configure-ingress-networking

Configures Kubernetes Ingress networking with NGINX for automated TLS management, path-based routing, and load balancing.

Install this skill

or

36/100

Security score

The configure-ingress-networking skill was audited on Mar 3, 2026 and we found 24 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 98

Curl to non-GitHub URL

SourceSKILL.md

98	curl http://$INGRESS_IP

medium line 231

Curl to non-GitHub URL

SourceSKILL.md

231	curl -I http://web.example.com

medium line 235

Curl to non-GitHub URL

SourceSKILL.md

235	curl -v https://web.example.com

medium line 357

Curl to non-GitHub URL

SourceSKILL.md

357	curl https://app.example.com/ # -> web service

medium line 358

Curl to non-GitHub URL

SourceSKILL.md

358	curl https://app.example.com/api/ # -> 80% api, 20% api-v2

medium line 359

Curl to non-GitHub URL

SourceSKILL.md

359	curl https://app.example.com/admin/ # -> admin service

medium line 360

Curl to non-GitHub URL

SourceSKILL.md

360	curl -H "X-Canary: always" https://app.example.com/api/ # -> api-v2 (100%)

medium line 104

Webhook reference - potential data exfiltration

SourceSKILL.md

104	On failure: For pending LoadBalancer, verify cloud provider integration and service quotas. For CrashLoopBackOff, check controller logs with `kubectl logs -n ingress-nginx -l app.kubernetes.io/com

low line 124

Webhook reference - potential data exfiltration

SourceSKILL.md

124	--set webhook.timeoutSeconds=30

low line 128

Webhook reference - potential data exfiltration

SourceSKILL.md

128	kubectl get apiservice v1beta1.webhook.cert-manager.io -o yaml

medium line 177

Webhook reference - potential data exfiltration

SourceSKILL.md

177	Expected: cert-manager pods running in cert-manager namespace. ClusterIssuers created with Ready status. ACME account registered with Let's Encrypt. Webhook responding to certificate requests.

medium line 179

Webhook reference - potential data exfiltration

SourceSKILL.md

179	On failure: For webhook timeout errors, increase `webhook.timeoutSeconds` or check network policies blocking cert-manager to API server. For ACME registration failures, verify email is valid and s

low line 54

External URL reference

SourceSKILL.md

54	helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

low line 98

External URL reference

SourceSKILL.md

98	curl http://$INGRESS_IP

low line 115

External URL reference

SourceSKILL.md

115	helm repo add jetstack https://charts.jetstack.io

low line 138

External URL reference

SourceSKILL.md

138	server: https://acme-staging-v02.api.letsencrypt.org/directory

low line 156

External URL reference

SourceSKILL.md

156	server: https://acme-v02.api.letsencrypt.org/directory

low line 231

External URL reference

SourceSKILL.md

231	curl -I http://web.example.com

low line 235

External URL reference

SourceSKILL.md

235	curl -v https://web.example.com

low line 357

External URL reference

SourceSKILL.md

357	curl https://app.example.com/ # -> web service

low line 358

External URL reference

SourceSKILL.md

358	curl https://app.example.com/api/ # -> 80% api, 20% api-v2

low line 359

External URL reference

SourceSKILL.md

359	curl https://app.example.com/admin/ # -> admin service

low line 360

External URL reference

SourceSKILL.md

360	curl -H "X-Canary: always" https://app.example.com/api/ # -> api-v2 (100%)

low line 422

External URL reference

SourceSKILL.md

422	- HTTP-01 challenge timeout: Firewall blocks port 80. Let's Encrypt must reach `http://domain/.well-known/acme-challenge/` for validation.

Scanned on Mar 3, 2026

View Security Dashboard

Install this skill with one command

/learn @pjt222/configure-ingress-networking

GitHub Stars 2

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw devops backend devops-sre backend-developer fullstack-developer kubernetes development

pjt222/agent-almanac