computer terminal

A Kubectl Cheat Sheet

/ Leave a Comment

Besides being the subject of hilarious debate about its pronunciation, kubectl is of course the Kubernetes command line interface. Everyone working with Kubernetes has some kind of go-to list of favorite commands. Even the official Kubernetes site offers a kubectl cheat sheet. These are some of my favorite commands.

Disclaimer: even though many of these commands are read-only, always make sure you understand what commands are doing before running them – blindly copying & pasting things you find on the internet into your terminal is a bad idea.

Some of these commands use jq for filtering and formatting kubectl output , which I sometimes find more convenient than the build-in query options.

I hope you find the cheat sheet useful, and check back as I might update this page.

Table Of Contents
  1. Pods
  2. Nodes
  3. Services
  4. Deployment
  5. Patch
  6. Logs
  7. Miscellaneous
  8. show cluster info

Pods

show pod IPs
kubectl get pods -o custom-columns=NAME:.metadata.name,IP:.status.podIP
display the pod’s owner (often a replicaset)
kubectl get pod -o json | jq '.items[] | [.metadata.name, .metadata.ownerReferences[0].name] |@tsv' -r
display ports for all containers in a pod that have a number less than 1024
kubectl get pod -A -o json | jq 'try(.items[] | select((.spec.containers[].ports != null) and (.spec.containers[].ports[].containerPort < 1024)) | { "name": .metadata.name, "namespace": .metadata.namespace, "ports": .spec.containers[].ports[].containerPort })'
display cpu/mem requests and limits for containers
kubectl get pods -o=custom-columns='NAME:spec.containers[*].name,MEMREQ:spec.containers[*].resources.requests.memory,MEMLIM:spec.containers[*].resources.limits.memory,CPUREQ:spec.containers[*].resources.requests.cpu,CPULIM:spec.containers[*].resources.limits.cpu'
find all pods that container the annotation “kubernetes.io/psp”
kubectl get pods -A -ojson |jq '.items[] .metadata |select(.annotations | has("kubernetes.io/psp")) | [.namespace, .name] |@tsv' -r
find pods with nodeSelector key “group” and print the value
kubectl get pods -o json |jq '.items[]|select(.spec.nodeSelector|has("group")) |[.metadata.name,.spec.nodeSelector["group"]]|@tsv' -r
find all pods running on a certain node
kubectl get po -A -o json | jq '.items[] | select(.spec.nodeName=="ip-10-10-0-100.eu-west-1.compute.internal") | .metadata.name'
find all pods not having “Running” status
kubectl get pods -A --field-selector=status.phase!=Running
print all images running in all namespaces, sorted by number of times seen
kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c |\
sort
display all pods sorted by the nodes they are running on
kubectl get pods -o wide --sort-by="{.spec.nodeName}" --all-namespaces
display all pods sorted by restart count
kubectl get pods -A -o json |jq '.items[] |[.status.containerStatuses[0].restartCount ,  .metadata.name] |join("\t")' -r |sort -n
get pod names without any header
kubectl get pods --no-headers -o custom-columns=":metadata.name"
display pods using labels contained in a list 
kubectl get pods -A -l 'env in (production, development)'
sort pods by memory/cpu usage
# cpu
kubectl top pods -A | sort --reverse --key 3 --numeric
# memory
kubectl top pods -A | sort --reverse --key 4 --numeric

Nodes

show all values for the “group” label across all nodes
kubectl get nodes -o custom-columns=LABEL:.metadata.labels.group |sort -u
show node label values for “beta.kubernetes.io/instance-type”

kubectl get nodes -o json |jq ‘.items[] .metadata |[.name, .labels[“beta.kubernetes.io/instance-type”]]|@tsv’ -r

show kubelet version across all nodes

kubectl get nodes -o json | jq -r ‘.items[] | [.metadata.name, .status.nodeInfo[“kubeletVersion”]]|@tsv’

show kubelet version matching a particular string
kubectl get nodes -o json | jq -r '.items[] |select(.status.nodeInfo["kubeletVersion"] == "v1.23.17-eks-a5565ad") | [.metadata.name, .status.nodeInfo["kubeletVersion"]]|@tsv'
get InternalIP of nodes
kubectl get nodes -o json | jq -r '.items[].status.addresses[]? | select (.type == "InternalIP") | .address'
get node taints
kubectl get nodes -o go-template='{{printf "%-50s %-12s\n" "Node" "Taint"}}{{- range .items}}{{- if $taint := (index .spec "taints") }}{{- .metadata.name }}{{ "\t" }}{{- range $taint }}{{- .key }}={{ .value }}:{{ .effect }}{{ "\t" }}{{- end }}{{- "\n" }}{{- end}}{{- end}}'
get number of pods running on each node
kubectl get po -o json --all-namespaces | jq '.items | group_by(.spec.nodeName) | map({"nodeName": .[0].spec.nodeName, "count": length}) | sort_by(.count)'
sort nodes by memory capacity
kubectl get node -o json | jq -r '.items | sort_by(.status.capacity.memory)[]|[.metadata.name,.status.capacity.memory]| @tsv'
sort nodes by age
kubectl get nodes -o wide --sort-by=.metadata.creationTimestamp
drain node with common options
# not read-only!
# --force means continue even if there are pods that do not declare a controller
kubectl drain --delete-emptydir-data --ignore-daemonsets --force <name of node>

Services

get loadbalancer hostnames
kubectl get service -A -o json | jq -r '.items[] |select(.spec.type == "LoadBalancer") | [.metadata.name, .metadata.namespace, .status.loadBalancer.ingress[0].hostname]| @tsv'
get ports of all services running nodePort 
kubectl get -A svc -o json | jq -r '.items[] | select(.spec.ports[].nodePort != null) | [.metadata.name,([.spec.ports[].nodePort | tostring ] | join("|"))]| @tsv'

Deployment

set image 
kubectl set image deployment/webserver apache=httpd:2.45.7
view logs using deployment object
kubectl logs -f deploy/webservice

Patch

patch a daemonset to set nodeSelector
# not read-only !
kubectl patch daemonset <name-of-daemon-set> -p '{"spec": {"template": {"spec": {"nodeSelector": {"foo": "bar"}}}}}'
example using json patch
# not read-only!
kubectl patch daemonset.apps/aws-node --type json --patch "$(cat aws-node.yaml)" 

# contents of aws-node.yaml
- op: add
  path: /spec/template/spec/containers/0/env/-
  value:
    name: WARM_IP_TARGET
    value: 5

Logs

stream logs but start at end
kubectl logs -f my-pod --tail=50
stream logs from all containers in a pod
kubectl logs -f <pod name> --all-containers
view logs of a previous (e.g. crashed) container
kubectl logs <pod name> --previous
stream logs by label
kubectl logs -f -l app=nginx

Miscellaneous

create a job pod from a cronjob
# not read-only!
kubectl create job --from=cronjob/<name of cronjob> <name of job pod> -o yaml |kubectl -f - patch --type json --patch "$(cat job-patch.yml)" |kubectl apply -f -

# contents of job-patch.yml
---
- op: add
  path: /spec/backoffLimit
  value: 0

- op: add
  path: /spec/template/spec/restartPolicy
  value: Never
copy secret to another namespace
kubectl get secrets <secret name> -o yaml | sed 's/namespace: .*/namespace: newnamespace/' | k apply -f -
copy all secrets to another namespace
kubectl get secrets -o json --namespace namespace-old | \
jq '.items[].metadata.namespace = "namespace-new"' | \
kubectl create-f  -
get resources containing a certain label
kubectl get all -A -o json |jq '.items[] |select(.metadata.labels["app.kubernetes.io/heritage"] == "Tiller")|[.metadata.name, .kind, .metadata.name] |@tsv' -r
view events sorted by timestamp
kubectl get events --sort-by=.metadata.creationTimestamp
get annotations (serviceaccount example)
kubectl get sa -ojson |jq '.items[] .metadata |select(.annotations) | { "namespace": .namespace, "name": .name, "annotations": .annotations}'
show kube api endpoints
kubectl get --raw "/" | jq
display api-versions
kubectl api-versions

show cluster info

kubectl cluster-info
# or add dump, for relevant information for debugging and diagnosis
kubectl cluster-info dump

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top