install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/rohitg00/kubectl-mcp-server/k8s-certs" ~/.claude/skills/comeonoliver-skillshub-k8s-certs && rm -rf "$T"
manifest:
skills/rohitg00/kubectl-mcp-server/k8s-certs/SKILL.mdsource content
Certificate Management with cert-manager
Manage TLS certificates using kubectl-mcp-server's cert-manager tools.
When to Apply
Use this skill when:
- User mentions: "certificate", "cert-manager", "TLS", "SSL", "issuer", "Let's Encrypt"
- Operations: creating certificates, configuring issuers, debugging cert issues
- Keywords: "https", "secure", "encrypt", "renew", "expiring"
Priority Rules
| Priority | Rule | Impact | Tools |
|---|---|---|---|
| 1 | Detect cert-manager first | CRITICAL | |
| 2 | Use staging issuer for testing | HIGH | Test with letsencrypt-staging |
| 3 | Check issuer before cert | HIGH | |
| 4 | Monitor certificate expiry | MEDIUM | |
Quick Reference
| Task | Tool | Example |
|---|---|---|
| Detect cert-manager | | |
| List certificates | | |
| Get certificate | | |
| List issuers | | |
Check Installation
certmanager_detect_tool()
Certificates
List Certificates
certmanager_certificates_list_tool(namespace="default")
Get Certificate Details
certmanager_certificate_get_tool( name="my-tls", namespace="default" )
Create Certificate
kubectl_apply(manifest=""" apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: my-tls namespace: default spec: secretName: my-tls-secret issuerRef: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - app.example.com - www.example.com """)
Issuers
List Issuers
certmanager_issuers_list_tool(namespace="default") certmanager_clusterissuers_list_tool()
Get Issuer Details
certmanager_issuer_get_tool(name="my-issuer", namespace="default") certmanager_clusterissuer_get_tool(name="letsencrypt-prod")
Create Let's Encrypt Issuer
kubectl_apply(manifest=""" apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-staging spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory email: admin@example.com privateKeySecretRef: name: letsencrypt-staging-key solvers: - http01: ingress: class: nginx """) kubectl_apply(manifest=""" apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: admin@example.com privateKeySecretRef: name: letsencrypt-prod-key solvers: - http01: ingress: class: nginx """)
Create Self-Signed Issuer
kubectl_apply(manifest=""" apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: selfsigned spec: selfSigned: {} """)
Certificate Requests
certmanager_certificaterequests_list_tool(namespace="default") certmanager_certificaterequest_get_tool( name="my-tls-xxxxx", namespace="default" )
Troubleshooting
Certificate Not Ready
certmanager_certificate_get_tool(name, namespace) certmanager_certificaterequests_list_tool(namespace) get_events(namespace)
Issuer Not Ready
certmanager_clusterissuer_get_tool(name) get_events(namespace="cert-manager")
Ingress Integration
kubectl_apply(manifest=""" apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress annotations: cert-manager.io/cluster-issuer: letsencrypt-prod spec: tls: - hosts: - app.example.com secretName: app-tls rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: my-service port: number: 80 """)
Prerequisites
- cert-manager: Required for all certificate tools
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
Related Skills
- k8s-networking - Ingress configuration
- k8s-security - Security best practices