implementing-service-meshlisted

# Service Mesh Implementation ## Purpose Configure and deploy service mesh infrastructure for Kubernetes environments. Enable secure service-to-service communication with mutual TLS, implement traffic management policies, configure authorization controls, and set up progressive delivery strategies. Abstracts network complexity while providing observability, security, and resilience for microservices. ## When to Use Invoke this skill when: - "Set up service mesh with mTLS" - "Configure Istio traffic routing" - "Implement canary deployments" - "Secure microservices communication" - "Add authorization policies to services" - "Traffic splitting between versions" - "Multi-cluster service mesh setup" - "Configure ambient mode vs sidecar" - "Set up circuit breaker configuration" - "Enable distributed tracing" ## Service Mesh Selection Choose based on requirements and constraints. **Istio Ambient (Recommended for most):** - 8% latency overhead with mTLS (vs 166% sidecar mode) - Enterprise features, multi-cloud, advanced L7 routing - Sidecar-less L4 (ztunnel) + optional L7 (waypoint) **Linkerd (Simplicity priority):** - 33% latency overhead (lowest sidecar) - Rust-based micro-proxy, automatic mTLS - Best for small-medium teams, easy adoption **Cilium (eBPF-native):** - 99% latency overhead, kernel-level enforcement - Advanced networking, sidecar-less by design - Best for eBPF infrastructure, future-proof For detailed comparison matrix and architecture trade-offs, see `refer