Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

rohitg00/k8s-certs

Name: k8s-certs
Author: rohitg00

kubernetes-skills/claude/k8s-certs/SKILL.md

npx skillsauth add rohitg00/kubectl-mcp-server k8s-certs

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Certificate Management with cert-manager

Manage TLS certificates using kubectl-mcp-server's cert-manager tools.

When to Apply

Use this skill when:

User mentions: "certificate", "cert-manager", "TLS", "SSL", "issuer", "Let's Encrypt"
Operations: creating certificates, configuring issuers, debugging cert issues
Keywords: "https", "secure", "encrypt", "renew", "expiring"

Priority Rules

| Priority | Rule | Impact | Tools | |----------|------|--------|-------| | 1 | Detect cert-manager first | CRITICAL | certmanager_detect_tool | | 2 | Use staging issuer for testing | HIGH | Test with letsencrypt-staging | | 3 | Check issuer before cert | HIGH | certmanager_clusterissuers_list_tool | | 4 | Monitor certificate expiry | MEDIUM | certmanager_certificate_get_tool |

Quick Reference

| Task | Tool | Example | |------|------|---------| | Detect cert-manager | certmanager_detect_tool | certmanager_detect_tool() | | List certificates | certmanager_certificates_list_tool | certmanager_certificates_list_tool(namespace) | | Get certificate | certmanager_certificate_get_tool | certmanager_certificate_get_tool(name, namespace) | | List issuers | certmanager_clusterissuers_list_tool | certmanager_clusterissuers_list_tool() |

Check Installation

certmanager_detect_tool()

Certificates

List Certificates

certmanager_certificates_list_tool(namespace="default")

Get Certificate Details

certmanager_certificate_get_tool(
    name="my-tls",
    namespace="default"
)

Create Certificate

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-tls
  namespace: default
spec:
  secretName: my-tls-secret
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - app.example.com
  - www.example.com
""")

Issuers

List Issuers

certmanager_issuers_list_tool(namespace="default")

certmanager_clusterissuers_list_tool()

Get Issuer Details

certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")

Create Let's Encrypt Issuer

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

Create Self-Signed Issuer

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned
spec:
  selfSigned: {}
""")

Certificate Requests

certmanager_certificaterequests_list_tool(namespace="default")

certmanager_certificaterequest_get_tool(
    name="my-tls-xxxxx",
    namespace="default"
)

Troubleshooting

Certificate Not Ready

certmanager_certificate_get_tool(name, namespace)
certmanager_certificaterequests_list_tool(namespace)
get_events(namespace)

Issuer Not Ready

certmanager_clusterissuer_get_tool(name)
get_events(namespace="cert-manager")

Ingress Integration

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
""")

Prerequisites

cert-manager: Required for all certificate tools

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

Related Skills

k8s-networking - Ingress configuration
k8s-security - Security best practices

rohitg00/k8s-certs

kubernetes-skills/claude/k8s-certs/SKILL.md

Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.

865 stars

devops

Updated Apr 11, 2026

$ install --global

skillsauth

npx skillsauth add rohitg00/kubectl-mcp-server k8s-certs

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 11:12 AM6.6s1 file scanned

SKILL.md

name:: k8s-certs
description:: Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
license:: Apache-2.0
author:: rohitg00
version:: 1.0.0
tools:: 9
category:: security

Certificate Management with cert-manager

Manage TLS certificates using kubectl-mcp-server's cert-manager tools.

When to Apply

Use this skill when:

User mentions: "certificate", "cert-manager", "TLS", "SSL", "issuer", "Let's Encrypt"
Operations: creating certificates, configuring issuers, debugging cert issues
Keywords: "https", "secure", "encrypt", "renew", "expiring"

Priority Rules

Quick Reference

Check Installation

certmanager_detect_tool()

Certificates

List Certificates

certmanager_certificates_list_tool(namespace="default")

Get Certificate Details

certmanager_certificate_get_tool(
    name="my-tls",
    namespace="default"
)

Create Certificate

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-tls
  namespace: default
spec:
  secretName: my-tls-secret
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - app.example.com
  - www.example.com
""")

Issuers

List Issuers

certmanager_issuers_list_tool(namespace="default")

certmanager_clusterissuers_list_tool()

Get Issuer Details

certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")

Create Let's Encrypt Issuer

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
    - http01:
        ingress:
          class: nginx
""")

Create Self-Signed Issuer

kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned
spec:
  selfSigned: {}
""")

Certificate Requests

certmanager_certificaterequests_list_tool(namespace="default")

certmanager_certificaterequest_get_tool(
    name="my-tls-xxxxx",
    namespace="default"
)

Troubleshooting

Certificate Not Ready

certmanager_certificate_get_tool(name, namespace)
certmanager_certificaterequests_list_tool(namespace)
get_events(namespace)

Issuer Not Ready

certmanager_clusterissuer_get_tool(name)
get_events(namespace="cert-manager")

Ingress Integration

kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
""")

Prerequisites

cert-manager: Required for all certificate tools

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

Related Skills

k8s-networking - Ingress configuration
k8s-security - Security best practices

Related Skills

rohitg00/k8s-vind

development

VerifiedTrustedCommunity

Manage vCluster (virtual Kubernetes clusters) instances using vind. Use when creating, managing, or operating lightweight virtual clusters for development, testing, or multi-tenancy.

865SKILL.mdUpdated Apr 11, 2026

rohitg00/k8s-troubleshoot

development

VerifiedTrustedCommunity

Debug Kubernetes pods, nodes, and workloads. Use when pods are failing, containers crash, nodes are unhealthy, or users mention debugging, troubleshooting, or diagnosing Kubernetes issues.

865SKILL.mdUpdated Apr 11, 2026

rohitg00/k8s-troubleshoot

rohitg00/k8s-storage

devops

VerifiedTrustedCommunity

Kubernetes storage management for PVCs, storage classes, and persistent volumes. Use when provisioning storage, managing volumes, or troubleshooting storage issues.

865SKILL.mdUpdated Apr 11, 2026

rohitg00/k8s-service-mesh

testing

VerifiedTrustedCommunity

Manage Istio service mesh for traffic management, security, and observability. Use for traffic shifting, canary releases, mTLS, and service mesh troubleshooting.

865SKILL.mdUpdated Apr 11, 2026

rohitg00/k8s-service-mesh

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/rohitg00/kubectl-mcp-server.git

# Copy into Claude Code skills folder (global)
cp -r kubectl-mcp-server/kubernetes-skills/claude/k8s-certs ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

rohitg00/kubectl-mcp-server

865 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT