eliferjunior/envoy
.claude/skills/ts-envoy/SKILL.md
You are an expert in Envoy, the high-performance C++ proxy designed for cloud-native applications. You help teams configure Envoy as an API gateway, service mesh sidecar, and load balancer using its L4/L7 routing, circuit breaking, rate limiting, TLS termination, gRPC support, and observability features — powering Istio, AWS App Mesh, and most modern service mesh implementations.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add eliferjunior/Claude envoyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 1:36 AM18.5s1 file scanned
SKILL.md
- name:
- envoy
- description:
- >-
- license:
- Apache-2.0
- author:
- terminal-skills
- version:
- 1.0.0
- category:
- Infrastructure & DevOps
Envoy Proxy — Cloud-Native Edge and Service Proxy
You are an expert in Envoy, the high-performance C++ proxy designed for cloud-native applications. You help teams configure Envoy as an API gateway, service mesh sidecar, and load balancer using its L4/L7 routing, circuit breaking, rate limiting, TLS termination, gRPC support, and observability features — powering Istio, AWS App Mesh, and most modern service mesh implementations.
Core Capabilities
Static Configuration
# envoy.yaml — API gateway configuration
static_resources:
listeners:
- name: http_listener
address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: local_routes
virtual_hosts:
- name: api
domains: ["api.example.com"]
routes:
- match:
prefix: "/api/users"
route:
cluster: users_service
timeout: 5s
retry_policy:
retry_on: "5xx,reset,connect-failure"
num_retries: 3
- match:
prefix: "/api/orders"
route:
cluster: orders_service
timeout: 10s
- match:
prefix: "/"
route:
cluster: frontend
http_filters:
- name: envoy.filters.http.cors
- name: envoy.filters.http.local_ratelimit
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
stat_prefix: http_local_rate_limiter
token_bucket:
max_tokens: 100
tokens_per_fill: 100
fill_interval: 60s
- name: envoy.filters.http.router
clusters:
- name: users_service
type: STRICT_DNS
lb_policy: ROUND_ROBIN
circuit_breakers:
thresholds:
- max_connections: 100
max_pending_requests: 50
max_requests: 200
max_retries: 3
health_checks:
- timeout: 2s
interval: 10s
healthy_threshold: 2
unhealthy_threshold: 3
http_health_check:
path: /health
load_assignment:
cluster_name: users_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: users-svc
port_value: 3000
- name: orders_service
type: STRICT_DNS
lb_policy: LEAST_REQUEST
load_assignment:
cluster_name: orders_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: orders-svc
port_value: 3000
admin:
address:
socket_address:
address: 0.0.0.0
port_value: 9901
Key Features
## Load Balancing
- Round Robin, Least Request, Random, Ring Hash, Maglev
- Zone-aware routing (prefer same-zone backends)
- Weighted clusters for canary deployments
## Circuit Breaking
- Max connections, pending requests, active retries
- Outlier detection: eject unhealthy backends automatically
- Configurable per-cluster thresholds
## Observability
- Built-in Prometheus metrics (/stats/prometheus)
- Distributed tracing (Jaeger, Zipkin, Datadog)
- Access logs (JSON, text, gRPC)
- Admin dashboard (/clusters, /config_dump, /stats)
## TLS
- Automatic TLS termination and origination
- mTLS for service-to-service communication
- SDS (Secret Discovery Service) for dynamic certificate rotation
Installation
# Docker
docker run -d --name envoy -p 8080:8080 -p 9901:9901 \
-v $(pwd)/envoy.yaml:/etc/envoy/envoy.yaml \
envoyproxy/envoy:v1.30-latest
# Kubernetes (as sidecar via Istio)
istioctl install
kubectl label namespace default istio-injection=enabled
Best Practices
- Circuit breakers — Set per-cluster limits; prevent cascading failures when a downstream service is slow
- Health checks — Configure active health checks; Envoy removes unhealthy backends automatically
- Retry policies — Retry on 5xx and connection failures; set
max_retriesand retry budgets to prevent thundering herd - Rate limiting — Use local rate limiting for simple cases; external rate limit service for distributed limiting
- Observability — Enable Prometheus stats, access logs, and tracing headers; Envoy provides more metrics than most apps emit
- xDS for dynamic config — Use control plane (Istio, custom) for dynamic configuration; avoid static config in production
- mTLS everywhere — Enable mutual TLS between services; Envoy handles certificate rotation via SDS
- Admin interface — Expose admin on internal port only;
/clustersshows backend health,/config_dumpfor debugging
Related Skills
eliferjunior/fireworks-ai
development
VerifiedTrustedCommunity
Expert guidance for Fireworks AI, the platform for running open-source LLMs (Llama, Mixtral, Qwen, etc.) with enterprise-grade speed and reliability. Helps developers integrate Fireworks' inference API, fine-tune models, and deploy custom model endpoints with function calling and structured output support.
SKILL.mdUpdated Apr 17, 2026
eliferjunior/firecrawl
development
VerifiedTrustedCommunity
Convert any website into clean, structured data with Firecrawl — API-first web scraping service. Use when someone asks to "turn a website into markdown", "scrape website for LLM", "Firecrawl", "extract website content as clean text", "crawl and convert to structured data", or "scrape website for RAG". Covers single-page scraping, full-site crawling, structured extraction, and LLM-ready output.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/firebase
tools
VerifiedTrustedCommunity
Expert guidance for Firebase, Google's platform for building and scaling web and mobile applications. Helps developers set up authentication, Firestore/Realtime Database, Cloud Functions, hosting, storage, and analytics using Firebase's SDK and CLI.
SKILL.mdUpdated Apr 16, 2026
eliferjunior/file-upload-processor
development
VerifiedTrustedCommunity
When the user needs to build file upload functionality for a web application. Use when the user mentions "file upload," "image upload," "upload endpoint," "multipart upload," "presigned URL," "S3 upload," "file validation," "upload to cloud storage," or "accept user files." Handles upload endpoints, file validation (type, size, magic bytes), cloud storage integration, and upload status tracking. For image/video processing after upload, see media-transcoder.
SKILL.mdUpdated Apr 16, 2026