My kubectl Cheat Sheet

2024-11-27

Set Cluster Context 

    kubectl config use-context <CLUSTER_ADDRESS>

Create a Namespace 

    kubectl create namespace <NAMESPACE>

Get 

    kubectl get namespaces

    kubectl get namespaces --show-labels

    kubectl get nodes

    kubectl get pods -n <NAMESPACE>

    kubectl get svc

    kubectl get service --all-namespaces

    kubectl get events -n <NAMESPACE>

    kubectl get externalsecrets -n <NAMESPACE>

    kubectl get endpoints -n <NAMESPACE>

    watch for changes in a list of pods:

    kubectl get pods -n <NAMESPACE> -w

    count pods:

    kubectl get pods -n <NAMESPACE> --no-headers | grep Running | wc -l

    list only pod names:

    kubectl get pods -n <NAMESPACE> | awk '{print $1}'

    list pods on their nodes:

    kubectl get pods -n <NAMESPACE> -o wide

    list pods by status:

    kubectl get pods -A --sort-by=.status.startTime | egrep "Running | Completed"

    use the "-v" flag to get pods that are not in the given state:

    kubectl get pods -A --sort-by=.status.startTime | egrep -v "Running | Completed"

    list images used to generate all the pods in a namespace:

    kubectl get pods -n <NAMESPACE> -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c

    get the status of a single pod:

    kubectl get pod <POD> -n <NAMESPACE> -o jsonpath="Status: {.status.phase}{'\n'}"

List Node Information

    get all pods on a specific node:

    kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=<NODE>

    get nodes with taints:

    kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers

    list nodes on a specific provisioner:

    kubectl get node -l karpenter.sh/provisioner-name=<PROVISIONER>

    list all nodes with their provisioners:

    kubectl get node -o=custom-columns="Name:.metadata.name,Provisioner:.metadata.labels.karpenter\.sh/provisioner-name"

Describe 

    kubectl describe pod <POD> -n <NAMESPACE>

    kubectl describe ingress <INGRESS_NAME> -n <NAMESPACE>

    kubectl describe deployment <DEPLOY> -n <NAMESPACE>

    kubectl describe configmap <CONFIGMAP> -n <NAMESPACE>

    kubectl describe externalsecret.external-secrets.io/<EXTERNALSECRET> -n <NAMESPACE>

    kubectl describe endpoints <ENDPOINT> -n <NAMESPACE>

    kubectl describe deploy <DEPLOY> -n <NAMESPACE>

    kubectl describe configmap <CONFIGMAP> -n <NAMESPACE>

    kubectl describe pod <POD> -n <NAMESPACE> | grep Tolerations

    kubectl describe node <NODE> | grep Taints

Logs

    read the most recent log entries on a pod:

    kubectl logs <POD> -n <NAMESPACE>

    tail pod logs:

    kubectl logs -f <POD> -n <NAMESPACE>

    tail logs for deployments:

    kubectl logs -f deployment/<DEPLOY> -n <NAMESPACE>

    tail while filtering for a specific a string:

    kubectl logs -f deployment/<DEPLOY> -n <NAMESPACE> | grep "<STRING>"

List All Resources in a Namespace 

    kubectl get all -n <NAMESPACE>

    kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <NAMESPACE>

    for i in `kubectl api-resources -n <NAMESPACE> | awk '{print $1}'`; do kubectl get $i; done

    kubectl get all,cm,secret,ing -A -n <NAMESPACE>

    kubectl get pods --sort-by=.metadata.creationTimestamp -n <NAMESPACE>

    When a namespace is stuck as "Terminating", this command (with kubectl 1.11+) will show you what resources remain in the namespace:

    kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <NAMESPACE>

Rolling Restarts 

    kubectl get deploy -n <NAMESPACE>

    kubectl rollout restart deploy <DEPLOY> -n <NAMESPACE>

Cron Jobs

  1. get a list of defined cronjobs: 
    kubectl get cronjobs -n <NAMESPACE>
  2. select one of those cronjobs and create a new instance of it: 
    kubectl create job --from=cronjob/<CRONJOB> <NEW_JOB_NAME> -n <NAMESPACE>
  3. get a list of the running jobs to see the new job: 
    kubectl get jobs -n <NAMESPACE>
  4. once your manually created job is complete, delete it: 
    kubectl delete job <NEW_JOB_NAME> -n <NAMESPACE>

Working with Secrets 

    kubectl create secret generic <SECRET_NAME> --from-literal=<SECRET_KEY>='<SECRET_VALUE_STRING>' -n <NAMESPACE>

    kubectl get secrets -n <NAMESPACE>

    kubectl describe secrets/<SECRET_NAME> -n <NAMESPACE>

    kubectl get secret <SECRET_NAME> -o jsonpath='{.data}'
    {"<SECRET_KEY>":"<SECRET_VALUE_ENCODED>"}
echo '<SECRET_VALUE_ENCODED>==' | base64 --decode
   <SECRET_VALUE_STRING>

Resources Monitoring 

    kubectl top pod <POD> -n <NAMESPACE>

    kubectl top pods -n <NAMESPACE>

    kubectl get pods <POD> -n <NAMESPACE> -o jsonpath='{range .spec.containers[*]}{"Container Name: "}{.name}{"\n"}{"Requests:"}{"\n"}{"\t"}{"CPU:"}{.resources.requests.cpu}{"\n"}{"\t"}{"Memory:"}{.resources.requests.memory}{"\n"}{"\t"}{"Ephemeral Storage:"}{.resources.requests.ephemeral-storage}{"\n"}{"Limits:"}{"\n"}{"\t"}{"CPU:"}{.resources.limits.cpu}{"\n"}{"\t"}{"Memory:"}{.resources.limits.memory}{"\n"}{"\t"}{"Ephemeral Storage:"}{.resources.limits.ephemeral-storage}{"\n"}{"\n"}{end}'

    sort by MEMORY(bytes) ascending:

    kubectl top pods -n <NAMESPACE> | sort --key 2 -b | awk 'NR<2{print $0;next}{print $0| "sort --key 3 --numeric -b"}'

Port Forwarding 

    kubectl port-forward -n <NAMESPACE> <POD> <LOCAL_PORT>:<REMOTE_PORT>

    kubectl port-forward -n <NAMESPACE> deployment/<DEPLOY> :<REMOTE_PORT>

Copy

    copy a file from a pod/container to a local path:

    kubectl cp <NAMESPACE>/<POD>:/tmp/foo /tmp/bar

    kubectl cp <NAMESPACE>/<POD>:/path/on/the/pod .

Edit a Resource 

    kubectl edit deploy/<DEPLOY> -n <NAMESPACE>

    kubectl edit ns <NAMESPACE>

Exec into a pod 

    kubectl exec -it <POD> -n <NAMESPACE> /bin/bash

    kubectl exec -n <NAMESPACE> --stdin --tty <POD> --container <POD> -- /bin/sh

Delete 

    kubectl delete ingress <INGRESS> -n <NAMESPACE>

    kubectl delete ns <NAMESPACE>

    force delete:

    kubectl delete pod <POD> --grace-period=0 --force -n <NAMESPACE>

    kubectl get pods -n <NAMESPACE> |  grep Terminating | awk '{print $1}' | xargs kubectl delete pod -n <NAMESPACE> --grace-period=0 —force

    bulk delete pods with a specific status:

    kubectl get pods -A --sort-by=.status.startTime | egrep ContainerStatusUnknown | awk '{print $2}' | xargs kubectl delete pod -n <NAMESPACE>

    kubectl get pods -A --sort-by=.status.startTime | egrep OOMKilled | awk '{print $2}' | xargs kubectl delete pod -n <NAMESPACE> --grace-period=0 —force

Scale 

    kubectl scale deployment/<DEPLOY> -n <NAMESPACE> --replicas=<REPLICA_COUNT>


Have questions or want to chat about this post? Hit me up on Mastadon or Bluesky