My Kubernetes and Kubectl Cheat Sheet

Here are few commands that I find myself using a lot when I am working with Kubectl/Kubernetes

Validate a k8s yaml file
kubectl create --dry-run=true --validate=true -f <my-file>.yaml
Get shell in a running pod
kubectl exec -it <pod-name> -- /bin/bash
Get a shell in running container in a pod

Use bin/sh if you are running Alpine

kubectl exec -it <pod-name> --container <container-name> -- /bin/bash
Get logs from a running container in a pod
kubectl logs <pod-name> <container-name>
Get a file from running pod

pass --container <container-name> to connect to specific container when you have multiple containers in pod

kubectl cp <pod-name>:<file-path> <dest-path>
Switch cluster

See available contexts by running kubectl config get-contexts

kubectl config use-context <context_name_cluster-name>

TIP: use kubectl aliases script to work with multiple clusters. This script provides context and namespace aware aliases, which makes working with multiple clusters easy.

Get pods ordered by creation timestamp
kubectl get pods --sort-by=.metadata.creationTimestamp
Add or update label of a pod

Add a new label to already running pod

kubectl label pod <pod_name> <label_key>=<label_value>
# example
kubectl label pod suraj app=test

Update existing label of already running pod using --overwrite flag

kubectl label pod <pod_name> <label_key>=<label_value> --overwrite
# example
kubectl label pod suraj app=test --overwrite
Remove a pod from deployment and keep it alive for debugging

Assuming you have a deployment with 6 replicas and one of those pod is misbehaving. Now you don’t want to send anymore traffic to that but you want to keep it alive for debugging purposes.

You can remove the label from your target pod. that will remove that pod from deployment but leave it running.

kubectl label pod <pod_name> <label_key>-

Example: you have a deployment with label app=backend, env=staging and service with same label selector now you want to remove backend-staging-wadwad-wad54 from deployment.

kubectl label pod backend-staging-wadwad-wad54 app- will remove pod backend-staging-wadwad-wad54 from deployment.

Select attributes of an object

You can use custom-columns in output to select custom columns

kubectl get pods

This will list down pod names

# select multiple attributes(service object in this case)
kubectl get service -n kube-system,IP:.spec.clusterIP,PORT:.spec.ports[*].targetPort
Delete multiple pods

Use custom-columns to get name of pods(tip: pass ---no-headers to remove header), and then force delete them one by one

# get all pod names
pods=$(kubectl get pods --no-headers)
# iterate and delete pods
for item in $pods
  kubectl delete pod $item

pass --grace-period=0 --force to force delete

NOTE: force delete is NOT a good idea, you should know the effects of it before using it. see more

Trigger a cronjob manually

One use case would be testing a cronjob after deployment. You can trigger a cronjob right away by creating a job from a cronjob, and it will create a pod which will run to completion

kubectl create job --from=cronjob/<name of cronjob> <name of job>

For example, if the name of your cronjob is “pgdump”, then you might run:

kubectl create job --from=cronjob/pgdump pgdump-test-1

Test Auth and allow actions

you can use can-i to see if you are allowed to perform an action, this comes handy when you are testing out permission on service accounts, or roles when you are setting up RBAC. want to learn more about RBAC, read my introduction to RBAC in Kubernetes

# check if you can create pods
kubectl auth can-i create pods --all-namespaces
# check if you can create service accounts
kubectl auth can-i create serviceaccount
# check if you can delete a service
kubectl auth can-i delete service

You can also use can-i to see allowed actions and capabilities

# list all allowed actions
kubectl auth can-i --list

Wait for resources

you can use wait to wait for your resources to reach a certain state. this comes in handy when you are scripting things, and want to do something once something is ready or in another state.

# wait for pod drillbit-0 to be ready
kubectl wait --for=condition=Ready pod/drillbit-0

GKE specific commands

Get cluster list
gcloud container clusters list
Get credentials for a cluster
gcloud container clusters get-credentials <cluster name>
Pull docker image from gcr
gcloud docker -- pull
Run pulled image locally
docker run -i -t /bin/bash


Remove all local docker images
docker rmi -f $(docker images -a -q)

docker images -a -q will give IMAGE ID of all local images and docker rmi -f will remove images with force.

To remove single image, list all images using docker images -a and remove it using docker rmi -f <IMAGE ID>

Further Reading

Continue Reading