功能描述

Execute and manage Kubernetes clusters via kubectl commands. Query resources, deploy applications, debug containers, manage configurations, and monitor cluster health. Use when working with Kubernetes clusters, containers, deployments, or pod diagnostics.

使用说明 (SKILL.md)

kubectl Skill

Name: kubectl
Author: ddevaal

Execute Kubernetes cluster management operations using the kubectl command-line tool.

Overview

This skill enables agents to:

Query Resources — List and get details about pods, deployments, services, nodes, etc.
Deploy & Update — Create, apply, patch, and update Kubernetes resources
Debug & Troubleshoot — View logs, execute commands in containers, inspect events
Manage Configuration — Update kubeconfig, switch contexts, manage namespaces
Monitor Health — Check resource usage, rollout status, events, and pod conditions
Perform Operations — Scale deployments, drain nodes, manage taints and labels

Prerequisites

kubectl binary installed and accessible on PATH (v1.20+)
kubeconfig file configured with cluster credentials (default: ~/.kube/config)
Active connection to a Kubernetes cluster

Quick Setup

Install kubectl

macOS:

brew install kubernetes-cli

Linux:

apt-get install -y kubectl  # Ubuntu/Debian
yum install -y kubectl      # RHEL/CentOS

Verify:

kubectl version --client
kubectl cluster-info  # Test connection

Essential Commands

Query Resources

kubectl get pods                    # List all pods in current namespace
kubectl get pods -A                 # All namespaces
kubectl get pods -o wide            # More columns
kubectl get nodes                   # List nodes
kubectl describe pod POD_NAME        # Detailed info with events

View Logs

kubectl logs POD_NAME                # Get logs
kubectl logs -f POD_NAME             # Follow logs (tail -f)
kubectl logs POD_NAME -c CONTAINER   # Specific container
kubectl logs POD_NAME --previous     # Previous container logs

Execute Commands

kubectl exec -it POD_NAME -- /bin/bash   # Interactive shell
kubectl exec POD_NAME -- COMMAND         # Run single command

Deploy Applications

kubectl apply -f deployment.yaml         # Apply config
kubectl create -f deployment.yaml        # Create resource
kubectl apply -f deployment.yaml --dry-run=client  # Test

Update Applications

kubectl set image deployment/APP IMAGE=IMAGE:TAG  # Update image
kubectl scale deployment/APP --replicas=3          # Scale pods
kubectl rollout status deployment/APP              # Check status
kubectl rollout undo deployment/APP                # Rollback

Manage Configuration

kubectl config view                  # Show kubeconfig
kubectl config get-contexts          # List contexts
kubectl config use-context CONTEXT   # Switch context

Common Patterns

Debugging a Pod

# 1. Identify the issue
kubectl describe pod POD_NAME

# 2. Check logs
kubectl logs POD_NAME
kubectl logs POD_NAME --previous

# 3. Execute debug commands
kubectl exec -it POD_NAME -- /bin/bash

# 4. Check events
kubectl get events --sort-by='.lastTimestamp'

Deploying a New Version

# 1. Update image
kubectl set image deployment/MY_APP my-app=my-app:v2

# 2. Monitor rollout
kubectl rollout status deployment/MY_APP -w

# 3. Verify
kubectl get pods -l app=my-app

# 4. Rollback if needed
kubectl rollout undo deployment/MY_APP

Preparing Node for Maintenance

# 1. Drain node (evicts all pods)
kubectl drain NODE_NAME --ignore-daemonsets

# 2. Do maintenance
# ...

# 3. Bring back online
kubectl uncordon NODE_NAME

Output Formats

The --output (-o) flag supports multiple formats:

table — Default tabular format
wide — Extended table with additional columns
json — JSON format (useful with jq)
yaml — YAML format
jsonpath — JSONPath expressions
custom-columns — Define custom output columns
name — Only resource names

Examples:

kubectl get pods -o json | jq '.items[0].metadata.name'
kubectl get pods -o jsonpath='{.items[*].metadata.name}'
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase

Global Flags (Available to All Commands)

-n, --namespace=\x3Cns>           # Operate in specific namespace
-A, --all-namespaces           # Operate across all namespaces
--context=\x3Ccontext>            # Use specific kubeconfig context
-o, --output=\x3Cformat>          # Output format (json, yaml, table, etc.)
--dry-run=\x3Cmode>               # Dry-run mode (none, client, server)
-l, --selector=\x3Clabels>        # Filter by labels
--field-selector=\x3Cselector>    # Filter by fields
-v, --v=\x3Cint>                  # Verbosity level (0-9)

Dry-Run Modes

--dry-run=client — Fast client-side validation (test commands safely)
--dry-run=server — Server-side validation (more accurate)
--dry-run=none — Execute for real (default)

Always test with --dry-run=client first:

kubectl apply -f manifest.yaml --dry-run=client

Advanced Topics

For detailed reference material, command-by-command documentation, troubleshooting guides, and advanced workflows, see:

references/REFERENCE.md — Complete kubectl command reference
scripts/ — Helper scripts for common tasks

Helpful Tips

Use label selectors for bulk operations:

kubectl delete pods -l app=myapp
kubectl get pods -l env=prod,tier=backend

Watch resources in real-time:

kubectl get pods -w  # Watch for changes

Use -A flag for all namespaces:

kubectl get pods -A  # See pods everywhere

Save outputs for later comparison:

kubectl get deployment my-app -o yaml > deployment-backup.yaml

Check before you delete:

kubectl delete pod POD_NAME --dry-run=client

Getting Help

kubectl help                      # General help
kubectl COMMAND --help            # Command help
kubectl explain pods              # Resource documentation
kubectl explain pods.spec         # Field documentation

Environment Variables

KUBECONFIG — Path to kubeconfig file (can include multiple paths separated by :)
KUBECTL_CONTEXT — Override default context

Resources

Version: 1.0.0
License: MIT
Compatible with: kubectl v1.20+, Kubernetes v1.20+

安全使用建议

This package is a straightforward kubectl helper, but before installing or invoking it: 1) ensure you trust the author or inspect the scripts locally (they are plain shell scripts); 2) never point it at a kubeconfig with cluster-admin or broad privileges — use least-privileged credentials or a test cluster; 3) be aware the skill will run kubectl commands that can read secrets, logs, configmaps and exec into pods; 4) check that your environment actually has kubectl (v1.20+), python3 if you want pretty JSON output, and that KUBECONFIG is set to the intended file; 5) ask the maintainer to update the registry metadata to declare required binaries/env vars so requirements match the documentation.

功能分析

Type: OpenClaw Skill Name: kubectl Version: 1.0.0 The skill bundle is classified as suspicious due to the inherent high-risk capabilities of the `kubectl` command-line tool, which it fully exposes. While the code and documentation (SKILL.md, references/REFERENCE.md, and scripts/*.sh) are transparent and align with the stated purpose of Kubernetes cluster management, they enable powerful actions such as arbitrary command execution within pods (`kubectl exec`), viewing sensitive cluster configurations (`kubectl config view`), and transferring files to/from pods (`kubectl cp`). These capabilities, though plausibly needed for the skill's function, grant broad access and control over a Kubernetes cluster, posing a significant risk if the agent or user is compromised, even without explicit evidence of intentional malicious behavior like data exfiltration to external endpoints or prompt injection attempts to subvert the agent's core directives.

能力评估

ℹ Purpose & Capability

The name, description, SKILL.md, README, and helper scripts all align with a kubectl helper: querying resources, deploying, debugging, and node maintenance. This capability legitimately needs kubectl and access to a kubeconfig. However, the registry metadata listed no required binaries or env vars despite the skill explicitly requiring kubectl and optionally KUBECONFIG/KUBECTLDIR in documentation — an inconsistency.

ℹ Instruction Scope

The runtime instructions and scripts call kubectl for queries, logs, exec, cp, drain, rollout, etc., which is expected for a kubectl skill. These operations can read wide-ranging cluster state (including secrets via kubectl get secrets, logs, pods, configmaps) — this is normal for the tool but high sensitivity: the skill will have access to anything the kubeconfig permits. The scripts prompt for confirmation for destructive operations (node drain) and use safe dry-run suggestions, which is appropriate.

✓ Install Mechanism

There is no install spec (instruction-only), so nothing is downloaded or written by an installer. The README/SKILL.md recommend standard package-manager installs (brew/apt/yum) for kubectl which is low risk. The package itself includes shell scripts (no external fetched code), so install risk is low — but included scripts will run locally when invoked.

⚠ Credentials

Registry metadata declared no required env vars or binaries, but SKILL.md and README explicitly require kubectl (binary) and a kubeconfig (default ~/.kube/config) and mention KUBECONFIG/KUBECTLDIR; scripts also invoke python3 for json.tool. The mismatch between declared requirements and actual instructions is an incoherence that could lead to surprise (e.g., the agent or user may not realize kubeconfig access is needed). Additionally, because kubectl operations can access secrets and cluster credentials, ensure only least-privileged kubeconfig credentials are used.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or system settings, and is user-invocable. It can be invoked autonomously per platform defaults, which increases blast radius if the agent is compromised, but that is normal and not unique to this skill.

版本历史

v1.0.0

Initial release of kubectl-skill. - Execute and manage Kubernetes clusters using kubectl commands. - Query, deploy, update, debug, and monitor pods, deployments, nodes, and other resources. - Manage kubeconfig, switch contexts, and handle namespaces easily. - Includes troubleshooting, scaling, rollout, and node maintenance examples. - Supports advanced output formats, dry-run modes, and global kubectl flags. - Requires kubectl (v1.20+) and an active kubeconfig connection.

元数据

Slug kubectl

版本 1.0.0

许可证 —

累计安装 24

当前安装数 24

历史版本数 1

常见问题

kubectl 是什么？

Execute and manage Kubernetes clusters via kubectl commands. Query resources, deploy applications, debug containers, manage configurations, and monitor cluster health. Use when working with Kubernetes clusters, containers, deployments, or pod diagnostics. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 3761 次。

如何安装 kubectl？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install kubectl」即可一键安装，无需额外配置。

kubectl 是免费的吗？

是的，kubectl 完全免费（开源免费），可自由下载、安装和使用。

kubectl 支持哪些平台？

kubectl 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 kubectl？

由 ddevaal（@ddevaal）开发并维护，当前版本 v1.0.0。

kubectl