[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-de0eeb9b-91ec-4a38-a72d-d88ab0d0d772":3,"$fHSJrKm_6GO3l5Q_dERGqcJByHRWR0WFu-T9dBuxJmo0":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"de0eeb9b-91ec-4a38-a72d-d88ab0d0d772","istio-traffic-management","生产服务网格部署的Istio流量管理综合指南。","cat_life_career","mod_other","sickn33,other","---\nname: istio-traffic-management\ndescription: \"Comprehensive guide to Istio traffic management for production service mesh deployments.\"\nrisk: unknown\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Istio Traffic Management\n\nComprehensive guide to Istio traffic management for production service mesh deployments.\n\n## Do not use this skill when\n\n- The task is unrelated to istio traffic management\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources\u002Fimplementation-playbook.md`.\n\n## Use this skill when\n\n- Configuring service-to-service routing\n- Implementing canary or blue-green deployments\n- Setting up circuit breakers and retries\n- Load balancing configuration\n- Traffic mirroring for testing\n- Fault injection for chaos engineering\n\n## Core Concepts\n\n### 1. Traffic Management Resources\n\n| Resource | Purpose | Scope |\n|----------|---------|-------|\n| **VirtualService** | Route traffic to destinations | Host-based |\n| **DestinationRule** | Define policies after routing | Service-based |\n| **Gateway** | Configure ingress\u002Fegress | Cluster edge |\n| **ServiceEntry** | Add external services | Mesh-wide |\n\n### 2. Traffic Flow\n\n```\nClient → Gateway → VirtualService → DestinationRule → Service\n                   (routing)        (policies)        (pods)\n```\n\n## Templates\n\n### Template 1: Basic Routing\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: reviews-route\n  namespace: bookinfo\nspec:\n  hosts:\n    - reviews\n  http:\n    - match:\n        - headers:\n            end-user:\n              exact: jason\n      route:\n        - destination:\n            host: reviews\n            subset: v2\n    - route:\n        - destination:\n            host: reviews\n            subset: v1\n---\napiVersion: networking.istio.io\u002Fv1beta1\nkind: DestinationRule\nmetadata:\n  name: reviews-destination\n  namespace: bookinfo\nspec:\n  host: reviews\n  subsets:\n    - name: v1\n      labels:\n        version: v1\n    - name: v2\n      labels:\n        version: v2\n    - name: v3\n      labels:\n        version: v3\n```\n\n### Template 2: Canary Deployment\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: my-service-canary\nspec:\n  hosts:\n    - my-service\n  http:\n    - route:\n        - destination:\n            host: my-service\n            subset: stable\n          weight: 90\n        - destination:\n            host: my-service\n            subset: canary\n          weight: 10\n---\napiVersion: networking.istio.io\u002Fv1beta1\nkind: DestinationRule\nmetadata:\n  name: my-service-dr\nspec:\n  host: my-service\n  trafficPolicy:\n    connectionPool:\n      tcp:\n        maxConnections: 100\n      http:\n        h2UpgradePolicy: UPGRADE\n        http1MaxPendingRequests: 100\n        http2MaxRequests: 1000\n  subsets:\n    - name: stable\n      labels:\n        version: stable\n    - name: canary\n      labels:\n        version: canary\n```\n\n### Template 3: Circuit Breaker\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: DestinationRule\nmetadata:\n  name: circuit-breaker\nspec:\n  host: my-service\n  trafficPolicy:\n    connectionPool:\n      tcp:\n        maxConnections: 100\n      http:\n        http1MaxPendingRequests: 100\n        http2MaxRequests: 1000\n        maxRequestsPerConnection: 10\n        maxRetries: 3\n    outlierDetection:\n      consecutive5xxErrors: 5\n      interval: 30s\n      baseEjectionTime: 30s\n      maxEjectionPercent: 50\n      minHealthPercent: 30\n```\n\n### Template 4: Retry and Timeout\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: ratings-retry\nspec:\n  hosts:\n    - ratings\n  http:\n    - route:\n        - destination:\n            host: ratings\n      timeout: 10s\n      retries:\n        attempts: 3\n        perTryTimeout: 3s\n        retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-4xx,503\n        retryRemoteLocalities: true\n```\n\n### Template 5: Traffic Mirroring\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: mirror-traffic\nspec:\n  hosts:\n    - my-service\n  http:\n    - route:\n        - destination:\n            host: my-service\n            subset: v1\n      mirror:\n        host: my-service\n        subset: v2\n      mirrorPercentage:\n        value: 100.0\n```\n\n### Template 6: Fault Injection\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: fault-injection\nspec:\n  hosts:\n    - ratings\n  http:\n    - fault:\n        delay:\n          percentage:\n            value: 10\n          fixedDelay: 5s\n        abort:\n          percentage:\n            value: 5\n          httpStatus: 503\n      route:\n        - destination:\n            host: ratings\n```\n\n### Template 7: Ingress Gateway\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: Gateway\nmetadata:\n  name: my-gateway\nspec:\n  selector:\n    istio: ingressgateway\n  servers:\n    - port:\n        number: 443\n        name: https\n        protocol: HTTPS\n      tls:\n        mode: SIMPLE\n        credentialName: my-tls-secret\n      hosts:\n        - \"*.example.com\"\n---\napiVersion: networking.istio.io\u002Fv1beta1\nkind: VirtualService\nmetadata:\n  name: my-vs\nspec:\n  hosts:\n    - \"api.example.com\"\n  gateways:\n    - my-gateway\n  http:\n    - match:\n        - uri:\n            prefix: \u002Fapi\u002Fv1\n      route:\n        - destination:\n            host: api-service\n            port:\n              number: 8080\n```\n\n## Load Balancing Strategies\n\n```yaml\napiVersion: networking.istio.io\u002Fv1beta1\nkind: DestinationRule\nmetadata:\n  name: load-balancing\nspec:\n  host: my-service\n  trafficPolicy:\n    loadBalancer:\n      simple: ROUND_ROBIN  # or LEAST_CONN, RANDOM, PASSTHROUGH\n---\n# Consistent hashing for sticky sessions\napiVersion: networking.istio.io\u002Fv1beta1\nkind: DestinationRule\nmetadata:\n  name: sticky-sessions\nspec:\n  host: my-service\n  trafficPolicy:\n    loadBalancer:\n      consistentHash:\n        httpHeaderName: x-user-id\n        # or: httpCookie, useSourceIp, httpQueryParameterName\n```\n\n## Best Practices\n\n### Do's\n- **Start simple** - Add complexity incrementally\n- **Use subsets** - Version your services clearly\n- **Set timeouts** - Always configure reasonable timeouts\n- **Enable retries** - But with backoff and limits\n- **Monitor** - Use Kiali and Jaeger for visibility\n\n### Don'ts\n- **Don't over-retry** - Can cause cascading failures\n- **Don't ignore outlier detection** - Enable circuit breakers\n- **Don't mirror to production** - Mirror to test environments\n- **Don't skip canary** - Test with small traffic percentage first\n\n## Debugging Commands\n\n```bash\n# Check VirtualService configuration\nistioctl analyze\n\n# View effective routes\nistioctl proxy-config routes deploy\u002Fmy-app -o json\n\n# Check endpoint discovery\nistioctl proxy-config endpoints deploy\u002Fmy-app\n\n# Debug traffic\nistioctl proxy-config log deploy\u002Fmy-app --level debug\n```\n\n## Resources\n\n- [Istio Traffic Management](https:\u002F\u002Fistio.io\u002Flatest\u002Fdocs\u002Fconcepts\u002Ftraffic-management\u002F)\n- [Virtual Service Reference](https:\u002F\u002Fistio.io\u002Flatest\u002Fdocs\u002Freference\u002Fconfig\u002Fnetworking\u002Fvirtual-service\u002F)\n- [Destination Rule Reference](https:\u002F\u002Fistio.io\u002Flatest\u002Fdocs\u002Freference\u002Fconfig\u002Fnetworking\u002Fdestination-rule\u002F)\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,82,2031,"2026-05-16 13:24:12",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"cf35adb4-78e1-447b-872e-c5a2ed4fb333","1.0.0","istio-traffic-management.zip",2560,"uploads\u002Fskills\u002Fde0eeb9b-91ec-4a38-a72d-d88ab0d0d772\u002Fistio-traffic-management.zip","3e4cd1940bce53c91716d88c6b746abf7ef4f5221563f813406f57d1c2b4f260","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":7657}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]