kubectl Cheatsheet
Cluster
Section titled “Cluster”minikube start --cpus=4 --memory=8192minikube statusminikube ipminikube addons listminikube addons enable <addon>minikube dashboard # Opens the K8s dashboardminikube ssh # SSH into the minikube nodeminikube deletekubectl get pods -n <ns> # List podskubectl get pods -n <ns> -o wide # With node and IPkubectl get pods -n <ns> -w # Watch for changeskubectl describe pod <name> -n <ns> # Events, conditions, mountskubectl logs <pod> -n <ns> # Container logskubectl logs <pod> -n <ns> --previous # Logs from crashed containerkubectl logs -f <pod> -n <ns> # Follow logs (stream)kubectl logs -l app=<label> -n <ns> # Logs by label selectorkubectl exec -it <pod> -n <ns> -- sh # Shell into a containerkubectl delete pod <pod> -n <ns> # Delete (controller recreates it)kubectl top pods -n <ns> # CPU/memory usage (needs metrics-server)Deployments
Section titled “Deployments”kubectl get deploy -n <ns>kubectl scale deploy <name> --replicas=5 -n <ns>kubectl set image deploy/<name> <container>=<image> -n <ns>kubectl rollout status deploy/<name> -n <ns>kubectl rollout history deploy/<name> -n <ns>kubectl rollout undo deploy/<name> -n <ns>kubectl rollout restart deploy/<name> -n <ns>Services
Section titled “Services”kubectl get svc -n <ns>kubectl get endpoints <svc> -n <ns>kubectl port-forward svc/<name> <local>:<remote> -n <ns>minikube service <name> -n <ns> # Opens service in browserConfigMaps & Secrets
Section titled “ConfigMaps & Secrets”kubectl get configmaps -n <ns>kubectl get secrets -n <ns>kubectl create configmap <name> --from-file=<path> -n <ns>kubectl create secret generic <name> --from-literal=key=value -n <ns>kubectl get secret <name> -n <ns> -o jsonpath='{.data.<key>}' | base64 -dNamespaces
Section titled “Namespaces”kubectl get namespaceskubectl create namespace <name>kubectl delete namespace <name> # Deletes everything in itDebugging
Section titled “Debugging”kubectl describe <resource> <name> -n <ns> # Events and conditionskubectl get events -n <ns> --sort-by='.lastTimestamp'kubectl debug <pod> -it --image=busybox -n <ns>kubectl debug <pod> -it --copy-to=debug-copy --container=<c> -- shkubectl debug node/<name> -it --image=busyboxkubectl run test --rm -it --image=busybox -n <ns> -- shkubectl auth can-i <verb> <resource> --as=system:serviceaccount:<ns>:<sa>kubectl get serviceaccounts -n <ns>kubectl get roles -n <ns>kubectl get rolebindings -n <ns>kubectl auth can-i --list --as=system:serviceaccount:<ns>:<sa> -n <ns>Resource Management
Section titled “Resource Management”kubectl top nodeskubectl top pods -n <ns>kubectl describe resourcequota -n <ns>kubectl describe limitrange -n <ns>kubectl get pdb -n <ns>Network Policies
Section titled “Network Policies”kubectl get networkpolicies -n <ns>kubectl describe networkpolicy <name> -n <ns>helm repo add <name> <url>helm repo updatehelm search repo <chart>helm install <release> <chart> -n <ns> --create-namespacehelm list -n <ns>helm upgrade <release> <chart> -n <ns>helm rollback <release> <revision> -n <ns>helm history <release> -n <ns>helm uninstall <release> -n <ns>helm template <release> <chart> # Render locally without installingKustomize
Section titled “Kustomize”kubectl kustomize <dir> # Preview the outputkubectl apply -k <dir> # Apply the kustomizationkubectl diff -k <dir> # Show what would changeArgoCD
Section titled “ArgoCD”kubectl get applications -n argocdkubectl describe application <name> -n argocdkubectl port-forward svc/argocd-server -n argocd 8080:80kubectl -n argocd get secret argocd-initial-admin-secret \ -o jsonpath="{.data.password}" | base64 -dQuick Diagnostics
Section titled “Quick Diagnostics”When something is wrong, run these in order:
# 1. What is the pod doing?kubectl get pods -n <ns>
# 2. Why is it in that state?kubectl describe pod <name> -n <ns>
# 3. What did it say?kubectl logs <name> -n <ns>
# 4. What happened recently?kubectl get events -n <ns> --sort-by='.lastTimestamp' | tail -20
# 5. Is DNS working?kubectl run dns-test --rm -it --image=busybox -n <ns> -- nslookup kubernetes
# 6. Is the service routing correctly?kubectl get endpoints <svc> -n <ns>