My Kubernetes and Kubectl Cheat Sheet
Here are few commands that I find myself using a lot when I am working with Kubectl/Kubernetes
Validate a k8s yaml file
kubectl create --dry-run=true --validate=true -f <my-file>.yaml
Get shell in a running pod
kubectl exec -it <pod-name> -- /bin/bash
Get a shell in running container in a pod
Use bin/sh if you are running Alpine
kubectl exec -it <pod-name> --container <container-name> -- /bin/bash
Get logs from a running container in a pod
kubectl logs <pod-name> <container-name>
Get a file from running pod
pass --container <container-name> to connect to specific container when you have multiple containers in pod
kubectl cp <pod-name>:<file-path> <dest-path>
Switch cluster
See available contexts by running kubectl config get-contexts
kubectl config use-context <context_name_cluster-name>
TIP: use kubectl aliases script to work with multiple clusters. This script provides context and namespace aware aliases, which makes working with multiple clusters easy.
Get pods ordered by creation timestamp
kubectl get pods --sort-by=.metadata.creationTimestamp
Get all pods with namespace, node name and status of the pod
kubectl get pod --output=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,STATUS:.status.phase,NODE:.spec.nodeName --all-namespaces
You can adapt this command to show more details by adding the field you want in --output format
Add or update label of a pod
Add a new label to already running pod
kubectl label pod <pod_name> <label_key>=<label_value>
# example
kubectl label pod suraj app=test
Update existing label of already running pod using --overwrite flag
kubectl label pod <pod_name> <label_key>=<label_value> --overwrite
# example
kubectl label pod suraj app=test --overwrite
Remove a pod from deployment and keep it alive for debugging
Assuming you have a deployment with 6 replicas and one of those pod is misbehaving. Now you don’t want to send anymore traffic to that but you want to keep it alive for debugging purposes.
You can remove the label from your target pod. that will remove that pod from deployment but leave it running.
kubectl label pod <pod_name> <label_key>-
Example: you have a deployment with label app=backend, env=staging and service with same label selector
now you want to remove backend-staging-wadwad-wad54 from deployment.
kubectl label pod backend-staging-wadwad-wad54 app- will remove pod backend-staging-wadwad-wad54 from
deployment.
Select attributes of an object
You can use custom-columns in output to select custom columns
kubectl get pods -o=custom-columns=NAME:.metadata.name
This will list down pod names
# select multiple attributes(service object in this case)
kubectl get service -n kube-system -o=custom-columns=NAME:.metadata.name,IP:.spec.clusterIP,PORT:.spec.ports[*].targetPort
Delete multiple pods
Use custom-columns to get name of pods(tip: pass ---no-headers to remove header), and then force delete them one by one
# get all pod names
pods=$(kubectl get pods -o=custom-columns=NAME:.metadata.name --no-headers)
# iterate and delete pods
for item in $pods
do
kubectl delete pod $item
done
pass --grace-period=0 --force to force delete
NOTE: force delete is NOT a good idea, you should know the effects of it before using it. see more
Trigger a cronjob manually
One use case would be testing a cronjob after deployment. You can trigger a cronjob right away by creating a job from a cronjob, and it will create a pod which will run to completion
kubectl create job --from=cronjob/<name of cronjob> <name of job>
For example, if the name of your cronjob is “pgdump”, then you might run:
kubectl create job --from=cronjob/pgdump pgdump-test-1
Test Auth and allow actions
you can use can-i to see if you are allowed to perform an action, this comes handy
when you are testing out permission on service accounts, or roles when you are setting
up RBAC.
want to learn more about RBAC, read my introduction to RBAC in Kubernetes
# check if you can create pods
kubectl auth can-i create pods --all-namespaces
# check if you can create service accounts
kubectl auth can-i create serviceaccount
# check if you can delete a service
kubectl auth can-i delete service
You can also use can-i to see allowed actions and capabilities
# list all allowed actions
kubectl auth can-i --list
Wait for resources
you can use wait to wait for your resources to reach a certain state. this comes in handy when you are scripting things, and want to do something once something is ready or in another state.
# wait for pod drillbit-0 to be ready
kubectl wait --for=condition=Ready pod/drillbit-0
Debugging Things in Kubernetes
Kubernetes docs on this topic is good, and easy to read so I will just link to them
- Troubleshoot Applications - Kubernetes Docs
- Application Introspection and Debugging - Kubernetes Docs
- Debug Pods and ReplicationControllers - Kubernetes Docs
- Debug Services - Kubernetes Docs
- Developing and debugging services locally - Kubernetes Docs
- Debug Init Containers - Kubernetes Docs
- Debug a StatefulSet - Kubernetes Docs
- Debugging Kubernetes nodes with crictl - Kubernetes Docs
- Monitor Node Health - Kubernetes Docs
- Troubleshoot Clusters - Kubernetes Docs
Kubernetes Internals
Few blog posts which explains internals of Kubernetes
- The Almighty Pause Container - Ian Lewis
- What are Kubernetes Pods Anyway? - Ian Lewis
- Container Runtimes Part 1: An Introduction to Container Runtimes - Ian Lewis
- Container Runtimes Part 2: Anatomy of a Low-Level Container Runtime - Ian Lewis
- Container Runtimes Part 3: High-Level Runtimes - Ian Lewis
- Container Runtimes Part 4: Kubernetes Container Runtimes & CRI - Ian Lewis
- Operating a Kubernetes network - Julia Evans