← Back to Skills Marketplace
zw008

Vmware Vks

by zw008 · GitHub ↗ · v1.5.14 · MIT-0
macoslinux ✓ Security Clean
404
Downloads
0
Stars
0
Active Installs
27
Versions
Install in OpenClaw
/install vmware-vks
Description
Use this skill whenever the user needs to manage vSphere Kubernetes Service (VKS) — Supervisor clusters, vSphere Namespaces, and TKC cluster lifecycle. Direc...
README (SKILL.md)

VMware VKS

Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "vSphere" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-VKS under the MIT license.

AI-powered VMware vSphere Kubernetes Service (VKS) management — 20 MCP tools.

Requires vSphere 8.x+ with Workload Management enabled. Companion skills: vmware-aiops (VM lifecycle), vmware-monitor (monitoring), vmware-storage (storage), vmware-nsx (NSX networking), vmware-nsx-security (DFW/firewall), vmware-aria (metrics/alerts/capacity), vmware-avi (AVI/ALB/AKO). | vmware-pilot (workflow orchestration) | vmware-policy (audit/policy)

What This Skill Does

Category Capabilities Count
Supervisor Compatibility check, status, storage policies 3
Namespace List, get, create with quotas, update, delete with TKC guard, VM classes 6
TKC Clusters List, get, versions, create, scale, upgrade, delete with workload guard 7
Access Supervisor kubeconfig, TKC kubeconfig, Harbor registry, storage usage 4

Quick Install

uv tool install vmware-vks
vmware-vks doctor

When to Use This Skill

  • Check if vSphere environment supports VKS
  • Create, update, or delete Supervisor Namespaces with resource quotas
  • Deploy, scale, upgrade, or delete TKC (TanzuKubernetesCluster) clusters
  • Get kubeconfig for Supervisor or TKC clusters
  • Check Harbor registry info or storage usage

Use companion skills for:

  • VM lifecycle, deployment → vmware-aiops
  • Inventory, health, alarms → vmware-monitor
  • iSCSI, vSAN, datastore → vmware-storage
  • Load balancing, AVI/ALB, AKO, Ingress → vmware-avi

Related Skills — Skill Routing

User Intent Recommended Skill
Read-only monitoring vmware-monitor
Storage: iSCSI, vSAN vmware-storage
VM lifecycle, deployment vmware-aiops
vSphere Kubernetes Service (vSphere 8.x+) vmware-vks ← this skill
NSX networking: segments, gateways, NAT vmware-nsx
NSX security: DFW rules, security groups vmware-nsx-security
Aria Ops: metrics, alerts, capacity planning vmware-aria
Multi-step workflows with approval vmware-pilot
Load balancer, AVI, ALB, AKO, Ingress vmware-avi (uv tool install vmware-avi)
Audit log query vmware-policy (vmware-audit CLI)

Common Workflows

Deploy a New TKC Cluster

  1. Check compatibility → vmware-vks supervisor check --target prod
  2. List available K8s versions → vmware-vks tkc versions -n dev
  3. Create namespace (if needed) → vmware-vks namespace create dev --cluster domain-c1 --storage-policy vSAN --cpu 16000 --memory 32768 --apply
  4. Create TKC cluster → vmware-vks tkc create dev-cluster -n dev --version v1.28.4+vmware.1 --control-plane 1 --workers 3 --vm-class best-effort-large --apply
  5. Get kubeconfig → vmware-vks kubeconfig get dev-cluster -n dev

Scale Workers for Load Testing

  1. Check current state → vmware-vks tkc get dev-cluster -n dev
  2. Scale up → vmware-vks tkc scale dev-cluster -n dev --workers 6
  3. Monitor progress → vmware-vks tkc get dev-cluster -n dev (watch phase)
  4. Scale back down after test

Namespace Resource Management

  1. List namespaces → vmware-vks namespace list
  2. Check usage → vmware-vks storage -n dev
  3. Update quota → vmware-vks namespace update dev --cpu 32000 --memory 65536

Architecture

User (Natural Language)
  ↓
AI Agent (Claude Code / Goose / Cursor)
  ↓ reads SKILL.md
  ↓
vmware-vks CLI  ─── or ───  vmware-vks MCP Server (stdio)
  │
  ├─ Layer 1: pyVmomi → vCenter REST API
  │   Supervisor status, storage policies, Namespace CRUD, VM classes, Harbor
  │
  └─ Layer 2: kubernetes client → Supervisor K8s API endpoint
      TKC CR apply / get / delete  (cluster.x-k8s.io/v1beta1)
      Kubeconfig built from Layer 1 session token
  ↓
vCenter Server 8.x+ (Workload Management enabled)
  ↓
Supervisor Cluster → vSphere Namespaces → TanzuKubernetesCluster

Usage Mode

Scenario Recommended Why
Local/small models (Ollama, Qwen) CLI ~2K tokens vs ~8K for MCP
Cloud models (Claude, GPT-4o) Either MCP gives structured JSON I/O
Automated pipelines MCP Type-safe parameters, structured output

MCP Tools (20 — 12 read, 8 write)

All accept optional target parameter to specify a named vCenter.

Category Tool Type
Supervisor check_vks_compatibility Read
get_supervisor_status Read
list_supervisor_storage_policies Read
Namespace list_namespaces Read
get_namespace Read
create_namespace Write
update_namespace Write
delete_namespace Write
list_vm_classes Read
TKC list_tkc_clusters Read
get_tkc_cluster Read
get_tkc_available_versions Read
create_tkc_cluster Write
scale_tkc_cluster Write
upgrade_tkc_cluster Write
delete_tkc_cluster Write
Access get_supervisor_kubeconfig Read
get_tkc_kubeconfig Read
get_harbor_info Read
list_namespace_storage_usage Read

create_namespace / create_tkc_cluster — defaults to dry_run=True, returns a YAML plan for review. Pass dry_run=False to apply.

delete_namespace — requires confirmed=True and rejects if TKC clusters still exist (prevents orphaned clusters).

delete_tkc_cluster — requires confirmed=True and checks for running workloads. Rejects if found unless force=True.

Credential handling: get_supervisor_kubeconfig and get_tkc_kubeconfig return short-lived session tokens (not long-lived credentials). Tokens are derived from the authenticated vCenter session and expire when the session ends. Kubeconfig output is intended for local kubectl use — agents should write it to a file (-o \x3Cpath>) rather than displaying tokens in conversation context.

Full capability details and safety features: see references/capabilities.md

CLI Quick Reference

# Supervisor
vmware-vks check [--target \x3Cname>]
vmware-vks supervisor status \x3Ccluster-id> [--target \x3Cname>]
vmware-vks supervisor storage-policies [--target \x3Cname>]

# Namespace
vmware-vks namespace list [--target \x3Cname>]
vmware-vks namespace get \x3Cname> [--target \x3Cname>]
vmware-vks namespace create \x3Cname> --cluster \x3Cid> [--cpu \x3Cn>] [--memory \x3Cmb>] [--storage-policy \x3Cname>] [--apply]
vmware-vks namespace update \x3Cname> [--cpu \x3Cn>] [--memory \x3Cmb>] [--target \x3Cname>]
vmware-vks namespace delete \x3Cname> [--target \x3Cname>]

# TKC Clusters
vmware-vks tkc list [-n \x3Cnamespace>] [--target \x3Cname>]
vmware-vks tkc create \x3Cname> -n \x3Cns> [--version \x3Cv>] [--workers \x3Cn>] [--vm-class \x3Cname>] [--apply]
vmware-vks tkc scale \x3Cname> -n \x3Cns> --workers \x3Cn> [--target \x3Cname>]
vmware-vks tkc upgrade \x3Cname> -n \x3Cns> --version \x3Cv> [--target \x3Cname>]
vmware-vks tkc delete \x3Cname> -n \x3Cns> [--force] [--target \x3Cname>]

# Kubeconfig
vmware-vks kubeconfig supervisor -n \x3Cnamespace> [--target \x3Cname>]
vmware-vks kubeconfig get \x3Ccluster-name> -n \x3Cnamespace> [-o \x3Cpath>] [--target \x3Cname>]

# Harbor & Storage
vmware-vks harbor [--target \x3Cname>]
vmware-vks storage -n \x3Cnamespace> [--target \x3Cname>]

Full CLI reference with all flags and interactive creation: see references/cli-reference.md

Troubleshooting

"VKS not compatible" error

Workload Management must be enabled in vCenter. Check: vCenter UI → Workload Management. Requires vSphere 8.x+ with Enterprise Plus or VCF license.

Namespace creation fails with "storage policy not found"

List available policies first: vmware-vks supervisor storage-policies. Policy names are case-sensitive.

TKC cluster stuck in "Creating" phase

Check Supervisor events in vCenter. Common causes: insufficient resources on ESXi hosts, network issues with NSX-T, or storage policy not available on target datastore.

Kubeconfig retrieval fails

Supervisor API endpoint must be reachable from the machine running vmware-vks. Check firewall rules for port 6443.

Scale operation has no effect

Verify the cluster is in "Running" phase before scaling. Clusters in "Creating" or "Updating" phase reject scale operations.

Delete namespace rejected unexpectedly

The namespace delete guard prevents deletion when TKC clusters exist inside. Delete all TKC clusters in the namespace first, then retry.

Prerequisites

  • vSphere 8.x+ with Workload Management enabled
  • Enterprise Plus or VCF license
  • NSX-T (recommended) or VDS + HAProxy networking
  • Supervisor Cluster configured and running

Setup

uv tool install vmware-vks
mkdir -p ~/.vmware-vks
vmware-vks init

All tools are automatically audited via vmware-policy. Audit logs: vmware-audit log --last 20

Full setup guide, security details, and AI platform compatibility: see references/setup-guide.md

Audit & Safety

All operations are automatically audited via vmware-policy (@vmware_tool decorator):

  • Every tool call logged to ~/.vmware/audit.db (SQLite, framework-agnostic)
  • Policy rules enforced via ~/.vmware/rules.yaml (deny rules, maintenance windows, risk levels)
  • Risk classification: each tool tagged as low/medium/high/critical
  • View recent operations: vmware-audit log --last 20
  • View denied operations: vmware-audit log --status denied

vmware-policy is automatically installed as a dependency — no manual setup needed.

License

MIT — github.com/zw008/VMware-VKS

Usage Guidance
This skill looks coherent for VKS/TKC management, but check a few things before installing: (1) verify the vmware-vks package source (PyPI and/or GitHub repo) and review the repository since the docs point to an external community repo; (2) confirm the installer behavior — the registry metadata and SKILL.md disagree about install details; (3) keep per-target passwords in ~/.vmware-vks/.env with strict permissions (chmod 600) and avoid putting plaintext secrets into any agent configuration (e.g., MCP JSON) — the example MCP snippet shows inline passwords, which is risky; (4) confirm vmware-policy dependency/audit behavior meets your privacy requirements (it writes ~/.vmware/audit.db); and (5) fix/confirm any typos in example env names (e.g., VMWARE_MYVENTER_PASSWORD) so you don't accidentally leak credentials. If you want higher confidence, review the GitHub source and the vmware-policy dependency before installing.
Capability Analysis
Type: OpenClaw Skill Name: vmware-vks Version: 1.5.14 The vmware-vks skill bundle is a legitimate administrative toolset for managing VMware vSphere Kubernetes Service (VKS). It provides 20 tools for Supervisor, Namespace, and Tanzu Kubernetes Cluster (TKC) lifecycle management, incorporating robust safety features such as dry-run defaults for write operations, mandatory confirmation flags for deletions, and automated audit logging to a local SQLite database via the vmware-policy dependency. The documentation (SKILL.md and setup-guide.md) demonstrates a strong security posture, explicitly addressing credential safety (using local .env files), TLS verification, and protection against prompt injection by using typed Python parameters instead of shell interpolation.
Capability Assessment
Purpose & Capability
Name/description, required binary (vmware-vks), config paths (~/.vmware-vks/config.yaml and .env), and declared env var (VMWARE_VKS_CONFIG) all match the stated purpose of managing vSphere Kubernetes Service/TKC. Companion-skill references and CLI commands align with VKS tasks.
Instruction Scope
SKILL.md instructs using the vmware-vks CLI, reading the declared config and .env password file, and connecting only to configured vCenter targets. It does not instruct reading unrelated system files or sending data to unexpected endpoints. It documents audit logging to ~/.vmware/audit.db (expected side effect).
Install Mechanism
Installation is described as coming from PyPI/GitHub via the 'uv' tool and examples in the setup guide; that is a normal packaging route. However the registry metadata summary said 'No install spec — instruction-only', while SKILL.md contains an installer block referencing 'uv tool install vmware-vks' — this metadata/documentation mismatch should be resolved before automated installs. No high-risk download URLs or extract-from-arbitrary-host steps are present.
Credentials
The declared required env var is VMWARE_VKS_CONFIG (path to config.yaml) and per-target passwords are stored in ~/.vmware-vks/.env (VMWARE_<TARGET>_PASSWORD pattern). These are proportional to the skill's purpose. Two minor concerns: (1) primaryEnv is a config path rather than a secret credential (not harmful but slightly unusual naming), and (2) the docs show an example env key typo (VMWARE_MYVENTER_PASSWORD) and inconsistent statements about vmware-policy being 'auto-installed' vs 'optional' which should be clarified.
Persistence & Privilege
Skill does not request always:true and does not require elevated system-wide modifications. It will read/write within user home directories (~/.vmware-vks and ~/.vmware) for config, .env, and an audit SQLite DB — this is reasonable for a CLI tool. The audit DB location is documented; verify you are comfortable with write access there.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vmware-vks
  3. After installation, invoke the skill by name or use /vmware-vks
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.14
v1.5.14: code review fixes by @yjs-2026 + Snyk E005 disclaimer
v1.5.12
Security & bug fixes from @yjs-2026 code review
v1.5.11
Align with VMware skill family v1.5.11
v1.5.10
Security: python-multipart 0.0.22→0.0.26 (DoS fix)
v1.5.9
Docs: vSphere version correction (7.x->8.x) + branding cleanup credit (Ryan Conley #6)
v1.5.8
Align with VMware skill family v1.5.8
v1.5.7
Fix: respect target.verify_ssl; add REST timeouts; de-duplicate helpers
v1.5.6
Align with VMware skill family v1.5.6
v1.5.5
Align with VMware skill family v1.5.5
v1.5.4
Security: pytest 9.0.2→9.0.3 (CVE-2025-71176); Align family v1.5.4
v1.5.3
vmware-vks 1.5.3 - No code or documentation changes detected in this version. - Maintains full feature set and compatibility as described in prior versions. - No user-facing updates required; previous behavior and interfaces remain unchanged.
v1.5.2
vmware-vks v1.5.2 – No code or documentation changes detected. - No file changes were found in this version. - Functionality, usage, and documentation remain unchanged from the previous release.
v1.5.1
## vmware-vks 1.5.1 - Added explicit credential requirements for each vCenter target: passwords must be set via per-target environment variables (VMWARE_<TARGET_NAME_UPPER>_PASSWORD) in ~/.vmware-vks/.env. - Updated compatibility section: clarified audit log path (all writes audited to ~/.vmware/audit.db), confirmed credentials are never logged, echoed, or included in audit entries. - Added disclaimer: clarifies project is not affiliated with or endorsed by VMware or Broadcom. - Enhanced kubeconfig security notes: tokens returned by kubeconfig tools are short-lived session tokens, not persistent credentials.
v1.5.0
v1.5.0: Anthropic best practices, [READ]/[WRITE] prefixes, Broadcom attestation
v1.4.10
Anthropic best practices: [READ]/[WRITE] prefixes, kubeconfig security notes, Broadcom author attestation
v1.4.9
Security routing fixes and vmware-policy clarity; NSX auth fix for special char passwords
v1.4.8
Security patch: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892), urllib3→2.6.3, requests→2.33.0
v1.4.7
Fix: align openclaw metadata; add .env config and vmware-policy optional dep; standardize audit path to ~/.vmware/audit.db
v1.4.6
fix: remove suspicious content for clean scan
v1.4.5
Security: pygments ReDoS CVE fix; Infrastructure: uv.lock for all repos
Metadata
Slug vmware-vks
Version 1.5.14
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 27
Frequently Asked Questions

What is Vmware Vks?

Use this skill whenever the user needs to manage vSphere Kubernetes Service (VKS) — Supervisor clusters, vSphere Namespaces, and TKC cluster lifecycle. Direc... It is an AI Agent Skill for Claude Code / OpenClaw, with 404 downloads so far.

How do I install Vmware Vks?

Run "/install vmware-vks" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vmware Vks free?

Yes, Vmware Vks is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vmware Vks support?

Vmware Vks is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux).

Who created Vmware Vks?

It is built and maintained by zw008 (@zw008); the current version is v1.5.14.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments