209,246,283,328,375,421,461,498,531,567,598 'label':224,229,234,311,316 'least':585 'level':731 'limit':649,752 'load':103,559,572 'load-balanc':571 'loadbalanc':580,611 'log':729 'manag':4,10,18,24,43,119,736 'match':186,546,761 'maxconnect':299,343 'maxejectionperc':361 'maxrequestsperconnect':350 'maxretri':352 'mesh':14,28,150 'mesh-wid':149 'metadata':175,211,248,285,330,377,423,463,500,533,569,600 'minhealthperc':363 'mirror':107,415,426,442,678,681 'mirror-traff':425 'mirrorpercentag':449 'miss':798 'mode':518 'monitor':650 'my-gateway':502,542 'my-servic':256,263,272,293,337,430,437,444,576,607 'my-service-canari':250 'my-service-dr':287 'my-tls-secret':521 'my-v':535 'name':176,212,222,227,232,249,286,309,314,331,378,424,464,501,513,534,570,601 'namespac':180,216 'need':45 'networking.istio.io':171,207,244,281,326,373,419,459,496,529,565,596 'networking.istio.io/v1beta1':170,206,243,280,325,372,418,458,495,528,564,595 'number':511,557 'o':712 'open':78 'outcom':67 'outlier':671 'outlierdetect':354 'output':770 'outsid':51 'over-retri':661 'passthrough':588 'percentag':474,480,693 'permiss':791 'pertrytimeout':395 'pod':162 'polici':134,161 'port':510,556 'practic':64,623 'prefix':548 'product':12,26,680 'protocol':515 'provid':68 'proxi':708,719,727 'proxy-config':707,718,726 'purpos':122 'random':587 'rate':380,384,389,470,488 'ratings-retri':379 'reason':641 'refer':742,748 'refus':402 'refused-stream':401 'relev':62 'requir':59,77,789 'resourc':120,121,733 'resources/implementation-playbook.md':79 'retri':102,367,381,392,644,663 'retriabl':407 'retriable-4xx':406 'retryon':397 'retryremoteloc':410 'review':178,184,196,202,214,220,782 'reviews-destin':213 'reviews-rout':177 'robin':583 'round':582 'rout':89,125,136,160,167,179,193,199,260,386,434,485,550,705,710 'rule':747 'safeti':792 'scope':53,123,763 'secret':524 'selector':506 'server':509 'servic':13,27,86,88,138,148,159,252,258,265,274,289,295,339,432,439,446,555,578,609,635,741 'service-bas':137 'service-to-servic':85 'serviceentri':145 'session':593,604 'set':97,637 'simpl':519,581,627 'skill':34,82,755 'skill-istio-traffic-management' 'skip':687 'small':691 'source-sickn33' 'spec':182,218,254,291,335,382,428,468,505,538,574,605 'specif':777 'stabl':267,310,313 'start':626 'step':70 'sticki':592,603 'sticky-sess':602 'stop':783 'strategi':561 'stream':403 'subset':197,203,221,266,275,308,440,447,632 'substitut':773 'success':795 'task':37,759 'tcp':298,342 'templat':163,164,237,319,365,412,452,489 'test':109,683,689,779 'timeout':369,390,638,642 'tls':517,523 'tool':50 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'traffic':3,9,17,23,42,106,118,126,153,414,427,692,724,735 'trafficpolici':296,340,579,610 'treat':768 'true':411 'ts':658 'unavail':404 'unrel':39 'upgrad':303 'uri':547 'use':32,80,631,651,753 'user':190,616 'usesourceip':620 'v1':204,223,226,441 'v2':198,228,231,448 'v3':233,236 'valid':66,778 'valu':450,475,481 'verif':72 'version':225,230,235,312,317,633 'view':703 'virtual':740 'virtualservic':124,157,174,247,376,422,462,532,699 'visibl':656 'vs':537 'weight':268,277 'wide':151 'x':615 'x-user-id':614 'yaml':168,241,323,370,416,456,493,562","prices":[{"id":"dd364899-fc4f-4429-9bd3-a9901092937a","listingId":"581bd0b8-3067-43bb-a977-46ab85587735","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:39:19.713Z"}],"sources":[{"listingId":"581bd0b8-3067-43bb-a977-46ab85587735","source":"github","sourceId":"sickn33/antigravity-awesome-skills/istio-traffic-management","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/istio-traffic-management","isPrimary":false,"firstSeenAt":"2026-04-18T21:39:19.713Z","lastSeenAt":"2026-04-23T18:51:33.724Z"}],"details":{"listingId":"581bd0b8-3067-43bb-a977-46ab85587735","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"istio-traffic-management","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34768,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-23T06:41:03Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"7b2c4ed3c6f65cb57f0410e7941b83add1a9f87f","skill_md_path":"skills/istio-traffic-management/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/istio-traffic-management"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"istio-traffic-management","description":"Comprehensive guide to Istio traffic management for production service mesh deployments."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/istio-traffic-management"},"updatedAt":"2026-04-23T18:51:33.724Z"}}