Increase your productivity with this handy Kubernetes cheat sheet

We all get it — There are a lot of commands when using Kubernetes, and sometimes things slip your mind. For those pesky days when you just can’t remember how to do a simple thing that you swear you have done a million times, here is nClouds’ handy Kubernetes cheat sheet. Most of these commands will work for Amazon Elastic Container Service for Kubernetes (Amazon EKS). Our engineers use these commands all the time to decrease web search times and improve productivity.

We highly recommend you bookmark this page. Below is the cheat sheet organized by topic. Click on the topic’s link to automatically scroll to that topic.

1. Check Performance
2. Creating Objects
3. Defining Custom Columns for Output
4. Deleting Resources
5. Editing Resources
6. Force Delete All Pods Stuck in a Terminating State
7. Ingress Information
8. Interacting With Nodes and Clusters
9. Interacting with Running Pods
10. Patching Resources
11. Resource Types
12. Run Shell Command
13. Scaling Resources
14. Setting Up Kubeconfig
15. Updating Resources
16. Viewing, Finding Resources
17. View Kubernetes Outputs

Check Performance

# Get node resource usage
kubectl top node
# Get pod resource usage
kubectl top pod
# Get resource usage for a given pod
kubectl top — containers
# List resource utilization for all containers
kubectl top pod — all-namespaces — containers=true

Creating Objects

Kubernetes manifests can be defined in YAML or JSON. The file extensions .yaml, .yml, and .json can be used.

kubectl apply -f ./my-manifest.yaml # create resource(s)
kubectl apply -f ./my1.yaml -f ./my2.yaml # create from multiple files
kubectl apply -f ./dir # create resource(s) in all manifest files in dir
kubectl apply -f https://git.io/vPieo # create resource(s) from url
kubectl create deployment nginx — image=nginx # start a single instance of nginx
kubectl explain pods,svc # get the documentation for pod and svc manifests
# Create multiple YAML objects from stdin
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox-sleep
spec:
containers:
- name: busybox
image: busybox
args:
- sleep
- “1000000”
 — -
apiVersion: v1
kind: Pod
metadata:
name: busybox-sleep-less
spec:
containers:
- name: busybox
image: busybox
args:
- sleep
- “1000”
EOF
# Create a secret with several keys
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: $(echo -n “s33msi4” | base64 -w0)
username: $(echo -n “jane” | base64 -w0)
EOF

Defining Custom Columns for Output

The following command allows you to use custom columns for outputs, helping to reduce the clutter and providing structured information on the fields you want to view.

kubectl get po — all-namespaces 
-o=custom-columns=NAME:.metadata.name,USER:.metadata.user,VERSION:.metadata.version

You can name the columns whatever you want, with the fields acting as key value pairs. The above query will give the following data.

$ NAME USER VERSION
login-screen tremaine 3.11.0

Deleting Resources

kubectl delete -f ./pod.json # Delete a pod using the type and name specified in pod.json
kubectl delete pod,service baz foo # Delete pods and services with same names “baz” and “foo”
kubectl delete pods,services -l name=myLabel # Delete pods and services with label name=myLabel
kubectl -n my-ns delete pod,svc — all # Delete all pods and services in namespace my-ns,
# Delete all pods matching the awk pattern1 or pattern2
kubectl get pods -n mynamespace — no-headers=true | awk ‘/pattern1|pattern2/{print $1}’ | xargs kubectl delete -n mynamespace pod

Editing Resources

Edit any API resource in your preferred editor.

kubectl edit svc/docker-registry # Edit the service named docker-registry
KUBE_EDITOR=”nano” kubectl edit svc/docker-registry # Use an alternative editor

Force Delete All Pods Stuck in a Terminating State

The following command script will loop through the pods and filter pods in terminating state and force them to be deleted. This is handy when you have a couple of them that are stuck, and you need to get rid of them

for ns in $(kubectl get ns — no-headers | cut -d ‘ ‘ -f1); do for po in $(kubectl -n $ns get po — no-headers — ignore-not-found | grep Terminating | cut -d ‘ ‘ -f1); do kubectl -n $ns delete po $po — force — grace-period 0; done; done;

Ingress Information

kubectl get ing
kubectl get ing — all-namespaces

Interacting With Nodes and Clusters

kubectl cordon my-node # Mark my-node as unschedulable
kubectl drain my-node # Drain my-node in preparation for maintenance
kubectl uncordon my-node # Mark my-node as schedulable
kubectl top node my-node # Show metrics for a given node
kubectl cluster-info # Display addresses of the master and services
kubectl cluster-info dump # Dump current cluster state to stdout
kubectl cluster-info dump — output-directory=/path/to/cluster-state # Dump current cluster state to /path/to/cluster-state
# If a taint with that key and effect already exists, its value is replaced as specified.
kubectl taint nodes foo dedicated=special-user:NoSchedule

Interacting With Running Pods

kubectl logs my-pod # dump pod logs (stdout)
kubectl logs -l name=myLabel # dump pod logs, with label name=myLabel (stdout)
kubectl logs my-pod — previous # dump pod logs (stdout) for a previous instantiation of a container
kubectl logs my-pod -c my-container # dump pod container logs (stdout, multi-container case)
kubectl logs -l name=myLabel -c my-container # dump pod logs, with label name=myLabel (stdout)
kubectl logs my-pod -c my-container — previous # dump pod container logs (stdout, multi-container case) for a previous instantiation of a container
kubectl logs -f my-pod # stream pod logs (stdout)
kubectl logs -f my-pod -c my-container # stream pod container logs (stdout, multi-container case)
kubectl logs -f -l name=myLabel — all-containers # stream all pods logs with label name=myLabel (stdout)
kubectl run -i — tty busybox — image=busybox — sh # Run pod as interactive shell
kubectl run nginx — image=nginx — restart=Never -n
mynamespace # Run pod nginx in a specific namespace
kubectl run nginx — image=nginx — restart=Never # Run pod nginx and write its spec into a file called pod.yaml
 — dry-run -o yaml > pod.yaml
kubectl attach my-pod -i # Attach to Running Container
kubectl port-forward my-pod 5000:6000 # Listen on port 5000 on the local machine and forward to port 6000 on my-pod
kubectl exec my-pod — ls / # Run command in existing pod (1 container case)
kubectl exec my-pod -c my-container — ls / # Run command in existing pod (multi-container case)
kubectl top pod POD_NAME — containers # Show metrics for a given pod and its containers

Patching Resources

# Partially update a node
kubectl patch node k8s-node-1 -p ‘{“spec”:{“unschedulable”:true}}’
# Update a container’s image; spec.containers[*].name is required because it’s a merge key
kubectl patch pod valid-pod -p ‘{“spec”:{“containers”:[{“name”:”kubernetes-serve-hostname”,”image”:”new image”}]}}’
# Update a container’s image using a json patch with positional arrays
kubectl patch pod valid-pod — type=’json’ -p=’[{“op”: “replace”, “path”: “/spec/containers/0/image”, “value”:”new image”}]’
# Disable a deployment livenessProbe using a json patch with positional arrays
kubectl patch deployment valid-deployment — type json -p=’[{“op”: “remove”, “path”: “/spec/template/spec/containers/0/livenessProbe”}]’
# Add a new element to a positional array
kubectl patch sa default — type=’json’ -p=’[{“op”: “add”, “path”: “/secrets/1”, “value”: {“name”: “whatever” } }]’

Resource Types

List all supported resource types along with their short names, API group, whether they are namespaced, and Kind:

kubectl api-resources

Other operations for exploring API resources:

kubectl api-resources — namespaced=true # All namespaced resources
kubectl api-resources — namespaced=false # All non-namespaced resources
kubectl api-resources -o name # All resources with simple output (just the resource name)
kubectl api-resources -o wide # All resources with expanded (aka “wide”) output
kubectl api-resources — verbs=list,get # All resources that support the “list” and “get” request verbs
kubectl api-resources — api-group=extensions # All resources in the “extensions” API group

Run Shell Command

kubectl exec -it mytest — ls -l /etc/hosts

Scaling Resources

kubectl scale — replicas=3 rs/foo # Scale a replicaset named ‘foo’ to 3
kubectl scale — replicas=3 -f foo.yaml # Scale a resource specified in “foo.yaml” to 3
kubectl scale — current-replicas=2 — replicas=3 deployment/mysql # If the deployment named mysql’s current size is 2, scale mysql to 3
kubectl scale — replicas=5 rc/foo rc/bar rc/baz # Scale multiple replication controllers

Setting Up Kubeconfig:

kubectl config view # Show Merged kubeconfig settings.
# use multiple kubeconfig files at the same time and view merged config
KUBECONFIG=~/.kube/config:~/.kube/kubconfig2
kubectl config view
# get the password for the e2e user
kubectl config view -o jsonpath=’{.users[?(@.name == “e2e”)].user.password}’
kubectl config view -o jsonpath=’{.users[].name}’ # display the first user
kubectl config view -o jsonpath=’{.users[*].name}’ # get a list of users
kubectl config get-contexts # display list of contexts
kubectl config current-context # display the current-context
kubectl config use-context my-cluster-name # set the default context to my-cluster-name
# add a new cluster to your kubeconf that supports basic auth
kubectl config set-credentials kubeuser/foo.kubernetes.com — username=kubeuser — password=kubepassword
# permanently save the namespace for all subsequent kubectl commands in that context.
kubectl config set-context — current — namespace=ggckad-s2
# set a context utilizing a specific username and namespace.
kubectl config set-context gce — user=cluster-admin — namespace=foo \
&& kubectl config use-context gce
kubectl config unset users.foo # delete user foo

Updating Resources

As of version 1.11, rolling-update has been deprecated (see CHANGELOG-1.11.md). Use rollout instead.

kubectl set image deployment/frontend www=image:v2 # Rolling update “www” containers of “frontend” deployment, updating the image
kubectl rollout history deployment/frontend # Check the history of deployments including the revision
kubectl rollout undo deployment/frontend # Rollback to the previous deployment
kubectl rollout undo deployment/frontend — to-revision=2 # Rollback to a specific revision
kubectl rollout status -w deployment/frontend # Watch rolling update status of “frontend” deployment until completion
kubectl rollout restart deployment/frontend # Rolling restart of the “frontend” deployment
# deprecated starting version 1.11
kubectl rolling-update frontend-v1 -f frontend-v2.json # (deprecated) Rolling update pods of frontend-v1
kubectl rolling-update frontend-v1 frontend-v2 — image=image:v2 # (deprecated) Change the name of the resource and update the image
kubectl rolling-update frontend — image=image:v2 # (deprecated) Update the pods image of frontend
kubectl rolling-update frontend-v1 frontend-v2 — rollback # (deprecated) Abort existing rollout in progress
cat pod.json | kubectl replace -f — # Replace a pod based on the JSON passed into std
# Force replace, delete and then re-create the resource. Will cause a service outage.
kubectl replace — force -f ./pod.json
# Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000
kubectl expose rc nginx — port=80 — target-port=8000
# Update a single-container pod’s image version (tag) to v4
kubectl get pod mypod -o yaml | sed ‘s/\(image: myimage\):.*$/\1:v4/’ | kubectl replace -f -
kubectl label pods my-pod new-label=awesome # Add a Label
kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq # Add an annotation
kubectl autoscale deployment foo — min=2 — max=10 # Auto scale a deployment “foo”

Viewing, Finding Resources

# Get commands with basic output
kubectl get services # List all services in the namespace
kubectl get pods — all-namespaces # List all pods in all namespaces
kubectl get pods -o wide # List all pods in the current namespace, with more details
kubectl get deployment my-dep # List a particular deployment
kubectl get pods # List all pods in the namespace
kubectl get pod my-pod -o yaml # Get a pod’s YAML
kubectl get pod my-pod -o yaml — export # Get a pod’s YAML without cluster specific information
# Describe commands with verbose output
kubectl describe nodes my-node
kubectl describe pods my-pod
# List Services Sorted by Name
kubectl get services — sort-by=.metadata.name
# List pods Sorted by Restart Count
kubectl get pods — sort-by=’.status.containerStatuses[0].restartCount’
# List PersistentVolumes sorted by capacity
kubectl get pv — sort-by=.spec.capacity.storage
# Get the version label of all pods with label app=cassandra
kubectl get pods — selector=app=cassandra -o \
jsonpath=’{.items[*].metadata.labels.version}’
# Get all worker nodes (use a selector to exclude results that have a label
# named ‘node-role.kubernetes.io/master’)
kubectl get node — selector=’!node-role.kubernetes.io/master’
# Get all running pods in the namespace
kubectl get pods — field-selector=status.phase=Running
# Get ExternalIPs of all nodes
kubectl get nodes -o jsonpath=’{.items[*].status.addresses[?(@.type==”ExternalIP”)].address}’
# List Names of Pods that belong to Particular RC
# “jq” command useful for transformations that are too complex for jsonpath, it can be found at https://stedolan.github.io/jq/
sel=${$(kubectl get rc my-rc — output=json | jq -j ‘.spec.selector | to_entries | .[] | “\(.key)=\(.value),”’)%?}
echo $(kubectl get pods — selector=$sel — output=jsonpath={.items..metadata.name})
# Show labels for all pods (or any other Kubernetes object that supports labelling)
kubectl get pods — show-labels
# Check which nodes are ready
JSONPATH=’{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}’ \
&& kubectl get nodes -o jsonpath=”$JSONPATH” | grep “Ready=True”
# List all Secrets currently in use by a pod
kubectl get pods -o json | jq ‘.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name’ | grep -v null | sort | uniq
# List Events sorted by timestamp
kubectl get events — sort-by=.metadata.creationTimestamp
# Compares the current state of the cluster against the state that the cluster would be in if the manifest was applied.
kubectl diff -f ./my-manifest.yaml

View Kubernetes Outputs

Use the watch argument to see what is currently being operated on as you run a command. This is particularly useful when you’re executing something and need to see the flow that is taking place to better debug and analyze how the deployment is happening in Kubernetes.

kubectl get po -n authorization-entrypoint -w

The addition of -w will cause the output to keep going, giving you increased visibility on every action that is taking place while your command is being executed.

Need help with Kubernetes and implementing containers on AWS? The nClouds team is here to help with that and all your AWS infrastructure requirements.