// Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues.
Configure Kubernetes autoscaling with HPA, VPA, and KEDA. Use for horizontal/vertical pod autoscaling, event-driven scaling, and capacity management.
Kubernetes backup and restore with Velero. Use when creating backups, restoring applications, managing disaster recovery, or migrating workloads between clusters.
Browser automation for Kubernetes dashboards and web UIs. Use when interacting with Kubernetes Dashboard, Grafana, ArgoCD UI, or other web interfaces. Requires MCP_BROWSER_ENABLED=true.
Cluster API lifecycle management for provisioning, scaling, and upgrading Kubernetes clusters. Use when managing cluster infrastructure or multi-cluster operations.
Cilium and Hubble network observability for Kubernetes. Use when managing network policies, observing traffic flows, or troubleshooting connectivity with eBPF-based networking.
kubectl-mcp-server CLI commands for tool discovery, direct invocation, and diagnostics. Use when exploring available tools, calling tools from command line, or checking server health.
| name | k8s-certs |
| description | Kubernetes certificate management with cert-manager. Use when managing TLS certificates, configuring issuers, or troubleshooting certificate issues. |
| license | Apache-2.0 |
| metadata | {"author":"rohitg00","version":"1.0.0","tools":9,"category":"security"} |
Manage TLS certificates using kubectl-mcp-server's cert-manager tools.
Use this skill when:
| Priority | Rule | Impact | Tools |
|---|---|---|---|
| 1 | Detect cert-manager first | CRITICAL | certmanager_detect_tool |
| 2 | Use staging issuer for testing | HIGH | Test with letsencrypt-staging |
| 3 | Check issuer before cert | HIGH | certmanager_clusterissuers_list_tool |
| 4 | Monitor certificate expiry | MEDIUM | certmanager_certificate_get_tool |
| Task | Tool | Example |
|---|---|---|
| Detect cert-manager | certmanager_detect_tool | certmanager_detect_tool() |
| List certificates | certmanager_certificates_list_tool | certmanager_certificates_list_tool(namespace) |
| Get certificate | certmanager_certificate_get_tool | certmanager_certificate_get_tool(name, namespace) |
| List issuers | certmanager_clusterissuers_list_tool | certmanager_clusterissuers_list_tool() |
certmanager_detect_tool()
certmanager_certificates_list_tool(namespace="default")
certmanager_certificate_get_tool(
name="my-tls",
namespace="default"
)
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-tls
namespace: default
spec:
secretName: my-tls-secret
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- app.example.com
- www.example.com
""")
certmanager_issuers_list_tool(namespace="default")
certmanager_clusterissuers_list_tool()
certmanager_issuer_get_tool(name="my-issuer", namespace="default")
certmanager_clusterissuer_get_tool(name="letsencrypt-prod")
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: nginx
""")
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: nginx
""")
kubectl_apply(manifest="""
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
spec:
selfSigned: {}
""")
certmanager_certificaterequests_list_tool(namespace="default")
certmanager_certificaterequest_get_tool(
name="my-tls-xxxxx",
namespace="default"
)
certmanager_certificate_get_tool(name, namespace)
certmanager_certificaterequests_list_tool(namespace)
get_events(namespace)
certmanager_clusterissuer_get_tool(name)
get_events(namespace="cert-manager")
kubectl_apply(manifest="""
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- app.example.com
secretName: app-tls
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
""")
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml