How do I install Istio Traffic Management?

Install Istio Traffic Management with a single command: npx mdskills install sickn33/istio-traffic-management. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Istio Traffic Management?

Istio Traffic Management works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Istio Traffic Management

Name: Istio Traffic Management: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

Intermediate

Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/istio-traffic-management

Fork & Edit

Skill Advisor8.0

Comprehensive Istio traffic management with 7 production-ready templates and clear best practices

+Provides 7 complete YAML templates covering routing, canary, circuit breakers, and fault injection
+Includes clear trigger conditions, debugging commands, and do's/don'ts guidance
+Organizes traffic flow visually and explains resource relationships effectively
-Declares shell execution permission but no actual shell commands present in skill content
-References 'resources/implementation-playbook.md' that isn't included or accessible

SKILL.md

Edit in Browser

1---
2name: istio-traffic-management
3description: Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.
4---
5 
6# Istio Traffic Management
7 
8Comprehensive guide to Istio traffic management for production service mesh deployments.
9 
10## Do not use this skill when
11 
12- The task is unrelated to istio traffic management
13- You need a different domain or tool outside this scope
14 
15## Instructions
16 
17- Clarify goals, constraints, and required inputs.
18- Apply relevant best practices and validate outcomes.
19- Provide actionable steps and verification.
20- If detailed examples are required, open `resources/implementation-playbook.md`.
21 
22## Use this skill when
23 
24- Configuring service-to-service routing
25- Implementing canary or blue-green deployments
26- Setting up circuit breakers and retries
27- Load balancing configuration
28- Traffic mirroring for testing
29- Fault injection for chaos engineering
30 
31## Core Concepts
32 
33### 1. Traffic Management Resources
34 
35| Resource | Purpose | Scope |
36|----------|---------|-------|
37| **VirtualService** | Route traffic to destinations | Host-based |
38| **DestinationRule** | Define policies after routing | Service-based |
39| **Gateway** | Configure ingress/egress | Cluster edge |
40| **ServiceEntry** | Add external services | Mesh-wide |
41 
42### 2. Traffic Flow
43 
44```
45Client → Gateway → VirtualService → DestinationRule → Service
46                   (routing)        (policies)        (pods)
47```
48 
49## Templates
50 
51### Template 1: Basic Routing
52 
53```yaml
54apiVersion: networking.istio.io/v1beta1
55kind: VirtualService
56metadata:
57  name: reviews-route
58  namespace: bookinfo
59spec:
60  hosts:
61    - reviews
62  http:
63    - match:
64        - headers:
65            end-user:
66              exact: jason
67      route:
68        - destination:
69            host: reviews
70            subset: v2
71    - route:
72        - destination:
73            host: reviews
74            subset: v1
75---
76apiVersion: networking.istio.io/v1beta1
77kind: DestinationRule
78metadata:
79  name: reviews-destination
80  namespace: bookinfo
81spec:
82  host: reviews
83  subsets:
84    - name: v1
85      labels:
86        version: v1
87    - name: v2
88      labels:
89        version: v2
90    - name: v3
91      labels:
92        version: v3
93```
94 
95### Template 2: Canary Deployment
96 
97```yaml
98apiVersion: networking.istio.io/v1beta1
99kind: VirtualService
100metadata:
101  name: my-service-canary
102spec:
103  hosts:
104    - my-service
105  http:
106    - route:
107        - destination:
108            host: my-service
109            subset: stable
110          weight: 90
111        - destination:
112            host: my-service
113            subset: canary
114          weight: 10
115---
116apiVersion: networking.istio.io/v1beta1
117kind: DestinationRule
118metadata:
119  name: my-service-dr
120spec:
121  host: my-service
122  trafficPolicy:
123    connectionPool:
124      tcp:
125        maxConnections: 100
126      http:
127        h2UpgradePolicy: UPGRADE
128        http1MaxPendingRequests: 100
129        http2MaxRequests: 1000
130  subsets:
131    - name: stable
132      labels:
133        version: stable
134    - name: canary
135      labels:
136        version: canary
137```
138 
139### Template 3: Circuit Breaker
140 
141```yaml
142apiVersion: networking.istio.io/v1beta1
143kind: DestinationRule
144metadata:
145  name: circuit-breaker
146spec:
147  host: my-service
148  trafficPolicy:
149    connectionPool:
150      tcp:
151        maxConnections: 100
152      http:
153        http1MaxPendingRequests: 100
154        http2MaxRequests: 1000
155        maxRequestsPerConnection: 10
156        maxRetries: 3
157    outlierDetection:
158      consecutive5xxErrors: 5
159      interval: 30s
160      baseEjectionTime: 30s
161      maxEjectionPercent: 50
162      minHealthPercent: 30
163```
164 
165### Template 4: Retry and Timeout
166 
167```yaml
168apiVersion: networking.istio.io/v1beta1
169kind: VirtualService
170metadata:
171  name: ratings-retry
172spec:
173  hosts:
174    - ratings
175  http:
176    - route:
177        - destination:
178            host: ratings
179      timeout: 10s
180      retries:
181        attempts: 3
182        perTryTimeout: 3s
183        retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503
184        retryRemoteLocalities: true
185```
186 
187### Template 5: Traffic Mirroring
188 
189```yaml
190apiVersion: networking.istio.io/v1beta1
191kind: VirtualService
192metadata:
193  name: mirror-traffic
194spec:
195  hosts:
196    - my-service
197  http:
198    - route:
199        - destination:
200            host: my-service
201            subset: v1
202      mirror:
203        host: my-service
204        subset: v2
205      mirrorPercentage:
206        value: 100.0
207```
208 
209### Template 6: Fault Injection
210 
211```yaml
212apiVersion: networking.istio.io/v1beta1
213kind: VirtualService
214metadata:
215  name: fault-injection
216spec:
217  hosts:
218    - ratings
219  http:
220    - fault:
221        delay:
222          percentage:
223            value: 10
224          fixedDelay: 5s
225        abort:
226          percentage:
227            value: 5
228          httpStatus: 503
229      route:
230        - destination:
231            host: ratings
232```
233 
234### Template 7: Ingress Gateway
235 
236```yaml
237apiVersion: networking.istio.io/v1beta1
238kind: Gateway
239metadata:
240  name: my-gateway
241spec:
242  selector:
243    istio: ingressgateway
244  servers:
245    - port:
246        number: 443
247        name: https
248        protocol: HTTPS
249      tls:
250        mode: SIMPLE
251        credentialName: my-tls-secret
252      hosts:
253        - "*.example.com"
254---
255apiVersion: networking.istio.io/v1beta1
256kind: VirtualService
257metadata:
258  name: my-vs
259spec:
260  hosts:
261    - "api.example.com"
262  gateways:
263    - my-gateway
264  http:
265    - match:
266        - uri:
267            prefix: /api/v1
268      route:
269        - destination:
270            host: api-service
271            port:
272              number: 8080
273```
274 
275## Load Balancing Strategies
276 
277```yaml
278apiVersion: networking.istio.io/v1beta1
279kind: DestinationRule
280metadata:
281  name: load-balancing
282spec:
283  host: my-service
284  trafficPolicy:
285    loadBalancer:
286      simple: ROUND_ROBIN  # or LEAST_CONN, RANDOM, PASSTHROUGH
287---
288# Consistent hashing for sticky sessions
289apiVersion: networking.istio.io/v1beta1
290kind: DestinationRule
291metadata:
292  name: sticky-sessions
293spec:
294  host: my-service
295  trafficPolicy:
296    loadBalancer:
297      consistentHash:
298        httpHeaderName: x-user-id
299        # or: httpCookie, useSourceIp, httpQueryParameterName
300```
301 
302## Best Practices
303 
304### Do's
305- **Start simple** - Add complexity incrementally
306- **Use subsets** - Version your services clearly
307- **Set timeouts** - Always configure reasonable timeouts
308- **Enable retries** - But with backoff and limits
309- **Monitor** - Use Kiali and Jaeger for visibility
310 
311### Don'ts
312- **Don't over-retry** - Can cause cascading failures
313- **Don't ignore outlier detection** - Enable circuit breakers
314- **Don't mirror to production** - Mirror to test environments
315- **Don't skip canary** - Test with small traffic percentage first
316 
317## Debugging Commands
318 
319```bash
320# Check VirtualService configuration
321istioctl analyze
322 
323# View effective routes
324istioctl proxy-config routes deploy/my-app -o json
325 
326# Check endpoint discovery
327istioctl proxy-config endpoints deploy/my-app
328 
329# Debug traffic
330istioctl proxy-config log deploy/my-app --level debug
331```
332 
333## Resources
334 
335- [Istio Traffic Management](https://istio.io/latest/docs/concepts/traffic-management/)
336- [Virtual Service Reference](https://istio.io/latest/docs/reference/config/networking/virtual-service/)
337- [Destination Rule Reference](https://istio.io/latest/docs/reference/config/networking/destination-rule/)
338

Full transparency — inspect the skill content before installing.