k8s-certs
Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
Best use case
k8s-certs is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
Teams using k8s-certs should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/k8s-certs/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How k8s-certs Compares
| Feature / Agent | k8s-certs | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Certificate Management with cert-manager
Manage TLS certificates using kubectl-mcp-server's cert-manager tools.
## When to Apply
Use this skill when:
- User mentions: "certificate", "cert-manager", "TLS", "SSL", "issuer", "Let's Encrypt"
- Operations: creating certificates, configuring issuers, debugging cert issues
- Keywords: "https", "secure", "encrypt", "renew", "expiring"
## Priority Rules
| Priority | Rule | Impact | Tools |
|----------|------|--------|-------|
| 1 | Detect cert-manager first | CRITICAL | `certmanager_detect_tool` |
| 2 | Use staging issuer for testing | HIGH | Test with letsencrypt-staging |
| 3 | Check issuer before cert | HIGH | `certmanager_clusterissuers_list_tool` |
| 4 | Monitor certificate expiry | MEDIUM | `certmanager_certificate_get_tool` |
## Quick Reference
| Task | Tool | Example |
|------|------|---------|
| Detect cert-manager | `certmanager_detect_tool` | `certmanager_detect_tool()` |
| List certificates | `certmanager_certificates_list_tool` | `certmanager_certificates_list_tool(namespace)` |
| Get certificate | `certmanager_certificate_get_tool` | `certmanager_certificate_get_tool(name, namespace)` |
| List issuers | `certmanager_clusterissuers_list_tool` | `certmanager_clusterissuers_list_tool()` |
## Check Installation
```python
certmanager_detect_tool()
```
## Certificates
### List Certificates
```python
certmanager_certificates_list_tool(namespace="default")
```
### Get Certificate Details
```python
certmanager_certificate_get_tool(
name="my-tls",
namespace="default"
)
```
### Create Certificate
```python
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-tls
namespace: default
spec:
secretName: my-tls-secret
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- app.example.com
- www.example.com
""")
```
## Issuers
### List Issuers
```python
certmanager_issuers_list_tool(namespace="default")
certmanager_clusterissuers_list_tool()
```
### Get Issuer Details
```python
certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")
```
### Create Let's Encrypt Issuer
```python
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: nginx
""")
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: nginx
""")
```
### Create Self-Signed Issuer
```python
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
spec:
selfSigned: {}
""")
```
## Certificate Requests
```python
certmanager_certificaterequests_list_tool(namespace="default")
certmanager_certificaterequest_get_tool(
name="my-tls-xxxxx",
namespace="default"
)
```
## Troubleshooting
### Certificate Not Ready
```python
certmanager_certificate_get_tool(name, namespace)
certmanager_certificaterequests_list_tool(namespace)
get_events(namespace)
```
### Issuer Not Ready
```python
certmanager_clusterissuer_get_tool(name)
get_events(namespace="cert-manager")
```
## Ingress Integration
```python
kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- app.example.com
secretName: app-tls
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
""")
```
## Prerequisites
- **cert-manager**: Required for all certificate tools
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
```
## Related Skills
- [k8s-networking](../k8s-networking/SKILL.md) - Ingress configuration
- [k8s-security](../k8s-security/SKILL.md) - Security best practicesRelated Skills
k8s-vind
Manage vCluster (virtual Kubernetes clusters) instances using vind. Use when creating, managing, or operating lightweight virtual clusters for development, testing, or multi-tenancy.
k8s-troubleshoot
Debug Kubernetes pods, nodes, and workloads. Use when pods are failing, containers crash, nodes are unhealthy, or users mention debugging, troubleshooting, or diagnosing Kubernetes issues.
k8s-storage
Kubernetes storage management for PVCs, storage classes, and persistent volumes. Use when provisioning storage, managing volumes, or troubleshooting storage issues.
k8s-service-mesh
Manage Istio service mesh for traffic management, security, and observability. Use for traffic shifting, canary releases, mTLS, and service mesh troubleshooting.
k8s-security
Audit Kubernetes RBAC, enforce policies, and manage secrets. Use for security reviews, permission audits, policy enforcement with Kyverno/Gatekeeper, and secret management.
k8s-rollouts
Progressive delivery with Argo Rollouts and Flagger. Use when implementing canary deployments, blue-green deployments, or traffic shifting strategies.
k8s-policy
Kubernetes policy management with Kyverno and Gatekeeper. Use when enforcing security policies, validating resources, or auditing policy compliance.
k8s-operations
kubectl operations for applying, patching, deleting, and executing commands on Kubernetes resources. Use when modifying resources, running commands in pods, or managing resource lifecycle.
k8s-networking
Kubernetes networking management for services, ingresses, endpoints, and network policies. Use when configuring connectivity, load balancing, or network isolation.
k8s-multicluster
Manage multiple Kubernetes clusters, switch contexts, and perform cross-cluster operations. Use when working with multiple clusters, comparing environments, or managing cluster lifecycle.
k8s-kubevirt
Virtual machine management with KubeVirt on Kubernetes. Use when creating, managing, or troubleshooting VMs running on Kubernetes clusters.
k8s-kind
Manage kind (Kubernetes IN Docker) local clusters. Use when creating, testing, or developing with local Kubernetes clusters in Docker containers.