Kubernetes Cheat Sheet

A handy reference for common k8s operations with kubectl.

Kubernetes Cheat Sheet

Kubernetes Objects


Pods are the smallest deployable units in Kubernetes, housing one or more containers with shared storage and network.

# Show a list of pods
kubectl get po
# Show a detailed list of pods
kubectl get po -o wide
# Show detailed pod state
kubectl describe pod [pod_name]
# Show pods running on a node
kubectl get pods -o wide | grep [node_name]
# Show pod cpu/memory usage
kubectl top pod
# Delete a pod
kubectl delete pod [pod_name]
# Get a shell on a single-container pod
kubectl exec -it [pod_name] /bin/sh


Kubernetes runs workloads by placing containers into Pods than run on Nodes, which can be virtual or physical machines.

# Show a list of nodes
kubectl get no
# Show a detailed list of nodes
kubectl get no -o -wide
# Show verbose node details
kubectl describe node [node_name]
# Filter nodes for a specific label
kubectl get node --selector=[label_name]
# Show node cpu/memory usage
kubectl top node [node_name]
# Delete a node
kubectl delete node [node_name]
# Add or update labels of a node
kubectl label node [node_name]


Services are an abstract way to expose an application running on a set of Pods as a network service. Kubernetes provide Pods with their own IP addresses, a single DNS name for a set of Pods, and can load-balance across them.

# Show services information
kubectl get svc
# Show detailed state of services
kubectl describe svc
# Show details about all services
kubectl get svc -o wide
# Edit the definition of a service
kubectl edit svc
# Expose a deployment as a new service
kubectl expose deployment [deployment_name]


Deployments provide declarative updates for Pods and ReplicaSets. By describing a desired state in a Deployment, the Deployment Controller changes the actual state to the desired state at a controlled rate.

# Show deployments information
kubectl get deploy
# Show a detailed list of deployments
kubectl get deploy -o -wide
# Show verbose deployment details
kubectl describe deploy [deployment_name]
# Update definition of deploy on server
kubectl edit deployment [deployment_name]
# Create a new deployment
kubectl create deployment [deployment_name]
# Delete a deployment
kubectl delete deployment [deployment_name]
# See rollout status of a deployment
kubectl rollout status deployment [deployment_name]


Namespaces provide a way of isolating groups of resources in a Kubernetes cluster, and can be used for restricting networking and RBAC. Resource names must be unique within a namespace.

# List namespaces
kubectl get namespace
# Show detailed state of a namespace
kubectl describe namespace [namespace_name]
# Create a namespace
kubectl create namespace [namespace_name]
# Edit the definition of a namespace
kubectl edit namespace [namespace_name]
# Delete a namespace
kubectl delete namespace [namespace_name]
# Show resource usage for a namespace
kubectl top namespace [namespace_name]


Daemonsets ensure that Nodes run a replica of a Pod. As Nodes are added to a Custer, Pods are added to Daemonsets. If Nodes are removed from a Cluster, Pods are garbage collected. Deleting a DaemonSet cleans up the Pods it created.

# Show all daemonsets (ds) information
kubectl get ds
# Show ds details in all namespaces
kubectl describe ds --all-namespaces
# Show ds details for specific namespace
kubrctl describe ds [daemonset_name] -n [namespace_name]
# Edit the definition of a daemonset
kubectl edit daemonset [daemonset_name]
# Manage the rollout of a daemonset
kubectl rollout daemonset


ReplicaSets maintain a stable set of replica Pods, which are often used to guarantee availability of a specified number of identical Pods.

# Show all ReplicaSets
kubectl get rs
# Show detailed state of a ReplicaSet
kubectl describe rs [replicaset_name]
# Show detailed info for ReplicaSets
kubectl get rs -o wide
# Scale a ReplicaSet
kubectl scale --replicas=[x]


Event objects are created best-effort, with limited retention time, when a state change happens in the system, providing visibility into your cluster.

# Show recent events for all resources
kubectl get events
# Show warnings only
kubectl get events --field-selector type=Warning
# Show events sorted by timestamp
kubectl get events --sort-by=.metadata.creationTimestamp
# Show events excluding Pod events
kubectl get events --field-selector involvedObject.kind!=Pod
# Show events excluding Normal events
kubectl get events --field-selector type!=Normal


Cluster events are recorded as logs, which are often useful for debugging. Log verbosity is configurable depending on the level of detail required.

# Show logs for a pod
kubectl logs [pod_name]
# Show logs for a pod and follow new logs
kubectl logs -f [pod_name]
# Show the last 6h of logs for a pod
kubectl logs --since=6h [pod_name]
# Show the 50 most recent logs for a pod
kubectl logs --tail=50 [pod_name]
# Output logs in a file 'pod.log'
kubectl logs [pod_name] pod.log

Service Accounts

Service Accounts provide an identity for processes that run in a Pod. When processes contact the apiserver, they are authenticated as a particular Service Account.

# List Service Accounts
kubectl get sa
# Show detailed state of Service Accounts
kubectl describe sa
# Replace a Service Account
kubectl replace sa
# Delete a Service Account
kubectl delete sa [service_account_name]


Secrets are objects containing a sensitive data such as as passwords or tokens. Using a Secrets means you avoid including sensitive data in your application code.

# Show secrets
kubectl get secrets
# Show detailed info for secrets
kubectl describe secrets
# Show secrets for all namespaces
kubectl get secrets --all-namespaces
# Create a secret
kubectl create secret
# Delete a secret
kubectl delete secret [secret_name]


StatefulSet is used to manage stateful applications, managing the deployment and scaling of a set of Pods. It provides guarantees for ordering and uniqueness of these Pods.

# List StatefulSets
kubectl get statefulset
# Delete a StatefulSet only, not pods
kubectl delete statefulset/[stateful_set_name] --cascade=false

Managing Objects & Resources

If you're not using a platform that automates Kubernetes deployments, here are useful commands for managing Kubernetes objects and making changes from manifest files.

# Apply a configuration to a resource from file
kubectl apply -f [manifest].yaml
# Create objects from file
kubectl create -f [manifest].yaml
# Delete objects from file
kubectl delete -f [manifest].yaml
# Update the taints on one or more nodes
kubectl taint node [node_name]
# Mark node as unschedulable
kubectl cordon [node_name]
# Mark node as schedulable
kubectl uncordon [node_name]
# Drain node to prepare for maintenance
kubrctl drain [node_name]

Anatomy of a manifest file

Creating Kubernetes objects from manifest files often involves thousands of lines of YAML.
It needs to follow a specific format so that Kubernetes can understands it. This is the basic format:

  1. API Version: Determines the version of the Kubernetes object based on the API group, for example: /api/v1.
  2. Kind: Determines the type of object you are creating, e.g. pod, service, ingress, config map, daemon, secret, etc.
  3. Metadata: Some data that so that you can uniquely identify your object, e.g. a name and namespace.
  4. Spec: The state your object should be in, used for e.g. specifying ports, number of replicas, and environment variables.

As a very simple example, here's the manifest for how you would create the pod my-pod in the namespace my-namespace and deploy the image my-container-image to the container my-pod-container, with the imagePullPolicy set to pull the image every time the pod is created:

apiVersion: v1kind: Podmetadata:name: my-podnamespace: my-namespacespec:containers:name: my-pod-containerimage: my-container-imageimagePullPolicy: Always