kubectl Cheatsheet

Quick reference for the most commonly used kubectl commands for managing Kubernetes clusters.

Getting Started / Context

kubectl config get-contexts
kubectl config use-context <name>
kubectl config current-context
kubectl config set-context --current --namespace=<ns>
kubectl cluster-info
kubectl version --short

Pods

kubectl get pods -A
kubectl get pods -n <ns> -o wide
kubectl describe pod <pod> -n <ns>
kubectl logs <pod> -n <ns> -f
kubectl logs <pod> -n <ns> --previous
kubectl exec -it <pod> -- /bin/sh
kubectl delete pod <pod> -n <ns> --force
kubectl top pod -n <ns>

Deployments

kubectl get deploy -n <ns>
kubectl rollout status deploy/<name> -n <ns>
kubectl rollout history deploy/<name>
kubectl rollout undo deploy/<name>
kubectl scale deploy/<name> --replicas=3
kubectl set image deploy/<name> app=image:tag
kubectl restart deploy/<name>

Services & Networking

kubectl get svc -n <ns>
kubectl get ingress -n <ns>
kubectl port-forward svc/<name> 8080:80 -n <ns>
kubectl get endpoints -n <ns>
kubectl describe ingress <name> -n <ns>

ConfigMaps & Secrets

kubectl get cm -n <ns>
kubectl get secret -n <ns>
kubectl describe secret <name> -n <ns>
kubectl get secret <name> -o jsonpath='{.data.key}' | base64 -d
kubectl create secret generic <name> --from-literal=key=value
kubectl create configmap <name> --from-file=config.yaml

Nodes

kubectl get nodes -o wide
kubectl describe node <node>
kubectl top nodes
kubectl cordon <node>
kubectl drain <node> --ignore-daemonsets --delete-emptydir-data
kubectl uncordon <node>
kubectl taint nodes <node> key=value:NoSchedule

Namespaces & RBAC

kubectl get ns
kubectl create ns <name>
kubectl get sa -n <ns>
kubectl get roles,rolebindings -n <ns>
kubectl get clusterroles,clusterrolebindings
kubectl auth can-i list pods --as=system:serviceaccount:<ns>:<sa>

Debugging

kubectl get events -n <ns> --sort-by='.lastTimestamp'
kubectl run debug --image=busybox -it --rm -- sh
kubectl debug node/<node> -it --image=ubuntu
kubectl cp <pod>:/path/to/file ./local-file
kubectl apply --dry-run=client -f manifest.yaml
kubectl diff -f manifest.yaml

Output Formats

kubectl get pods -o yaml
kubectl get pods -o json
kubectl get pods -o jsonpath='{.items[*].metadata.name}'
kubectl get pods --sort-by='.metadata.creationTimestamp'
kubectl get pods -l app=nginx
kubectl get pods --field-selector=status.phase=Running

Resources

kubectl get all -n <ns>
kubectl get pv,pvc -n <ns>
kubectl get hpa -n <ns>
kubectl api-resources
kubectl explain deployment.spec
kubectl get crd

Workflow Examples

Complete Debugging Workflow

Systematic approach to diagnosing a failing pod or deployment.

# Step 1 — Check recent events for cluster-level errors
kubectl get events -n <ns> --sort-by='.lastTimestamp' | tail -20

# Step 2 — Describe the pod to see scheduling and container issues
kubectl describe pod <pod> -n <ns>

# Step 3 — Check current logs
kubectl logs <pod> -n <ns>

# Step 4 — Check logs from a crashed previous container instance
kubectl logs <pod> -n <ns> --previous

# Step 5 — Exec into a running container for live inspection
kubectl exec -it <pod> -n <ns> -- /bin/sh

# Step 6 — Run an ephemeral debug container alongside the target
kubectl debug -it <pod> -n <ns> --image=busybox --target=<container>

# Step 7 — Check the deployment's rollout status and history
kubectl rollout status deploy/<name> -n <ns>
kubectl rollout history deploy/<name> -n <ns>

Rolling Update with Verification

# Update the container image
kubectl set image deploy/<name> app=myrepo/myapp:v2 -n <ns>

# Watch the rollout progress in real time
kubectl rollout status deploy/<name> -n <ns> --timeout=5m

# Verify new pods are running the updated image
kubectl get pods -n <ns> -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}{end}'

# Rollback immediately if something is wrong
kubectl rollout undo deploy/<name> -n <ns>

# Rollback to a specific revision
kubectl rollout undo deploy/<name> --to-revision=2 -n <ns>

Quick YAML Generation (Dry-run)

Generate resource manifests without applying them — useful for bootstrapping new configs.

# Generate a Deployment manifest
kubectl create deploy nginx --image=nginx --dry-run=client -o yaml

# Generate a Service manifest
kubectl expose deploy nginx --port=80 --target-port=80 --dry-run=client -o yaml

# Generate a ConfigMap from a file
kubectl create configmap app-config --from-file=config.yaml --dry-run=client -o yaml

# Generate a Secret from literals
kubectl create secret generic db-creds \
  --from-literal=username=admin \
  --from-literal=password=s3cr3t \
  --dry-run=client -o yaml

# Generate a ServiceAccount
kubectl create serviceaccount my-sa -n <ns> --dry-run=client -o yaml

Tip: Set a default namespace in your kubeconfig context to avoid typing -n <ns> on every command:
kubectl config set-context --current --namespace=my-namespace

Warning: kubectl delete pod <pod> --force --grace-period=0 bypasses graceful termination. Use only when a pod is stuck in Terminating state and you understand the consequences.

Docker Cheatsheet | Terraform Cheatsheet

Quick Reference