← 返回 Skills 市场

Kubernetes Skills

Name: Kubernetes Skills
Author: rohitg00

作者 Rohit Ghumare · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

2157

总下载

当前安装

版本数

在 OpenClaw 中安装

/install k8s-certs

功能描述

Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.

使用说明 (SKILL.md)

Certificate Management with cert-manager

Manage TLS certificates using kubectl-mcp-server's cert-manager tools.

Check Installation

certmanager_detect_tool()

Certificates

List Certificates

# List all certificates
certmanager_certificates_list_tool(namespace="default")

# Check certificate status
# - True: Certificate ready
# - False: Certificate not ready (check events)

Get Certificate Details

certmanager_certificate_get_tool(
    name="my-tls",
    namespace="default"
)
# Shows:
# - Issuer reference
# - Secret name
# - DNS names
# - Expiry date
# - Renewal time

Create Certificate

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-tls
  namespace: default
spec:
  secretName: my-tls-secret
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - app.example.com
  - www.example.com
""")

Issuers

List Issuers

# Namespace issuers
certmanager_issuers_list_tool(namespace="default")

# Cluster-wide issuers
certmanager_clusterissuers_list_tool()

Get Issuer Details

certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")

Create Let's Encrypt Issuer

# Staging (for testing)
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

# Production
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

Create Self-Signed Issuer

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned
spec:
  selfSigned: {}
""")

Certificate Requests

# List certificate requests
certmanager_certificaterequests_list_tool(namespace="default")

# Get request details (for debugging)
certmanager_certificaterequest_get_tool(
    name="my-tls-xxxxx",
    namespace="default"
)

Troubleshooting

Certificate Not Ready

1. certmanager_certificate_get_tool(name, namespace)  # Check status
2. certmanager_certificaterequests_list_tool(namespace)  # Check request
3. get_events(namespace)  # Check events
4. # Common issues:
   # - Issuer not ready
   # - DNS challenge failed
   # - Rate limited by Let's Encrypt

Issuer Not Ready

1. certmanager_clusterissuer_get_tool(name)  # Check status
2. get_events(namespace="cert-manager")  # Check events
3. # Common issues:
   # - Invalid credentials
   # - Network issues
   # - Invalid configuration

Ingress Integration

# Automatic certificate via ingress annotation
kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
""")

Related Skills

k8s-networking - Ingress configuration
k8s-security - Security best practices

安全使用建议

Before installing: (1) Understand that this skill will create and modify Kubernetes resources (Certificates, ClusterIssuers, Ingresses). Ensure you trust the skill source. (2) Confirm the agent runtime has kubectl / cert-manager tooling and appropriate kubeconfig or cluster credentials; the skill metadata does not declare these requirements but the SKILL.md assumes them. (3) Running ClusterIssuer manifests typically requires cluster-admin privileges—use least-privilege accounts and test in a staging cluster first. (4) Review the provided YAML (especially ACME email/privateKeySecretRef) and make sure secrets are handled securely; be careful using production Let's Encrypt due to rate limits. (5) Ask the publisher to update metadata to declare required binaries (kubectl), config paths (KUBECONFIG or kubeconfig file), and any needed permissions so you can make an informed risk decision.

功能分析

Type: OpenClaw Skill Name: k8s-certs Version: 1.0.0 The skill bundle is benign. It provides instructions and tool calls for managing Kubernetes certificates using cert-manager, which is clearly aligned with its stated purpose. All operations involve standard Kubernetes and cert-manager API calls via predefined tools like `kubectl_apply` and `certmanager_*_tool`. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts to subvert the agent's intent, or obfuscation in `SKILL.md`.

能力评估

⚠ Purpose & Capability

The SKILL.md clearly operates on a Kubernetes cluster (kubectl_apply, certmanager_* tools, creating ClusterIssuer/Certificate resources). However, the registry metadata declares no required binaries, env vars, or config paths. Managing cert-manager legitimately requires kubectl access (or equivalent API access) and cluster credentials (often cluster-admin for ClusterIssuer). The metadata and declared requirements are therefore incomplete/inconsistent with the described capability.

✓ Instruction Scope

Instructions stay on-topic: listing/creating Certificates, Issuers, CertificateRequests, Ingress annotations, and troubleshooting. They reference Let's Encrypt ACME endpoints (expected) and cluster events for debugging. The skill does not instruct reading unrelated local files or exfiltrating data to unexpected external endpoints.

✓ Install Mechanism

This is instruction-only with no install spec or code files, so nothing is written to disk by an installer—low installation risk. The runtime relies on external tools being available (kubectl and cert-manager-related tooling), which are not declared in metadata.

⚠ Credentials

No environment variables, credentials, or config paths are declared despite the skill plainly requiring access to a Kubernetes cluster (kubeconfig, KUBECONFIG, or in-cluster credentials) and cluster secrets/private keys for ACME issuers. Requesting no credentials in metadata is disproportionate to the operations shown in SKILL.md.

✓ Persistence & Privilege

Skill is not always-enabled and does not claim persistent/system-wide modifications. It does perform cluster mutations (apply manifests) when invoked, which is expected for this purpose but should be run with appropriate privileges and caution.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install k8s-certs
安装完成后，直接呼叫该 Skill 的名称或使用 /k8s-certs 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of k8s-certs for Kubernetes TLS certificate management with cert-manager. - Guides certificate lifecycle: listing, creating, and troubleshooting certificates and issuers. - Includes manifest examples for both Let's Encrypt and self-signed ClusterIssuers. - Provides workflows for diagnosing common certificate and issuer problems. - Shows integration with Ingress resources for automatic certificate issuance. - Links to related networking and security skills for further Kubernetes management.

元数据

Slug k8s-certs

版本 1.0.0

许可证 —

累计安装 7

当前安装数 7

历史版本数 1

常见问题