How do I install Linkerd Patterns?

Install Linkerd Patterns with a single command: npx mdskills install sickn33/linkerd-patterns. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Linkerd Patterns?

Linkerd Patterns works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Linkerd Patterns

Name: Linkerd Patterns: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

DevOps & CI/CDIntermediate

Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/linkerd-patterns

Fork & Edit

Skill Advisor8.0

Comprehensive templates and patterns with clear architecture diagrams and debugging tools

+Provides complete YAML templates for all major Linkerd patterns and use cases
+Includes practical debugging commands and monitoring workflows
+Offers clear architecture diagrams and resource comparison tables
-Lacks specific trigger conditions or decision logic for when to use each pattern
-References external playbook file that isn't included in the skill content

SKILL.md

Edit in Browser

1---
2name: linkerd-patterns
3description: Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead.
4---
5 
6# Linkerd Patterns
7 
8Production patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes.
9 
10## Do not use this skill when
11 
12- The task is unrelated to linkerd patterns
13- You need a different domain or tool outside this scope
14 
15## Instructions
16 
17- Clarify goals, constraints, and required inputs.
18- Apply relevant best practices and validate outcomes.
19- Provide actionable steps and verification.
20- If detailed examples are required, open `resources/implementation-playbook.md`.
21 
22## Use this skill when
23 
24- Setting up a lightweight service mesh
25- Implementing automatic mTLS
26- Configuring traffic splits for canary deployments
27- Setting up service profiles for per-route metrics
28- Implementing retries and timeouts
29- Multi-cluster service mesh
30 
31## Core Concepts
32 
33### 1. Linkerd Architecture
34 
35```
36┌─────────────────────────────────────────────┐
37│                Control Plane                 │
38│  ┌─────────┐ ┌──────────┐ ┌──────────────┐ │
39│  │ destiny │ │ identity │ │ proxy-inject │ │
40│  └─────────┘ └──────────┘ └──────────────┘ │
41└─────────────────────────────────────────────┘
42                      │
43┌─────────────────────────────────────────────┐
44│                 Data Plane                   │
45│  ┌─────┐    ┌─────┐    ┌─────┐             │
46│  │proxy│────│proxy│────│proxy│             │
47│  └─────┘    └─────┘    └─────┘             │
48│     │           │           │               │
49│  ┌──┴──┐    ┌──┴──┐    ┌──┴──┐            │
50│  │ app │    │ app │    │ app │            │
51│  └─────┘    └─────┘    └─────┘            │
52└─────────────────────────────────────────────┘
53```
54 
55### 2. Key Resources
56 
57| Resource | Purpose |
58|----------|---------|
59| **ServiceProfile** | Per-route metrics, retries, timeouts |
60| **TrafficSplit** | Canary deployments, A/B testing |
61| **Server** | Define server-side policies |
62| **ServerAuthorization** | Access control policies |
63 
64## Templates
65 
66### Template 1: Mesh Installation
67 
68```bash
69# Install CLI
70curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
71 
72# Validate cluster
73linkerd check --pre
74 
75# Install CRDs
76linkerd install --crds | kubectl apply -f -
77 
78# Install control plane
79linkerd install | kubectl apply -f -
80 
81# Verify installation
82linkerd check
83 
84# Install viz extension (optional)
85linkerd viz install | kubectl apply -f -
86```
87 
88### Template 2: Inject Namespace
89 
90```yaml
91# Automatic injection for namespace
92apiVersion: v1
93kind: Namespace
94metadata:
95  name: my-app
96  annotations:
97    linkerd.io/inject: enabled
98---
99# Or inject specific deployment
100apiVersion: apps/v1
101kind: Deployment
102metadata:
103  name: my-app
104  annotations:
105    linkerd.io/inject: enabled
106spec:
107  template:
108    metadata:
109      annotations:
110        linkerd.io/inject: enabled
111```
112 
113### Template 3: Service Profile with Retries
114 
115```yaml
116apiVersion: linkerd.io/v1alpha2
117kind: ServiceProfile
118metadata:
119  name: my-service.my-namespace.svc.cluster.local
120  namespace: my-namespace
121spec:
122  routes:
123    - name: GET /api/users
124      condition:
125        method: GET
126        pathRegex: /api/users
127      responseClasses:
128        - condition:
129            status:
130              min: 500
131              max: 599
132          isFailure: true
133      isRetryable: true
134    - name: POST /api/users
135      condition:
136        method: POST
137        pathRegex: /api/users
138      # POST not retryable by default
139      isRetryable: false
140    - name: GET /api/users/{id}
141      condition:
142        method: GET
143        pathRegex: /api/users/[^/]+
144      timeout: 5s
145      isRetryable: true
146  retryBudget:
147    retryRatio: 0.2
148    minRetriesPerSecond: 10
149    ttl: 10s
150```
151 
152### Template 4: Traffic Split (Canary)
153 
154```yaml
155apiVersion: split.smi-spec.io/v1alpha1
156kind: TrafficSplit
157metadata:
158  name: my-service-canary
159  namespace: my-namespace
160spec:
161  service: my-service
162  backends:
163    - service: my-service-stable
164      weight: 900m  # 90%
165    - service: my-service-canary
166      weight: 100m  # 10%
167```
168 
169### Template 5: Server Authorization Policy
170 
171```yaml
172# Define the server
173apiVersion: policy.linkerd.io/v1beta1
174kind: Server
175metadata:
176  name: my-service-http
177  namespace: my-namespace
178spec:
179  podSelector:
180    matchLabels:
181      app: my-service
182  port: http
183  proxyProtocol: HTTP/1
184---
185# Allow traffic from specific clients
186apiVersion: policy.linkerd.io/v1beta1
187kind: ServerAuthorization
188metadata:
189  name: allow-frontend
190  namespace: my-namespace
191spec:
192  server:
193    name: my-service-http
194  client:
195    meshTLS:
196      serviceAccounts:
197        - name: frontend
198          namespace: my-namespace
199---
200# Allow unauthenticated traffic (e.g., from ingress)
201apiVersion: policy.linkerd.io/v1beta1
202kind: ServerAuthorization
203metadata:
204  name: allow-ingress
205  namespace: my-namespace
206spec:
207  server:
208    name: my-service-http
209  client:
210    unauthenticated: true
211    networks:
212      - cidr: 10.0.0.0/8
213```
214 
215### Template 6: HTTPRoute for Advanced Routing
216 
217```yaml
218apiVersion: policy.linkerd.io/v1beta2
219kind: HTTPRoute
220metadata:
221  name: my-route
222  namespace: my-namespace
223spec:
224  parentRefs:
225    - name: my-service
226      kind: Service
227      group: core
228      port: 8080
229  rules:
230    - matches:
231        - path:
232            type: PathPrefix
233            value: /api/v2
234        - headers:
235            - name: x-api-version
236              value: v2
237      backendRefs:
238        - name: my-service-v2
239          port: 8080
240    - matches:
241        - path:
242            type: PathPrefix
243            value: /api
244      backendRefs:
245        - name: my-service-v1
246          port: 8080
247```
248 
249### Template 7: Multi-cluster Setup
250 
251```bash
252# On each cluster, install with cluster credentials
253linkerd multicluster install | kubectl apply -f -
254 
255# Link clusters
256linkerd multicluster link --cluster-name west \
257  --api-server-address https://west.example.com:6443 \
258  | kubectl apply -f -
259 
260# Export a service to other clusters
261kubectl label svc/my-service mirror.linkerd.io/exported=true
262 
263# Verify cross-cluster connectivity
264linkerd multicluster check
265linkerd multicluster gateways
266```
267 
268## Monitoring Commands
269 
270```bash
271# Live traffic view
272linkerd viz top deploy/my-app
273 
274# Per-route metrics
275linkerd viz routes deploy/my-app
276 
277# Check proxy status
278linkerd viz stat deploy -n my-namespace
279 
280# View service dependencies
281linkerd viz edges deploy -n my-namespace
282 
283# Dashboard
284linkerd viz dashboard
285```
286 
287## Debugging
288 
289```bash
290# Check injection status
291linkerd check --proxy -n my-namespace
292 
293# View proxy logs
294kubectl logs deploy/my-app -c linkerd-proxy
295 
296# Debug identity/TLS
297linkerd identity -n my-namespace
298 
299# Tap traffic (live)
300linkerd viz tap deploy/my-app --to deploy/my-backend
301```
302 
303## Best Practices
304 
305### Do's
306- **Enable mTLS everywhere** - It's automatic with Linkerd
307- **Use ServiceProfiles** - Get per-route metrics and retries
308- **Set retry budgets** - Prevent retry storms
309- **Monitor golden metrics** - Success rate, latency, throughput
310 
311### Don'ts
312- **Don't skip check** - Always run `linkerd check` after changes
313- **Don't over-configure** - Linkerd defaults are sensible
314- **Don't ignore ServiceProfiles** - They unlock advanced features
315- **Don't forget timeouts** - Set appropriate values per route
316 
317## Resources
318 
319- [Linkerd Documentation](https://linkerd.io/2.14/overview/)
320- [Service Profiles](https://linkerd.io/2.14/features/service-profiles/)
321- [Authorization Policy](https://linkerd.io/2.14/features/server-policy/)
322

Full transparency — inspect the skill content before installing.