ReddRadar
Agent skill
k8s-certs
Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
Install this agent skill to your Project
npx add-skill https://github.com/rohitg00/kubectl-mcp-server/tree/main/kubernetes-skills/claude/k8s-certs
Metadata
Additional technical details for this skill
- tools
- 9
- author
- rohitg00
- version
- 1.0.0
- category
- security
SKILL.md
Certificate Management with cert-manager
Manage TLS certificates using kubectl-mcp-server's cert-manager tools.
When to Apply
Use this skill when:
- User mentions: "certificate", "cert-manager", "TLS", "SSL", "issuer", "Let's Encrypt"
- Operations: creating certificates, configuring issuers, debugging cert issues
- Keywords: "https", "secure", "encrypt", "renew", "expiring"
Priority Rules
| Priority | Rule | Impact | Tools |
|---|---|---|---|
| 1 | Detect cert-manager first | CRITICAL | certmanager_detect_tool |
| 2 | Use staging issuer for testing | HIGH | Test with letsencrypt-staging |
| 3 | Check issuer before cert | HIGH | certmanager_clusterissuers_list_tool |
| 4 | Monitor certificate expiry | MEDIUM | certmanager_certificate_get_tool |
Quick Reference
| Task | Tool | Example |
|---|---|---|
| Detect cert-manager | certmanager_detect_tool |
certmanager_detect_tool() |
| List certificates | certmanager_certificates_list_tool |
certmanager_certificates_list_tool(namespace) |
| Get certificate | certmanager_certificate_get_tool |
certmanager_certificate_get_tool(name, namespace) |
| List issuers | certmanager_clusterissuers_list_tool |
certmanager_clusterissuers_list_tool() |
Check Installation
certmanager_detect_tool()
Certificates
List Certificates
certmanager_certificates_list_tool(namespace="default")
Get Certificate Details
certmanager_certificate_get_tool(
name="my-tls",
namespace="default"
)
Create Certificate
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-tls
namespace: default
spec:
secretName: my-tls-secret
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- app.example.com
- www.example.com
""")
Issuers
List Issuers
certmanager_issuers_list_tool(namespace="default")
certmanager_clusterissuers_list_tool()
Get Issuer Details
certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")
Create Let's Encrypt Issuer
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: nginx
""")
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: nginx
""")
Create Self-Signed Issuer
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
spec:
selfSigned: {}
""")
Certificate Requests
certmanager_certificaterequests_list_tool(namespace="default")
certmanager_certificaterequest_get_tool(
name="my-tls-xxxxx",
namespace="default"
)
Troubleshooting
Certificate Not Ready
certmanager_certificate_get_tool(name, namespace)
certmanager_certificaterequests_list_tool(namespace)
get_events(namespace)
Issuer Not Ready
certmanager_clusterissuer_get_tool(name)
get_events(namespace="cert-manager")
Ingress Integration
kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- app.example.com
secretName: app-tls
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
""")
Prerequisites
- cert-manager: Required for all certificate tools
bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
Related Skills
- k8s-networking - Ingress configuration
- k8s-security - Security best practices
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
rohitg00/kubectl-mcp-server
k8s-multicluster
Manage multiple Kubernetes clusters, switch contexts, and perform cross-cluster operations. Use when working with multiple clusters, comparing environments, or managing cluster lifecycle.
rohitg00/kubectl-mcp-server
k8s-incident
Respond to Kubernetes incidents with runbooks and diagnostics. Use for outages, pod failures, node issues, network problems, and emergency response.
rohitg00/kubectl-mcp-server
k8s-gitops
Manage GitOps workflows with Flux and ArgoCD. Use for sync status, reconciliation, app management, source management, and GitOps troubleshooting.
rohitg00/kubectl-mcp-server
k8s-autoscaling
Configure Kubernetes autoscaling with HPA, VPA, and KEDA. Use for horizontal/vertical pod autoscaling, event-driven scaling, and capacity management.
rohitg00/kubectl-mcp-server
k8s-deploy
Deploy and manage Kubernetes workloads with progressive delivery. Use for deployments, rollouts, blue-green, canary releases, scaling, and release management.
rohitg00/kubectl-mcp-server
k8s-cost
Optimize Kubernetes costs through resource right-sizing, unused resource detection, and cluster efficiency analysis. Use for cost optimization, resource analysis, and capacity planning.
Didn't find tool you were looking for?