Description

Huawei Cloud CCE (Cloud Container Engine) cluster lifecycle management skill using Python SDK v3. Use this skill when the user wants to: (1) create, delete,...

README (SKILL.md)

Huawei Cloud CCE Cluster Management

Name: Huawei Cloud Cce Cluster Management
Author: pintudeyudi

Overview

Manage CCE (Cloud Container Engine) cluster lifecycle, including cluster creation/deletion/hibernation/awakening, node pool management, node scheduling control, and addon management.

⛔ Security Constraints

Dangerous Operation Confirmation Mechanism

This skill strictly enforces a two-step confirmation mechanism for all dangerous operations to prevent accidental service disruption or data loss.

All dangerous operations require confirm=true parameter to execute. Otherwise, they return a preview and confirmation prompt.

Operations Requiring Confirmation

Tool	Operation Type	Risk Level	Description
`huawei_delete_cce_cluster`	Delete	🔴 Critical	Deletes entire CCE cluster, irreversible
`huawei_hibernate_cce_cluster`	Hibernate	🟠 High	Stops all workloads, pauses control plane billing
`huawei_awake_cce_cluster`	Awake	🟠 High	Resumes cluster from hibernation
`huawei_resize_cce_nodepool`	Scale	🟡 Medium	Adjusts node pool size, affects capacity
`huawei_delete_cce_nodepool`	Delete	🟠 High	Deletes node pool, affects business capacity
`huawei_delete_cce_node`	Delete	🟠 High	Removes node from cluster, affects scheduling
`huawei_uninstall_cce_addon`	Uninstall	🟠 High	Removes addon, may affect cluster functionality
`huawei_cce_node_cordon`	Cordon	🟡 Medium	Marks node unschedulable, new pods won't be assigned
`huawei_cce_node_uncordon`	Uncordon	🟡 Medium	Marks node schedulable, new pods may be assigned immediately
`huawei_cce_node_drain`	Drain	🟠 High	Evicts all pods from node, affects running workloads

Workflow

Step 1: Preview Operation - Call without confirm parameter

# Example: Preview cluster deletion
python3 scripts/huawei-cloud.py huawei_delete_cce_cluster \
  region=cn-north-4 \
  cluster_id=xxx

Returns: operation preview, risk warning, confirmation example

Step 2: Confirm Execution - Call with confirm=true

# Example: Confirm and execute deletion
python3 scripts/huawei-cloud.py huawei_delete_cce_cluster \
  region=cn-north-4 \
  cluster_id=xxx \
  confirm=true

Credential Security

✅ This skill strictly follows these security rules:

No persistent credential storage - Never saves AK/SK, tokens, or certificates to disk
No long-term memory cache - AK/SK exists only during API call, released afterward
Only project ID memory cache - Non-sensitive project ID cached in process memory
No credential leakage - Never includes AK/SK in logs, responses, or errors
Temporary file cleanup - If temporary cert files are created, they are deleted immediately after use

AK/SK usage methods:

Environment variables HW_ACCESS_KEY / HW_SECRET_KEY / HW_REGION_NAME (process-level, not saved)
Per-call parameter (valid only for that call)

Prerequisites

Python Environment

Python 3.8+
Install SDKs: pip install huaweicloudsdkcce huaweicloudsdkcore
Optional for node operations: pip install kubernetes

Environment Variables (Recommended)

export HW_ACCESS_KEY="your-access-key-id"
export HW_SECRET_KEY="your-secret-access-key"
export HW_REGION_NAME="cn-north-4"

IAM Permission Policies

Ensure the IAM user has the minimum required permissions:

Permission	Description
`cce:cluster:list`	List clusters
`cce:cluster:get`	Get cluster details
`cce:cluster:create`	Create clusters
`cce:cluster:delete`	Delete clusters
`cce:cluster:update`	Update clusters (hibernate/awake/bind EIP)
`cce:node:list`	List nodes
`cce:node:get`	Get node details
`cce:node:create`	Create nodes
`cce:node:delete`	Delete nodes
`cce:node:update`	Update nodes (cordon/uncordon/drain)
`cce:nodepool:list`	List node pools
`cce:nodepool:create`	Create node pools
`cce:nodepool:delete`	Delete node pools
`cce:nodepool:update`	Update node pools (resize)
`cce:addon:list`	List addons
`cce:addon:get`	Get addon details
`cce:addon:create`	Install addons
`cce:addon:update`	Update addons
`cce:addon:delete`	Uninstall addons

Core Commands

Cluster Query

Tool	Function	Parameters
`huawei_list_cce_clusters`	List all CCE clusters in region	`region`
`huawei_get_cce_nodes`	Get detailed node information	`region`, `cluster_id`, `node_id`
`huawei_get_cce_kubeconfig`	Get cluster kubeconfig	`region`, `cluster_id`, `duration`

Cluster Management

Tool	Function	Risk Level	Requires Confirmation
`huawei_create_cce_cluster`	Create CCE cluster	🟢 Low	No
`huawei_delete_cce_cluster`	Delete CCE cluster	🔴 Critical	Yes
`huawei_hibernate_cce_cluster`	Hibernate cluster	🟠 High	Yes
`huawei_awake_cce_cluster`	Awake cluster	🟠 High	Yes
`huawei_bind_cce_cluster_eip`	Bind cluster EIP	🟢 Low	No
`huawei_unbind_cce_cluster_eip`	Unbind cluster EIP	🟡 Medium	No

Recommended defaults:

Cluster type: Turbo (best performance with ENI network)
Container network: eni for Turbo clusters
Naming format: \x3Cenv>-\x3Capp>-cluster (e.g., prod-web-cluster)

Node Pool Management

Tool	Function	Risk Level	Requires Confirmation
`huawei_list_cce_nodepools`	List node pools	🟢 Low	No
`huawei_create_cce_nodepool`	Create node pool	🟢 Low	No
`huawei_delete_cce_nodepool`	Delete node pool	🟠 High	Yes
`huawei_resize_cce_nodepool`	Resize node pool	🟡 Medium	Yes

Recommended defaults:

Naming format: \x3Cenv>-\x3Crole>-pool (e.g., prod-worker-pool)
Initial node count: 2 for HA, or 0 with autoscaling
Enable autoscaling for dynamic scaling

Node Management

Tool	Function	Risk Level	Requires Confirmation
`huawei_list_cce_nodes`	List cluster nodes	🟢 Low	No
`huawei_create_cce_node`	Create nodes directly	🟢 Low	No
`huawei_delete_cce_node`	Delete node	🟠 High	Yes
`huawei_cce_node_cordon`	Mark node unschedulable	🟡 Medium	Yes
`huawei_cce_node_uncordon`	Mark node schedulable	🟡 Medium	Yes
`huawei_cce_node_drain`	Evict all pods from node	🟠 High	Yes
`huawei_cce_node_status`	Query node scheduling status	🟢 Low	No

Note: Prefer node pools for managed scaling. Direct node creation is for special cases.

Addon Management

Tool	Function	Risk Level	Requires Confirmation
`huawei_list_cce_addons`	List cluster addons	🟢 Low	No
`huawei_get_cce_addon_detail`	Get addon details	🟢 Low	No
`huawei_install_cce_addon`	Install addon	🟢 Low	No
`huawei_uninstall_cce_addon`	Uninstall addon	🟠 High	Yes
`huawei_update_cce_addon`	Update addon	🟡 Medium	No

Common addons:

coredns - DNS service
metrics-server - Monitoring metrics
everest - Storage driver

Network Prerequisites

Tool	Function	Parameters
`huawei_list_vpc`	List VPCs with CIDR info	`region`
`huawei_list_vpc_subnets`	List subnets with AZ info	`region`, `vpc_id`

Use these tools to find VPC/subnet IDs before cluster creation.

Supported Regions

Region Code	Region Name
cn-north-4	North China-Beijing 4
cn-north-1	North China-Beijing 1
cn-north-2	North China-Beijing 2
cn-east-3	East China-Shanghai 1
cn-south-1	South China-Guangzhou
cn-south-2	South China-Guangzhou Friendly
cn-east-4	East China II
cn-southwest-2	Guiyang 1
ap-southeast-1	Asia-Pacific-Hong Kong
ap-southeast-2	Asia-Pacific-Bangkok
ap-southeast-3	Asia-Pacific-Singapore

Output Format

All tools return JSON-formatted results containing:

status: operation result (success / error)
data: operation-specific response (cluster info, node list, addon details, etc.)
message: human-readable description of the result
warning: risk warning for dangerous operations (preview mode only)

Verification

See verification-method.md for detailed verification steps. Quick checklist:

Verify AK/SK credentials are configured via environment variables
Run huawei_list_cce_clusters to confirm API connectivity
Test dangerous operation preview (call without confirm=true)
Verify Turbo cluster ENI network configuration

Best Practices

Use environment variables (HW_ACCESS_KEY / HW_SECRET_KEY) for credentials — avoid hardcoding
Always preview dangerous operations before confirming with confirm=true
Use Turbo clusters (container_network_type=eni) for high-performance workloads
Resize node pools during low-traffic periods to minimize business impact
Keep node pools at ≥2 nodes for production workloads to ensure redundancy
Regularly check cluster health via huawei_list_cce_clusters and huawei_show_cce_cluster

References

Document	Description
task-cluster-management.md	Cluster lifecycle operations
task-nodepool-management.md	Node pool operations
task-node-management.md	Node scheduling operations
iam-policies.md	IAM permission policies
verification-method.md	Verification steps
troubleshooting.md	Troubleshooting guide
cce-api-guide.md	CCE Python SDK API reference
cce-cluster-parameters.md	Cluster/nodepool creation parameters

Notes

Ensure AK/SK has correct IAM permissions
Different regions may have different resource availability
All dangerous operations require confirmation
Deletion operations are irreversible
Hibernate cluster stops all workloads - use during non-business hours
Node drain evicts all pods - ensure sufficient replicas
Turbo clusters recommended for best performance with ENI network

Usage Guidance

Install only if you intend to let the agent administer Huawei CCE clusters. Use least-privilege IAM instead of blanket administrator access where possible, treat kubeconfig output as a secret, avoid logging or sharing it, and require human confirmation for public API exposure, node drains, scale-downs, deletions, and other disruptive actions.

Capability Assessment

ℹ Purpose & Capability

The capabilities described by the scanner, including cluster lifecycle actions, node operations, EIP binding, and kubeconfig retrieval, fit a Kubernetes cluster-management purpose.

⚠ Instruction Scope

Several high-impact actions appear under-scoped in the user-facing descriptions: kubeconfig retrieval is described as usable with kubectl without secret-handling warnings, EIP binding lacks public exposure warnings, and disruptive node operations lack strong operational cautions.

✓ Install Mechanism

No evidence was supplied or found of deceptive installation, hidden post-install behavior, persistence setup, or unrelated package execution.

⚠ Credentials

The skill operates on production-grade cloud/Kubernetes infrastructure and can expose APIs, disrupt workloads, or delete/change resources; that authority is coherent but high impact.

⚠ Persistence & Privilege

The kubeconfig tool can return credential-bearing cluster access material, and the IAM guidance reportedly includes broad CCE Administrator permissions without sufficiently clear least-privilege separation.

Version History

v0.1.0

Initial release

Metadata

Slug huawei-cloud-cce-cluster-management

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Huawei Cloud Cce Cluster Management?

Huawei Cloud CCE (Cloud Container Engine) cluster lifecycle management skill using Python SDK v3. Use this skill when the user wants to: (1) create, delete,... It is an AI Agent Skill for Claude Code / OpenClaw, with 23 downloads so far.

How do I install Huawei Cloud Cce Cluster Management?

Run "/install huawei-cloud-cce-cluster-management" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Huawei Cloud Cce Cluster Management free?

Yes, Huawei Cloud Cce Cluster Management is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Huawei Cloud Cce Cluster Management support?

Huawei Cloud Cce Cluster Management is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Huawei Cloud Cce Cluster Management?

It is built and maintained by shijingcheng (@pintudeyudi); the current version is v0.1.0.

More Skills

Huawei Cloud Cce Cluster Management