@sylix/coworker 2.0.11 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +22 -4
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +4 -4
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +7 -0
- package/dist/utils/inputbar.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,311 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: linkerd-patterns
|
|
3
|
+
description: Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Linkerd Patterns
|
|
7
|
+
|
|
8
|
+
Production patterns for Linkerd service mesh - the lightweight, security-first service mesh for Kubernetes.
|
|
9
|
+
|
|
10
|
+
## When to Use This Skill
|
|
11
|
+
|
|
12
|
+
- Setting up a lightweight service mesh
|
|
13
|
+
- Implementing automatic mTLS
|
|
14
|
+
- Configuring traffic splits for canary deployments
|
|
15
|
+
- Setting up service profiles for per-route metrics
|
|
16
|
+
- Implementing retries and timeouts
|
|
17
|
+
- Multi-cluster service mesh
|
|
18
|
+
|
|
19
|
+
## Core Concepts
|
|
20
|
+
|
|
21
|
+
### 1. Linkerd Architecture
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
┌─────────────────────────────────────────────┐
|
|
25
|
+
│ Control Plane │
|
|
26
|
+
│ ┌─────────┐ ┌──────────┐ ┌──────────────┐ │
|
|
27
|
+
│ │ destiny │ │ identity │ │ proxy-inject │ │
|
|
28
|
+
│ └─────────┘ └──────────┘ └──────────────┘ │
|
|
29
|
+
└─────────────────────────────────────────────┘
|
|
30
|
+
│
|
|
31
|
+
┌─────────────────────────────────────────────┐
|
|
32
|
+
│ Data Plane │
|
|
33
|
+
│ ┌─────┐ ┌─────┐ ┌─────┐ │
|
|
34
|
+
│ │proxy│────│proxy│────│proxy│ │
|
|
35
|
+
│ └─────┘ └─────┘ └─────┘ │
|
|
36
|
+
│ │ │ │ │
|
|
37
|
+
│ ┌──┴──┐ ┌──┴──┐ ┌──┴──┐ │
|
|
38
|
+
│ │ app │ │ app │ │ app │ │
|
|
39
|
+
│ └─────┘ └─────┘ └─────┘ │
|
|
40
|
+
└─────────────────────────────────────────────┘
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
### 2. Key Resources
|
|
44
|
+
|
|
45
|
+
| Resource | Purpose |
|
|
46
|
+
| ----------------------- | ------------------------------------ |
|
|
47
|
+
| **ServiceProfile** | Per-route metrics, retries, timeouts |
|
|
48
|
+
| **TrafficSplit** | Canary deployments, A/B testing |
|
|
49
|
+
| **Server** | Define server-side policies |
|
|
50
|
+
| **ServerAuthorization** | Access control policies |
|
|
51
|
+
|
|
52
|
+
## Templates
|
|
53
|
+
|
|
54
|
+
### Template 1: Mesh Installation
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
# Install CLI
|
|
58
|
+
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
|
|
59
|
+
|
|
60
|
+
# Validate cluster
|
|
61
|
+
linkerd check --pre
|
|
62
|
+
|
|
63
|
+
# Install CRDs
|
|
64
|
+
linkerd install --crds | kubectl apply -f -
|
|
65
|
+
|
|
66
|
+
# Install control plane
|
|
67
|
+
linkerd install | kubectl apply -f -
|
|
68
|
+
|
|
69
|
+
# Verify installation
|
|
70
|
+
linkerd check
|
|
71
|
+
|
|
72
|
+
# Install viz extension (optional)
|
|
73
|
+
linkerd viz install | kubectl apply -f -
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### Template 2: Inject Namespace
|
|
77
|
+
|
|
78
|
+
```yaml
|
|
79
|
+
# Automatic injection for namespace
|
|
80
|
+
apiVersion: v1
|
|
81
|
+
kind: Namespace
|
|
82
|
+
metadata:
|
|
83
|
+
name: my-app
|
|
84
|
+
annotations:
|
|
85
|
+
linkerd.io/inject: enabled
|
|
86
|
+
---
|
|
87
|
+
# Or inject specific deployment
|
|
88
|
+
apiVersion: apps/v1
|
|
89
|
+
kind: Deployment
|
|
90
|
+
metadata:
|
|
91
|
+
name: my-app
|
|
92
|
+
annotations:
|
|
93
|
+
linkerd.io/inject: enabled
|
|
94
|
+
spec:
|
|
95
|
+
template:
|
|
96
|
+
metadata:
|
|
97
|
+
annotations:
|
|
98
|
+
linkerd.io/inject: enabled
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Template 3: Service Profile with Retries
|
|
102
|
+
|
|
103
|
+
```yaml
|
|
104
|
+
apiVersion: linkerd.io/v1alpha2
|
|
105
|
+
kind: ServiceProfile
|
|
106
|
+
metadata:
|
|
107
|
+
name: my-service.my-namespace.svc.cluster.local
|
|
108
|
+
namespace: my-namespace
|
|
109
|
+
spec:
|
|
110
|
+
routes:
|
|
111
|
+
- name: GET /api/users
|
|
112
|
+
condition:
|
|
113
|
+
method: GET
|
|
114
|
+
pathRegex: /api/users
|
|
115
|
+
responseClasses:
|
|
116
|
+
- condition:
|
|
117
|
+
status:
|
|
118
|
+
min: 500
|
|
119
|
+
max: 599
|
|
120
|
+
isFailure: true
|
|
121
|
+
isRetryable: true
|
|
122
|
+
- name: POST /api/users
|
|
123
|
+
condition:
|
|
124
|
+
method: POST
|
|
125
|
+
pathRegex: /api/users
|
|
126
|
+
# POST not retryable by default
|
|
127
|
+
isRetryable: false
|
|
128
|
+
- name: GET /api/users/{id}
|
|
129
|
+
condition:
|
|
130
|
+
method: GET
|
|
131
|
+
pathRegex: /api/users/[^/]+
|
|
132
|
+
timeout: 5s
|
|
133
|
+
isRetryable: true
|
|
134
|
+
retryBudget:
|
|
135
|
+
retryRatio: 0.2
|
|
136
|
+
minRetriesPerSecond: 10
|
|
137
|
+
ttl: 10s
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
### Template 4: Traffic Split (Canary)
|
|
141
|
+
|
|
142
|
+
```yaml
|
|
143
|
+
apiVersion: split.smi-spec.io/v1alpha1
|
|
144
|
+
kind: TrafficSplit
|
|
145
|
+
metadata:
|
|
146
|
+
name: my-service-canary
|
|
147
|
+
namespace: my-namespace
|
|
148
|
+
spec:
|
|
149
|
+
service: my-service
|
|
150
|
+
backends:
|
|
151
|
+
- service: my-service-stable
|
|
152
|
+
weight: 900m # 90%
|
|
153
|
+
- service: my-service-canary
|
|
154
|
+
weight: 100m # 10%
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
### Template 5: Server Authorization Policy
|
|
158
|
+
|
|
159
|
+
```yaml
|
|
160
|
+
# Define the server
|
|
161
|
+
apiVersion: policy.linkerd.io/v1beta1
|
|
162
|
+
kind: Server
|
|
163
|
+
metadata:
|
|
164
|
+
name: my-service-http
|
|
165
|
+
namespace: my-namespace
|
|
166
|
+
spec:
|
|
167
|
+
podSelector:
|
|
168
|
+
matchLabels:
|
|
169
|
+
app: my-service
|
|
170
|
+
port: http
|
|
171
|
+
proxyProtocol: HTTP/1
|
|
172
|
+
---
|
|
173
|
+
# Allow traffic from specific clients
|
|
174
|
+
apiVersion: policy.linkerd.io/v1beta1
|
|
175
|
+
kind: ServerAuthorization
|
|
176
|
+
metadata:
|
|
177
|
+
name: allow-frontend
|
|
178
|
+
namespace: my-namespace
|
|
179
|
+
spec:
|
|
180
|
+
server:
|
|
181
|
+
name: my-service-http
|
|
182
|
+
client:
|
|
183
|
+
meshTLS:
|
|
184
|
+
serviceAccounts:
|
|
185
|
+
- name: frontend
|
|
186
|
+
namespace: my-namespace
|
|
187
|
+
---
|
|
188
|
+
# Allow unauthenticated traffic (e.g., from ingress)
|
|
189
|
+
apiVersion: policy.linkerd.io/v1beta1
|
|
190
|
+
kind: ServerAuthorization
|
|
191
|
+
metadata:
|
|
192
|
+
name: allow-ingress
|
|
193
|
+
namespace: my-namespace
|
|
194
|
+
spec:
|
|
195
|
+
server:
|
|
196
|
+
name: my-service-http
|
|
197
|
+
client:
|
|
198
|
+
unauthenticated: true
|
|
199
|
+
networks:
|
|
200
|
+
- cidr: 10.0.0.0/8
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
### Template 6: HTTPRoute for Advanced Routing
|
|
204
|
+
|
|
205
|
+
```yaml
|
|
206
|
+
apiVersion: policy.linkerd.io/v1beta2
|
|
207
|
+
kind: HTTPRoute
|
|
208
|
+
metadata:
|
|
209
|
+
name: my-route
|
|
210
|
+
namespace: my-namespace
|
|
211
|
+
spec:
|
|
212
|
+
parentRefs:
|
|
213
|
+
- name: my-service
|
|
214
|
+
kind: Service
|
|
215
|
+
group: core
|
|
216
|
+
port: 8080
|
|
217
|
+
rules:
|
|
218
|
+
- matches:
|
|
219
|
+
- path:
|
|
220
|
+
type: PathPrefix
|
|
221
|
+
value: /api/v2
|
|
222
|
+
- headers:
|
|
223
|
+
- name: x-api-version
|
|
224
|
+
value: v2
|
|
225
|
+
backendRefs:
|
|
226
|
+
- name: my-service-v2
|
|
227
|
+
port: 8080
|
|
228
|
+
- matches:
|
|
229
|
+
- path:
|
|
230
|
+
type: PathPrefix
|
|
231
|
+
value: /api
|
|
232
|
+
backendRefs:
|
|
233
|
+
- name: my-service-v1
|
|
234
|
+
port: 8080
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
### Template 7: Multi-cluster Setup
|
|
238
|
+
|
|
239
|
+
```bash
|
|
240
|
+
# On each cluster, install with cluster credentials
|
|
241
|
+
linkerd multicluster install | kubectl apply -f -
|
|
242
|
+
|
|
243
|
+
# Link clusters
|
|
244
|
+
linkerd multicluster link --cluster-name west \
|
|
245
|
+
--api-server-address https://west.example.com:6443 \
|
|
246
|
+
| kubectl apply -f -
|
|
247
|
+
|
|
248
|
+
# Export a service to other clusters
|
|
249
|
+
kubectl label svc/my-service mirror.linkerd.io/exported=true
|
|
250
|
+
|
|
251
|
+
# Verify cross-cluster connectivity
|
|
252
|
+
linkerd multicluster check
|
|
253
|
+
linkerd multicluster gateways
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
## Monitoring Commands
|
|
257
|
+
|
|
258
|
+
```bash
|
|
259
|
+
# Live traffic view
|
|
260
|
+
linkerd viz top deploy/my-app
|
|
261
|
+
|
|
262
|
+
# Per-route metrics
|
|
263
|
+
linkerd viz routes deploy/my-app
|
|
264
|
+
|
|
265
|
+
# Check proxy status
|
|
266
|
+
linkerd viz stat deploy -n my-namespace
|
|
267
|
+
|
|
268
|
+
# View service dependencies
|
|
269
|
+
linkerd viz edges deploy -n my-namespace
|
|
270
|
+
|
|
271
|
+
# Dashboard
|
|
272
|
+
linkerd viz dashboard
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
## Debugging
|
|
276
|
+
|
|
277
|
+
```bash
|
|
278
|
+
# Check injection status
|
|
279
|
+
linkerd check --proxy -n my-namespace
|
|
280
|
+
|
|
281
|
+
# View proxy logs
|
|
282
|
+
kubectl logs deploy/my-app -c linkerd-proxy
|
|
283
|
+
|
|
284
|
+
# Debug identity/TLS
|
|
285
|
+
linkerd identity -n my-namespace
|
|
286
|
+
|
|
287
|
+
# Tap traffic (live)
|
|
288
|
+
linkerd viz tap deploy/my-app --to deploy/my-backend
|
|
289
|
+
```
|
|
290
|
+
|
|
291
|
+
## Best Practices
|
|
292
|
+
|
|
293
|
+
### Do's
|
|
294
|
+
|
|
295
|
+
- **Enable mTLS everywhere** - It's automatic with Linkerd
|
|
296
|
+
- **Use ServiceProfiles** - Get per-route metrics and retries
|
|
297
|
+
- **Set retry budgets** - Prevent retry storms
|
|
298
|
+
- **Monitor golden metrics** - Success rate, latency, throughput
|
|
299
|
+
|
|
300
|
+
### Don'ts
|
|
301
|
+
|
|
302
|
+
- **Don't skip check** - Always run `linkerd check` after changes
|
|
303
|
+
- **Don't over-configure** - Linkerd defaults are sensible
|
|
304
|
+
- **Don't ignore ServiceProfiles** - They unlock advanced features
|
|
305
|
+
- **Don't forget timeouts** - Set appropriate values per route
|
|
306
|
+
|
|
307
|
+
## Resources
|
|
308
|
+
|
|
309
|
+
- [Linkerd Documentation](https://linkerd.io/2.14/overview/)
|
|
310
|
+
- [Service Profiles](https://linkerd.io/2.14/features/service-profiles/)
|
|
311
|
+
- [Authorization Policy](https://linkerd.io/2.14/features/server-policy/)
|
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: multi-cloud-architecture
|
|
3
|
+
description: Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Multi-Cloud Architecture
|
|
7
|
+
|
|
8
|
+
Decision framework and patterns for architecting applications across AWS, Azure, and GCP.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Design cloud-agnostic architectures and make informed decisions about service selection across cloud providers.
|
|
13
|
+
|
|
14
|
+
## When to Use
|
|
15
|
+
|
|
16
|
+
- Design multi-cloud strategies
|
|
17
|
+
- Migrate between cloud providers
|
|
18
|
+
- Select cloud services for specific workloads
|
|
19
|
+
- Implement cloud-agnostic architectures
|
|
20
|
+
- Optimize costs across providers
|
|
21
|
+
|
|
22
|
+
## Cloud Service Comparison
|
|
23
|
+
|
|
24
|
+
### Compute Services
|
|
25
|
+
|
|
26
|
+
| AWS | Azure | GCP | Use Case |
|
|
27
|
+
| ------- | ------------------- | --------------- | ------------------ |
|
|
28
|
+
| EC2 | Virtual Machines | Compute Engine | IaaS VMs |
|
|
29
|
+
| ECS | Container Instances | Cloud Run | Containers |
|
|
30
|
+
| EKS | AKS | GKE | Kubernetes |
|
|
31
|
+
| Lambda | Functions | Cloud Functions | Serverless |
|
|
32
|
+
| Fargate | Container Apps | Cloud Run | Managed containers |
|
|
33
|
+
|
|
34
|
+
### Storage Services
|
|
35
|
+
|
|
36
|
+
| AWS | Azure | GCP | Use Case |
|
|
37
|
+
| ------- | --------------- | --------------- | -------------- |
|
|
38
|
+
| S3 | Blob Storage | Cloud Storage | Object storage |
|
|
39
|
+
| EBS | Managed Disks | Persistent Disk | Block storage |
|
|
40
|
+
| EFS | Azure Files | Filestore | File storage |
|
|
41
|
+
| Glacier | Archive Storage | Archive Storage | Cold storage |
|
|
42
|
+
|
|
43
|
+
### Database Services
|
|
44
|
+
|
|
45
|
+
| AWS | Azure | GCP | Use Case |
|
|
46
|
+
| ----------- | ---------------- | ------------- | --------------- |
|
|
47
|
+
| RDS | SQL Database | Cloud SQL | Managed SQL |
|
|
48
|
+
| DynamoDB | Cosmos DB | Firestore | NoSQL |
|
|
49
|
+
| Aurora | PostgreSQL/MySQL | Cloud Spanner | Distributed SQL |
|
|
50
|
+
| ElastiCache | Cache for Redis | Memorystore | Caching |
|
|
51
|
+
|
|
52
|
+
**Reference:** See `references/service-comparison.md` for complete comparison
|
|
53
|
+
|
|
54
|
+
## Multi-Cloud Patterns
|
|
55
|
+
|
|
56
|
+
### Pattern 1: Single Provider with DR
|
|
57
|
+
|
|
58
|
+
- Primary workload in one cloud
|
|
59
|
+
- Disaster recovery in another
|
|
60
|
+
- Database replication across clouds
|
|
61
|
+
- Automated failover
|
|
62
|
+
|
|
63
|
+
### Pattern 2: Best-of-Breed
|
|
64
|
+
|
|
65
|
+
- Use best service from each provider
|
|
66
|
+
- AI/ML on GCP
|
|
67
|
+
- Enterprise apps on Azure
|
|
68
|
+
- General compute on AWS
|
|
69
|
+
|
|
70
|
+
### Pattern 3: Geographic Distribution
|
|
71
|
+
|
|
72
|
+
- Serve users from nearest cloud region
|
|
73
|
+
- Data sovereignty compliance
|
|
74
|
+
- Global load balancing
|
|
75
|
+
- Regional failover
|
|
76
|
+
|
|
77
|
+
### Pattern 4: Cloud-Agnostic Abstraction
|
|
78
|
+
|
|
79
|
+
- Kubernetes for compute
|
|
80
|
+
- PostgreSQL for database
|
|
81
|
+
- S3-compatible storage (MinIO)
|
|
82
|
+
- Open source tools
|
|
83
|
+
|
|
84
|
+
## Cloud-Agnostic Architecture
|
|
85
|
+
|
|
86
|
+
### Use Cloud-Native Alternatives
|
|
87
|
+
|
|
88
|
+
- **Compute:** Kubernetes (EKS/AKS/GKE)
|
|
89
|
+
- **Database:** PostgreSQL/MySQL (RDS/SQL Database/Cloud SQL)
|
|
90
|
+
- **Message Queue:** Apache Kafka (MSK/Event Hubs/Confluent)
|
|
91
|
+
- **Cache:** Redis (ElastiCache/Azure Cache/Memorystore)
|
|
92
|
+
- **Object Storage:** S3-compatible API
|
|
93
|
+
- **Monitoring:** Prometheus/Grafana
|
|
94
|
+
- **Service Mesh:** Istio/Linkerd
|
|
95
|
+
|
|
96
|
+
### Abstraction Layers
|
|
97
|
+
|
|
98
|
+
```
|
|
99
|
+
Application Layer
|
|
100
|
+
↓
|
|
101
|
+
Infrastructure Abstraction (Terraform)
|
|
102
|
+
↓
|
|
103
|
+
Cloud Provider APIs
|
|
104
|
+
↓
|
|
105
|
+
AWS / Azure / GCP
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
## Cost Comparison
|
|
109
|
+
|
|
110
|
+
### Compute Pricing Factors
|
|
111
|
+
|
|
112
|
+
- **AWS:** On-demand, Reserved, Spot, Savings Plans
|
|
113
|
+
- **Azure:** Pay-as-you-go, Reserved, Spot
|
|
114
|
+
- **GCP:** On-demand, Committed use, Preemptible
|
|
115
|
+
|
|
116
|
+
### Cost Optimization Strategies
|
|
117
|
+
|
|
118
|
+
1. Use reserved/committed capacity (30-70% savings)
|
|
119
|
+
2. Leverage spot/preemptible instances
|
|
120
|
+
3. Right-size resources
|
|
121
|
+
4. Use serverless for variable workloads
|
|
122
|
+
5. Optimize data transfer costs
|
|
123
|
+
6. Implement lifecycle policies
|
|
124
|
+
7. Use cost allocation tags
|
|
125
|
+
8. Monitor with cloud cost tools
|
|
126
|
+
|
|
127
|
+
**Reference:** See `references/multi-cloud-patterns.md`
|
|
128
|
+
|
|
129
|
+
## Migration Strategy
|
|
130
|
+
|
|
131
|
+
### Phase 1: Assessment
|
|
132
|
+
|
|
133
|
+
- Inventory current infrastructure
|
|
134
|
+
- Identify dependencies
|
|
135
|
+
- Assess cloud compatibility
|
|
136
|
+
- Estimate costs
|
|
137
|
+
|
|
138
|
+
### Phase 2: Pilot
|
|
139
|
+
|
|
140
|
+
- Select pilot workload
|
|
141
|
+
- Implement in target cloud
|
|
142
|
+
- Test thoroughly
|
|
143
|
+
- Document learnings
|
|
144
|
+
|
|
145
|
+
### Phase 3: Migration
|
|
146
|
+
|
|
147
|
+
- Migrate workloads incrementally
|
|
148
|
+
- Maintain dual-run period
|
|
149
|
+
- Monitor performance
|
|
150
|
+
- Validate functionality
|
|
151
|
+
|
|
152
|
+
### Phase 4: Optimization
|
|
153
|
+
|
|
154
|
+
- Right-size resources
|
|
155
|
+
- Implement cloud-native services
|
|
156
|
+
- Optimize costs
|
|
157
|
+
- Enhance security
|
|
158
|
+
|
|
159
|
+
## Best Practices
|
|
160
|
+
|
|
161
|
+
1. **Use infrastructure as code** (Terraform/OpenTofu)
|
|
162
|
+
2. **Implement CI/CD pipelines** for deployments
|
|
163
|
+
3. **Design for failure** across clouds
|
|
164
|
+
4. **Use managed services** when possible
|
|
165
|
+
5. **Implement comprehensive monitoring**
|
|
166
|
+
6. **Automate cost optimization**
|
|
167
|
+
7. **Follow security best practices**
|
|
168
|
+
8. **Document cloud-specific configurations**
|
|
169
|
+
9. **Test disaster recovery** procedures
|
|
170
|
+
10. **Train teams** on multiple clouds
|
|
171
|
+
|
|
172
|
+
## Reference Files
|
|
173
|
+
|
|
174
|
+
- `references/service-comparison.md` - Complete service comparison
|
|
175
|
+
- `references/multi-cloud-patterns.md` - Architecture patterns
|
|
176
|
+
|
|
177
|
+
## Related Skills
|
|
178
|
+
|
|
179
|
+
- `terraform-module-library` - For IaC implementation
|
|
180
|
+
- `cost-optimization` - For cost management
|
|
181
|
+
- `hybrid-cloud-networking` - For connectivity
|