Kubernetes Cheat Sheet

A handy reference for common k8s operations with kubectl.

Authors

Kubernetes Objects

Pods

Pods are the smallest deployable units in Kubernetes, housing one or more containers with shared storage and network.

# Show a list of pods
kubectl get po# Show a list of pods

# Show a detailed list of pods
kubectl get po -o wide# Show a detailed list of pods

# Show detailed pod state
kubectl describe pod [pod_name]# Show detailed pod state

# Show pods running on a node
kubectl get pods -o wide | grep [node_name]# Show pods running on a node

# Show pod cpu/memory usage
kubectl top pod# Show pod cpu/memory usage

# Delete a pod
kubectl delete pod [pod_name]# Delete a pod

# Get a shell on a single-container pod
kubectl exec -it [pod_name] /bin/sh# Get a shell on a single-container pod

Nodes

Kubernetes runs workloads by placing containers into Pods than run on Nodes, which can be virtual or physical machines.

# Show a list of nodes
kubectl get no# Show a list of nodes

# Show a detailed list of nodes
kubectl get no -o -wide# Show a detailed list of nodes

# Show verbose node details
kubectl describe node [node_name]# Show verbose node details

# Filter nodes for a specific label
kubectl get node --selector=[label_name]# Filter nodes for a specific label

# Show node cpu/memory usage
kubectl top node [node_name]# Show node cpu/memory usage

# Delete a node
kubectl delete node [node_name]# Delete a node

# Add or update labels of a node
kubectl label node [node_name]# Add or update labels of a node

Services

Services are an abstract way to expose an application running on a set of Pods as a network service. Kubernetes provide Pods with their own IP addresses, a single DNS name for a set of Pods, and can load-balance across them.

# Show services information
kubectl get svc# Show services information

# Show detailed state of services
kubectl describe svc# Show detailed state of services

# Show details about all services
kubectl get svc -o wide# Show details about all services

# Edit the definition of a service
kubectl edit svc# Edit the definition of a service

# Expose a deployment as a new service
kubectl expose deployment [deployment_name]# Expose a deployment as a new service

Deployments

Deployments provide declarative updates for Pods and ReplicaSets. By describing a desired state in a Deployment, the Deployment Controller changes the actual state to the desired state at a controlled rate.

# Show deployments information
kubectl get deploy# Show deployments information

# Show a detailed list of deployments
kubectl get deploy -o -wide# Show a detailed list of deployments

# Show verbose deployment details
kubectl describe deploy [deployment_name]# Show verbose deployment details

# Update definition of deploy on server
kubectl edit deployment [deployment_name]# Update definition of deploy on server

# Create a new deployment
kubectl create deployment [deployment_name]# Create a new deployment

# Delete a deployment
kubectl delete deployment [deployment_name]# Delete a deployment

# See rollout status of a deployment
kubectl rollout status deployment [deployment_name]# See rollout status of a deployment

Namespaces

Namespaces provide a way of isolating groups of resources in a Kubernetes cluster, and can be used for restricting networking and RBAC. Resource names must be unique within a namespace.

# List namespaces
kubectl get namespace# List namespaces

# Show detailed state of a namespace
kubectl describe namespace [namespace_name]# Show detailed state of a namespace

# Create a namespace
kubectl create namespace [namespace_name]# Create a namespace

# Edit the definition of a namespace
kubectl edit namespace [namespace_name]# Edit the definition of a namespace

# Delete a namespace
kubectl delete namespace [namespace_name]# Delete a namespace

# Show resource usage for a namespace
kubectl top namespace [namespace_name]# Show resource usage for a namespace

Daemonsets

Daemonsets ensure that Nodes run a replica of a Pod. As Nodes are added to a Custer, Pods are added to Daemonsets. If Nodes are removed from a Cluster, Pods are garbage collected. Deleting a DaemonSet cleans up the Pods it created.

# Show all daemonsets (ds) information
kubectl get ds# Show all daemonsets (ds) information

# Show ds details in all namespaces
kubectl describe ds --all-namespaces# Show ds details in all namespaces

# Show ds details for specific namespace
kubrctl describe ds [daemonset_name] -n [namespace_name]# Show ds details for specific namespace

# Edit the definition of a daemonset
kubectl edit daemonset [daemonset_name]# Edit the definition of a daemonset

# Manage the rollout of a daemonset
kubectl rollout daemonset# Manage the rollout of a daemonset

ReplicaSets

ReplicaSets maintain a stable set of replica Pods, which are often used to guarantee availability of a specified number of identical Pods.

# Show all ReplicaSets
kubectl get rs# Show all ReplicaSets

# Show detailed state of a ReplicaSet
kubectl describe rs [replicaset_name]# Show detailed state of a ReplicaSet

# Show detailed info for ReplicaSets
kubectl get rs -o wide# Show detailed info for ReplicaSets

# Scale a ReplicaSet
kubectl scale --replicas=[x]# Scale a ReplicaSet

Events

Event objects are created best-effort, with limited retention time, when a state change happens in the system, providing visibility into your cluster.

# Show recent events for all resources
kubectl get events# Show recent events for all resources

# Show warnings only
kubectl get events --field-selector type=Warning# Show warnings only

# Show events sorted by timestamp
kubectl get events --sort-by=.metadata.creationTimestamp# Show events sorted by timestamp

# Show events excluding Pod events
kubectl get events --field-selector involvedObject.kind!=Pod# Show events excluding Pod events

# Show events excluding Normal events
kubectl get events --field-selector type!=Normal# Show events excluding Normal events

Logs

Cluster events are recorded as logs, which are often useful for debugging. Log verbosity is configurable depending on the level of detail required.

# Show logs for a pod
kubectl logs [pod_name]# Show logs for a pod

# Show logs for a pod and follow new logs
kubectl logs -f [pod_name]# Show logs for a pod and follow new logs

# Show the last 6h of logs for a pod
kubectl logs --since=6h [pod_name]# Show the last 6h of logs for a pod

# Show the 50 most recent logs for a pod
kubectl logs --tail=50 [pod_name]# Show the 50 most recent logs for a pod

# Output logs in a file 'pod.log'
kubectl logs [pod_name] pod.log# Output logs in a file 'pod.log'

Service Accounts

Service Accounts provide an identity for processes that run in a Pod. When processes contact the apiserver, they are authenticated as a particular Service Account.

# List Service Accounts
kubectl get sa# List Service Accounts

# Show detailed state of Service Accounts
kubectl describe sa# Show detailed state of Service Accounts

# Replace a Service Account
kubectl replace sa# Replace a Service Account

# Delete a Service Account
kubectl delete sa [service_account_name]# Delete a Service Account

Secrets

Secrets are objects containing a sensitive data such as as passwords or tokens. Using a Secrets means you avoid including sensitive data in your application code.

# Show secrets
kubectl get secrets# Show secrets

# Show detailed info for secrets
kubectl describe secrets# Show detailed info for secrets

# Show secrets for all namespaces
kubectl get secrets --all-namespaces# Show secrets for all namespaces

# Create a secret
kubectl create secret# Create a secret

# Delete a secret
kubectl delete secret [secret_name]# Delete a secret

StatefulSet

StatefulSet is used to manage stateful applications, managing the deployment and scaling of a set of Pods. It provides guarantees for ordering and uniqueness of these Pods.

# List StatefulSets
kubectl get statefulset# List StatefulSets

# Delete a StatefulSet only, not pods
kubectl delete statefulset/[stateful_set_name] --cascade=false# Delete a StatefulSet only, not pods

Managing Objects & Resources

If you're not using a platform that automates Kubernetes deployments, here are useful commands for managing Kubernetes objects and making changes from manifest files.

# Apply a configuration to a resource from file 
kubectl apply -f [manifest].yaml# Apply a configuration to a resource from file

# Create objects from file
kubectl create -f [manifest].yaml# Create objects from file

# Delete objects from file
kubectl delete -f [manifest].yaml# Delete objects from file

# Update the taints on one or more nodes
kubectl taint node [node_name]# Update the taints on one or more nodes

# Mark node as unschedulable
kubectl cordon [node_name]# Mark node as unschedulable

# Mark node as schedulable
kubectl uncordon [node_name]# Mark node as schedulable

# Drain node to prepare for maintenance
kubrctl drain [node_name]# Drain node to prepare for maintenance

Anatomy of a manifest file

Creating Kubernetes objects from manifest files often involves thousands of lines of YAML.
It needs to follow a specific format so that Kubernetes can understands it. This is the basic format:

API Version: Determines the version of the Kubernetes object based on the API group, for example: /api/v1.
Kind: Determines the type of object you are creating, e.g. pod, service, ingress, config map, daemon, secret, etc.
Metadata: Some data that so that you can uniquely identify your object, e.g. a name and namespace.
Spec: The state your object should be in, used for e.g. specifying ports, number of replicas, and environment variables.

As a very simple example, here's the manifest for how you would create the pod my-pod in the namespace my-namespace and deploy the image my-container-image to the container my-pod-container, with the imagePullPolicy set to pull the image every time the pod is created: