Blog

Kubectl Cheat Sheet: Master Kubernetes With These Commands [Free PDF Included]

Kubectl Cheat Sheet: Master Kubernetes with These Commands 

At the heart of every Kubernetes administrator’s tool kit is kubectl—the powerful command-line interface designed to manage Kubernetes clusters efficiently.

Kubectl (pronounced “kube-control” or “kube-C-T-L”) serves as your direct line of communication with the Kubernetes API server, allowing you to deploy applications, inspect resources, view logs, and execute virtually any operation within your cluster. Whether you’re a DevOps engineer, platform administrator, or developer working with containerized applications, mastering kubectl is essential for effective Kubernetes management in cloud computing.

This handy cheat sheet covers the most useful kubectl commands, with practical examples and tips to help you level up your everyday Kubernetes tasks.

What are the core kubectl command categories?

Kubectl logo
Kubectl logo

Kubectl commands can be grouped into three primary categories, each serving different aspects of cluster management:

1. Cluster information commands

Cluster information commands provide insights into the state and configuration of your Kubernetes cluster:

  • Get information about cluster components
  • View node status and resources
  • Check apiserver health
  • Inspect control plane components

2. Resource management commands

Resource management commands allow you to create, modify, delete, and inspect Kubernetes resources:

  • Create and update resources
  • List and describe resources
  • Delete resources
  • Scale resources up and down
  • Edit resources in real time

3. Application deployment commands

Finally, application deployment commands make it easier to handle deployment and manage the application’s lifecycle:

  • Deploy applications from YAML or JSON
  • Manage deployments and rollouts
  • Configure autoscaling
  • Update application configurations
  • Handle application networking

With these three categories in mind, let’s take a closer look at some specific kubectl commands you’ll be using often in your Kubernetes journey.

Digging deeper: kubectl commands cheat sheet

person coding on laptop
person coding on laptop

Below is a cheat sheet for you to keep nearby that lists kubectl commands you’re likely to use regularly, complete with examples to streamline your Kubernetes workflows.

Pods

Pods are the smallest deployable units in Kubernetes, consisting of one or more containers that share storage and network resources.

List all pods:

kubectl get pods

List pods with more details:

kubectl get pods -o wide

Get detailed information about a specific pod:

kubectl describe pod <pod-name>

Create a pod from a YAML file:

kubectl apply -f pod.yaml

Delete a pod:

kubectl delete pod <pod-name>

Execute a command inside a pod’s container:

kubectl exec -it <pod-name> -- <command>

Get pod logs:

kubectl logs <pod-name>

Stream pod logs in real time:

kubectl logs -f <pod-name>

Get logs from a specific container in a multi-container pod:

kubectl logs <pod-name> -c <container-name>

Port-forward to a pod:

kubectl port-forward <pod-name> <local-port>:<pod-port>

Copy files to/from a pod:

kubectl cp <pod-name>:/path/to/file /local/path

kubectl cp /local/path <pod-name>:/path/in/pod

Services

Services create stable networking for pods, making it easier for different components to communicate by acting as an abstraction layer.

List all services:

kubectl get services

Get detailed information about a service:

kubectl describe service <service-name>

Create a service from a YAML file:

kubectl apply -f service.yaml

Expose a deployment as a service:

kubectl expose deployment <deployment-name> --port=<port> --target-port=<target-port>

Delete a service:

kubectl delete service <service-name>

View endpoints associated with a service:

kubectl get endpoints <service-name>

Create a ClusterIP service:

kubectl create service clusterip <service-name> --tcp=<port>:<target-port>

Create a NodePort service:

kubectl create service nodeport <service-name> --tcp=<port>:<target-port>

Create a LoadBalancer service:

kubectl create service loadbalancer <service-name> --tcp=<port>:<target-port>

Deployments

Deployments provide declarative updates for Pods and ReplicaSets, allowing for easy scaling and application updates.

List all deployments:

kubectl get deployments

Get detailed information about a deployment:

kubectl describe deployment <deployment-name>

Create a deployment from a YAML file:

kubectl apply -f deployment.yaml

Create a deployment directly from the command line:

kubectl create deployment <name> --image=<image-name>

Scale a deployment:

kubectl scale deployment <deployment-name> --replicas=<number>

Update a deployment’s container image:

kubectl set image deployment/<deployment-name> <container-name>=<new-image>

Rollback a deployment to a previous revision:

kubectl rollout undo deployment/<deployment-name>

View deployment rollout status:

kubectl rollout status deployment/<deployment-name>

View deployment rollout history:

kubectl rollout history deployment/<deployment-name>

Pause a deployment rollout:

kubectl rollout pause deployment/<deployment-name>

Resume a deployment rollout:

kubectl rollout resume deployment/<deployment-name>

ConfigMaps and Secrets

ConfigMaps and Secrets are used to store configuration data and sensitive information, respectively.

Important security note: Both ConfigMaps and Secrets are stored in etcd unencrypted by default, meaning that users should enable encryption at rest if handling sensitive data.

List ConfigMaps:

kubectl get configmaps

Create a ConfigMap from literal values:

kubectl create configmap <configmap-name> --from-literal=key1=value1 --from-literal=key2=value2

Create a ConfigMap from a file:

kubectl create configmap <configmap-name> --from-file=<path-to-file>

Get detailed information about a ConfigMap:

kubectl describe configmap <configmap-name>

Delete a ConfigMap:

kubectl delete configmap <configmap-name>

List Secrets:

kubectl get Secrets

Create a Secret from literal values:

kubectl create secret generic <secret-name> --from-literal=key1=value1 --from-literal=key2=value2

Create a Secret from a file:

kubectl create secret generic <secret-name> --from-file=<path-to-file>

Get detailed information about a Secret:

kubectl describe secret <secret-name>

Delete a Secret:

kubectl delete secret <secret-name>

Pro tips for kubectl usage

person looking at phone while coding
person looking at phone while coding

The kubectl command-line tool is a must-have for working with Kubernetes clusters and managing their resources. Getting the hang of it can make your life a lot easier, helping you deploy, scale, and troubleshoot more efficiently. With kubectl edit, you can quickly modify resources like pods and deployments directly from the command line. 

Use namespaces effectively

Namespaces are a core feature in Kubernetes that let you divide your cluster into virtual sub-clusters. This is very useful in multi-tenant setups or when you’re handling more complex applications.

List resources in a specific namespace:

kubectl get <resource-type> -n <namespace>

Create a resource in a specific namespace:

kubectl apply -f <file.yaml> -n <namespace>

Set the default namespace for all kubectl commands:

kubectl config set-context --current --namespace=<namespace>

View resources across all namespaces:

kubectl get <resource-type> --all-namespaces

Create a new namespace:

kubectl create namespace <namespace-name>

It’s a good idea to group related resources into their own namespaces to set clear boundaries between apps or teams. Try using names that make their purpose obvious, like dev-frontend, prod-backend, or monitoring.

Label selectors for resources filtering

Labels are key-value pairs added to Kubernetes objects. They’re a great way to organize, select, and manage groups of resources more easily.

List resources with a specific label:

kubectl get <resource-type> -l key=value

List resources with multiple label conditions:

kubectl get <resource-type> -l ‘key1=value1,key2=value2’

List resources that have a specific label key (regardless of value):

kubectl get <resource-type> -l ‘key’

List resources that don’t have a specific label:

kubectl get <resource-type> -l ‘!key’

Add a label to an existing resource:

kubectl label <resource-type> <resource-name> key=value

Remove a label from a resource:

kubectl label <resource-type> <resource-name> key-

Having a consistent labeling strategy is key to managing your resources effectively. Try using labels like app, environment, tier, version, and owner to create a clear and organized system for your resources.

Implement rolling updates

Kubernetes makes it easy to update applications without downtime using rolling updates. This strategy gradually replaces instances of the old version with the new one.

Update a deployment with a new image (triggers rolling update):

kubectl set image deployment/<deployment-name> <container-name>=<new-image>:<tag>

Check rollout status:

kubectl rollout status deployment/<deployment-name>

Configure update strategy in a deployment YAML:

spec:

 strategy:

   type: RollingUpdate

   rollingUpdate:

     maxUnavailable: 25%

     maxSurge: 25%

Roll back to the previous version if issues are detected:

kubectl rollout undo deployment/<deployment-name>

Pause a deployment rollout:

Copykubectl rollout pause deployment/<deployment-name>

This is particularly useful for staged deployments, allowing you to release to a subset of pods, verify functionality, and then continue the rollout after validation.

Resume a deployment rollout:

Copykubectl rollout resume deployment/<deployment-name>

For critical applications, try using the --record flag when making deployment changes. It adds a note with the command you used, so you can easily track the history of changes later on:

kubectl apply -f deployment.yaml --record

Manage resource quotas and limits carefully

Resource management plays a big role in managing Kubernetes. Setting the right resource requests and limits is key to keeping your cluster stable and making sure resources are shared fairly.

View resource quotas in a namespace:

kubectl get resourcequota -n <namespace>

Create a resource quota for a namespace:

kubectl create quota <quota-name> --hard=cpu=1,memory=1G,pods=10 -n <namespace>

Check resource usage of pods:

kubectl top pods

Check resource usage of nodes:

kubectl top nodes

When defining container specifications, always set resource requests and limits:

resources:

 requests:

   memory: “64Mi”

   cpu: “250m”

 limits:

   memory: “128Mi”

   cpu: “500m”

Keep in mind that resource requests help the scheduler decide where to place your pod, while limits set the maximum usage before containers might get terminated. A good rule of thumb is to set requests based on expected steady-state usage and limits based on what’s acceptable during peak usage.

Master debugging with kubectl

Debugging is important for keeping your Kubernetes apps running smoothly. Luckily, kubectl has plenty of commands to help you troubleshoot with ease.

Get container logs:

kubectl logs <pod-name> -c <container-name>

Interactive debugging with a temporary pod:

kubectl run debug --rm -it --image=busybox -- sh

Create a debug container attached to an existing pod:

kubectl debug <pod-name> -it --image=busybox --share-processes --copy-to=<debug-pod-name>

View events in a namespace:

kubectl get events -n <namespace>

Check pod conditions and status details:

Copykubectl describe pod <pod-name>

This provides a more structured output of pod conditions, showing the full transition history and current state in an easy-to-read format.

Verify connectivity between pods using a network debugging container:

kubectl run test-connectivity --rm -it --image=nicolaka/netshoot -- bash

For persistent issues, consider using the --previous flag to check logs from previously crashed containers:

kubectl logs <pod-name> --previous

Security best practices with kubectl

two people coding on laptop
two people coding on laptop

Keeping your Kubernetes cluster secure is incredibly important, and kubectl has a big part to play in that. Here are some best practices to help you stay on top of your security:

Manage access controls with RBAC

Role-Based Access Control (RBAC) is the standard for authorization in Kubernetes. It allows you to define detailed permissions for users and service accounts.

View roles in a namespace:

kubectl get roles -n <namespace>

View cluster roles:

kubectl get clusterroles

View role bindings:

kubectl get rolebindings -n <namespace>

View cluster role bindings:

kubectl get clusterrolebindings

Create a role with specific permissions:

kubectl create role developer --verb=get,list,watch --resource=pods,deployments -n <namespace>

Bind a role to a user:

kubectl create rolebinding dev-user-binding --role=developer --user=dev-user -n <namespace>

Always use RoleBindings instead of ClusterRoleBindings whenever possible to limit permissions to a specific namespace. This follows the principle of least privilege by scoping access to only the namespaces that require it, reducing the potential impact of credential compromise.

Stick to the principle of least privilege by giving users and service accounts only the permissions they need to get their job done. Make it a habit to regularly review role bindings to ensure they still make sense as roles and responsibilities shift.

Secure handling of Secrets

Kubernetes Secrets need to be handled carefully since they hold sensitive info like API keys, passwords, and certificates.

Create a secret securely from a file:

kubectl create secret generic db-credentials --from-file=./username.txt --from-file=./password.txt

Create a TLS secret:

kubectl create secret tls tls-secret --cert=path/to/cert --key=path/to/key

Mount Secrets as environment variables:

env:

 - name: DB_PASSWORD

   valueFrom:

     secretKeyRef:

       name: db-credentials

       key: password

Mount Secrets as files:

volumes:

 - name: secret-volume

   secret:

     secretName: ssl-certificates

Think about using external secret management tools like HashiCorp Vault, AWS Secrets Manager, or Sealed Secrets to boost security. These tools offer helpful features like secret rotation, audit trails, and encryption.

Use kubectl with secure context

Always make sure that you’re operating in the correct context to avoid accidentally modifying the wrong cluster.

View all available contexts:

kubectl config get-contexts

Switch to a specific context:

kubectl config use-context <context-name>

View the current context:

kubectl config current-context

Set namespace for the current context:

kubectl config set-context --current --namespace=<namespace>

In important production environments, it’s a good idea to use visual cues, like shell prompts, to show the current cluster and namespace. This makes it easier to avoid accidental actions on the wrong resources.

Use network policies

Network Policies act as firewalls within your Kubernetes cluster, controlling pod-to-pod communication.

List network policies:

kubectl get networkpolicies

Create a network policy that denies all ingress traffic by default:

kubectl apply -f - <<EOF

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

 name: default-deny-ingress

spec:

 podSelector: {}

 policyTypes:

 - Ingress

EOF

Create a network policy that allows specific traffic:

kubectl apply -f - <<EOF

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

 name: allow-frontend-to-backend

spec:

 podSelector:

   matchLabels:

     app: backend

 ingress:

 - from:

   - podSelector:

       matchLabels:

         app: frontend

   ports:

   - port: 8080

EOF

Start with a “deny-all” network policy as your baseline, then allow only the traffic you actually need. This way, you’re sticking to the principle of least privilege and keeping your attack surface as small as possible.

Master Kubernetes management with these kubectl commands and best practices

Kubectl is a must-have tool in the Kubernetes commands world, acting as your go-to interface for managing and working with Kubernetes clusters. By learning these run commands and following the best practices in this cheat sheet, you’ll be ready to handle the challenges of containerized applications with the utmost confidence.

Keep in mind, Kubernetes is always evolving, and so is kubectl. Stay up to date on new features and updates to keep improving your cluster management skills.

If you’re ready to dive into more advanced topics like expanding Kubernetes service IP ranges, check out our detailed guide on how to seamlessly expand service IP ranges.

As your Kubernetes setup scales and grows more complex, having the right tools and knowledge becomes even more important. That’s where DoiT comes in. Our global team of cloud architects specializes in helping businesses build cost-efficient, scalable, and resilient cloud infrastructures. We’re here to help tackle tough Kubernetes configuration and integration challenges while troubleshooting and boosting operational efficiency.

Chat with us to learn how we can help you optimize your container orchestration strategy for better performance and cost savings.

Subscribe to updates, news and more.

Subscribe

Subscribe to updates, news and more.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related blogs

View all blogs
Let’s do it

From cost optimization to cloud migration, machine learning and CloudOps,
we’re here to make the public cloud easy.

From cost optimization to cloud migration, machine learning and CloudOps, we’re here to make the public cloud easy.

Ready to get started?

Get in touch

Company

Offering

Support

Never miss an update.

Subscribe to updates, news and more.

Schedule a call with our team

You will receive a calendar invite to the email address provided below for a 15-minute call with one of our team members to discuss your needs.

You will be presented with date and time options on the next step