search

Kubectl Cheat Sheet

Useful commands list.

hashtag
General

hashtag
Overview

https://kubernetes.io/docs/reference/kubectl/overview/arrow-up-right

hashtag
Install

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +rx ./kubectl
sudo mv  ./kubectl /usr/local/bin

hashtag
Enable autocomplete

sudo apt-get install bash-completion
source /usr/share/bash-completion/bash_completion
echo 'source <(kubectl completion bash)' >>~/.bashrc
sudo su -
kubectl completion bash >/etc/bash_completion.d/kubectl

Enable autocomplete for an alias.

alias k=kubectl
source <(kubectl completion bash | sed 's/kubectl/k/g')

hashtag
References

https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletionarrow-up-right

hashtag
Explain components

hashtag
Run kubectl from inside a container

TTY connect to your container and make sure kubectl is installed.

hashtag
Import your Kubernetes config

When you are connected to a container deployed in Kubernetes cluster, it already has access to Kubernetes config and certificates, you only need to import them:

circle-info

Do not replace any path or URL, you can use exactly the command above.

At this point you should have the file ~/.kube/config.

circle-info

WORKAROUND: if, by any change, you are having a hard time, you can get the /root/.kube/config file from your original installation and restore it inside your container.

hashtag
Generate kubeconfig from ServiceAccount

hashtag
Cluster management

hashtag
Get cluster name

hashtag
Get cluster endpoints

hashtag
List all API resources

hashtag
Logs

Get logs from a previous restart pod:

hashtag
Namespaces

hashtag
Force delete namespace (hanging on "Terminating")

If the namespace is not deleted, check its manifest:

Check if it has any finalizers, for example:

Edit it:

And delete the finalizers block.

If it does not work, export namespace manifest to a file.

Edit the file, on finalizers block, remove "kubernetes" (or any other existing finalizer).

hashtag
Nodes

hashtag
Get nodes

hashtag
Permission

hashtag
can-i

hashtag
Pods

hashtag
Connect to pod TTY

hashtag
The right way

List your pods:

Locate the one you want access, get its name, and run:

circle-info

Replace --user=root with your container user and hal-66b97c4c88-b675b with your pod name.

If your namespace has only one pod, your use only one command:

hashtag
Workaround

If by any reason you could not use kubectl exec (for example, if your container does not allow root auth), then SSH to your K8s worker node which is hosting your pod.

Locate the container you want to connect to:

circle-info

Replace halyard with any keyword you want.

Then connect to it:

hashtag
Force delete pod

circle-exclamation

Never force pod deletion unless it is really necessary

If you have a pod which is referenced by a Replica Set that does not exist and you are stuck, force pod deletion.

circle-info

Replace PUT-YOUR-NAMESPACE-HERE Replace PUT-YOUR-POD-NAME-HERE

hashtag
References

LogoForce Delete StatefulSet PodsKuberneteschevron-right

hashtag
Get pods, filter by label, print pod name and its namespace

kubectl get pods -Ao jsonpath='{range .items[?(@.metadata.labels.app=="my-ubuntu")]}{@.metadata.name}{" "}{@.metadata.namespace}{"\n"}{end}'

hashtag
RBAC

hashtag
(Cluster)RoleBindings and the ServiceAccount(s) they reference with

hashtag
Resources

hashtag
List pods resource limits

PreviousKnown errors and solutionsNextetcd Cheat Sheet

Last updated