DevOps & Infra Skill
Bash Defensive Patterns
Master defensive Bash programming techniques for production-grade scripts.
$15
Linkerd Patterns
Implement Linkerd service mesh patterns for lightweight, security-focused service mesh…
Production-ready patterns for the Linkerd service mesh, the lightweight, security-first mesh for Kubernetes. It covers automatic mTLS, traffic splitting for canary releases, per-route service profiles, retry budgets, and multi-cluster setups, all with copy-ready manifests.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category DevOps & Infra
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
Zero trust with one annotation: meshed pods get automatic mTLS and 24-hour certificate rotation without touching application code. From staged install to golden-signal debugging, this is the Linkerd rollout in order.
- Installs in verified stages: linkerd check --pre against the cluster, CRDs first, then the control plane, then linkerd check again; the viz extension comes last for dashboards and live traffic tooling.
- Meshes workloads with one annotation: linkerd.io/inject enabled on the namespace or deployment, which buys automatic mTLS between all meshed pods with zero application code changes and 24-hour certificate rotation handled by the identity controller.
- Writes ServiceProfiles per service to unlock route-level truth: per-route metrics, timeouts and retries, with isRetryable true only on idempotent GET routes and a retryBudget (20 percent ratio) so retries can never snowball into a retry storm.
- Splits traffic for canaries with TrafficSplit: stable at 900m, canary at 100m, shifting weight as the golden metrics hold.
- Locks down access with Server and ServerAuthorization: which ServiceAccounts may talk to which ports over mesh TLS, with a separate explicit CIDR-scoped allowance for unauthenticated ingress traffic.
- Watches and debugs with the golden signals: linkerd viz top and routes for live success rate and p50/p95/p99 latency, viz edges to confirm mTLS between deployments, and viz tap to watch individual live requests when something looks off.
One power source. 6 lines out.
linkerd-patterns · core
core active · 6 lines
- ✓ setting up a lightweight
Setting up a lightweight service mesh with minimal overhead
- ✓ enabling zero-config aut…
Enabling zero-config automatic mTLS between services
- ✓ running canary deployments
Running canary deployments with traffic splits
- ✓ configuring per-route me…
Configuring per-route metrics, retries, and timeouts
- ✓ enforcing zero-trust acc…
Enforcing zero-trust access with authorization policies
- ✓ linking and observing mu…
Linking and observing multi-cluster service meshes
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Encrypt all service-to-service traffic without touching app code
license: perpetual -
Prevent cascading failures with retry budgets that stop retry storms
license: perpetual -
Roll out new versions safely with weighted canary traffic
license: perpetual -
See live golden signals: success rate, latency, and throughput
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
Mesh installation and validation command sequence
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
Platform and DevOps engineers running Kubernetes who want lightweight, secure service-mesh networking.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
We are already on Istio. Do these patterns transfer?
The concepts (mTLS, canary splits, retry policies) transfer, but the manifests do not: ServiceProfile, TrafficSplit, Server, and ServerAuthorization are Linkerd resources. This is for teams running or adopting Linkerd specifically, often because they want a lighter mesh than Istio.
-
How does it encrypt service-to-service traffic without me touching application code?
Linkerd's auto-injection adds a sidecar proxy at the namespace or deployment level, and the proxies negotiate mutual TLS between themselves. The skill gives you the injection templates plus the validation command sequence to confirm encryption and workload identity are actually live.
-
Does it cover VMs or services outside Kubernetes?
No. Everything here assumes Kubernetes: installation, auto-injection, traffic policies, and the multi-cluster linking patterns all operate on cluster resources. Off-cluster workloads are out of scope.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.