Skip to content

Kubernetes

Basic actions

Get more info about pods:

kubectl get po -o wide

Get all main ressources:

kubectl get all --all-namespaces

Get main ressources for a specific namespace:

kubectl get all -n $NAMESPACE

Get really all the ressources of a specific namespace:

kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -l app=myapp -n $NAMESPACE

Generic actions

Rename a ressource (the deployment ressource is an example, is working with other ressources also):

kubectl -n $NAMESPACE get deployment $RESSOURCE_NAME -o json | jq '.metadata.name = "$NEW_RESSOURCE_NAME"' | kubectl -n $NAMESPACE apply -f - && kubectl -n $NAMESPACE delete deployment $RESSOURCE_NAME

Namespace managment

Namespace creation:

kubectl create namespace $NAMESPACE_NAME

Deployment managment

Restart a rollout:

kubectl rollout restart

Get the rollout status:

kubectl rollout status -w

Get the rollouts history:

kubectl rollout history

Rollback a change:

kubectl rollout undo

Secret managment

Create a secret from literal:

kubectl create secret generic $SECRET_NAME --from-literal=$KEY=$SECRET

Create a secret from a file:

kubectl create secret generic $SECRET_NAME --from-file=$KEY=$PATH_TO_FILE

Get the value of a Kubernetes secret:

kubectl -n $NAMESPACE get secret $SECRET_NAME -o jsonpath="{.data.$SECRET_PATH}" | base64 --decode
kubectl -n $NAMESPACE get secret $SECRET_NAME -o 'go-template={{index .data "$SECRET_PATH"}}' | base64 --decode

Copy a secret from a namespace to an other:

kubectl get secrets $SECRET_NAME -o json --namespace $NAMESPACE_OLD | jq '.metadata.namespace = "$NAMESPACE_NEW"' | kubectl create -f  -

Pod managment

Watch pod events:

kubectl get pods --watch --output-watch-events

Get the list of all non running pods:

kubectl get pod --field-selector=status.phase!=Running -A

Get the list of pod with their CPU consumpsion:

kubectl top pods -A | sort --reverse --key 3 --numeric

Get the list of pod with their memory consumpsion:

kubectl top pods -A | sort --reverse --key 4 --numeric

Sorting the list of pod by the number of restarts:

kubectl get pods --sort-by=.status.containerStatuses[0].restartCount

Print limits and requests of each pod:

kubectl get pods -n $NAMESPACE -o=custom-columns='NAME:spec.containers[*].name,MEMREQ:spec.containers[*].resources.requests.memory,MEMLIM:spec.containers[*].resources.limits.memory,CPUREQ:spec.containers[*].resources.requests.cpu,CPULIM:spec.containers[*].resources.limits.cpu'

Delete all the pods of a given namespace:

kubectl -n $NAMESPACE delete --all pods

Force delete a specific pod:

kubectl -n $NAMESPACE delete po $POD_NAME --force --grace-period=0

Node managment

Get the list of nodes and their memory size:

kubectl get no -o json | jq -r '.items | sort_by(.status.capacity.memory)[]|[.metadata.name,.status.capacity.memory]| @tsv'

Getting the list of nodes and the number of pods running on them

kubectl get po -o json --all-namespaces | jq '.items | group_by(.spec.nodeName) | map({"nodeName": .[0].spec.nodeName, "count": length}) | sort_by(.count)'

List the node taints:

kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

List the nodes with there labels:

kubectl get nodes --show-labels

Job managment

Create a job from a cronjob

kubectl create job --from=cronjobs.batch/$CRONJOB_NAME $JOB_NAME

Suspend a cronjob:

kubectl patch cronjob/$CRONJOB_NAME -p '{"spec": {"suspend": true}}'

Get logs of a job:

kubectl logs job/$JOB_NAME

CRD managment

list applied CRDs:

kubectl get crd

Kustomize

To generate the manifest before applying it:

kubectl kustomize -o tmp.yaml

Monitoring

Get raw metrics from the API server:

kubectl get --raw /metrics

Security query

Get pods renuning in privileged mode:

kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{": "}{range .spec.containers[*]}{.securityContext.privileged}{end}{end}' | grep true

To debug

Follow logs of multiple pods:

kubectl logs -f -n $NAMESPACE -l app=myapp --timestamps

Getting logs of the “previous” container:

kubectl -n $NAMESPACE logs $POD_NAME --previous

Get all events of what happened:

kubectl -n $NAMESPACE get events --sort-by='{.lastTimestamp}' | tail

Connect to a pod from your local workstation:

kubectl port-forward -n $NAMESPACE $POD_NAME $LOCAL_PORT:$POD_PORT

Connect to a service from your local workstation:

kubectl port-forward -n $NAMESPACE --address 0.0.0.0 service/$SERVICE_NAME $LOCAL_PORT:$POD_PORT

Boot a centos pod in Kubernetes:

kubectl -n $NAMESPACE run tmp-shell --rm -i --tty --image centos -- /bin/bash

Start shell in a running container:

kubectl -n $NAMESPACE exec -it $POD_NAME -- /bin/bash

Force delete a namespace:

kubectl get ns $NAMESPACE -o json | jq '.spec.finalizers = []'| kubectl replace --raw "/api/v1/namespaces/$NAMESPACE/finalize" -f -

To run a command in a container that is failling right after it's start:

spec:
  containers:
    - name: fluent-bit
      image: public.ecr.aws/aws-observability/aws-for-fluent-bit:stable
      # Add a custom sh command
      command: ["/bin/sh"]
      args: ["-c", "cat /fluent-bit/etc/fluent-bit.conf"]

kubectl plugins

krew

krew is available here.

It will need to be updated a first time before you can use it.

kubectl krew update

deprecations

Install deprecations:

kubectl krew install deprecations

Use deprecations:

kubectl deprecations

ktop

Install ktop:

kubectl krew install ktop

Use ktop:

kubectl ktop

lineage

Install lineage:

kubectl krew install lineage

List dependent resources:

kubectl lineage $RESSOURCE_TYPE $RESSOURCE_NAME -o=wide

List dependencies resource:

kubectl lineage $RESSOURCE_TYPE $RESSOURCE_NAME -D -o=wide

Display Helm release resources:

kubectl lineage helm $HELM_RELEASE_NAME

ns

Install ns:

kubectl krew install ns

Use ns:

kubectl ns $NAMESPACE

It is recommended to add fzf

outdated

Install outdated:

kubectl krew install outdated

Use outdated:

kubectl outdated

pod-inspect

Install pod-inspect:

kubectl krew install pod-inspect

Use pod-inspect:

kubectl pod-inspect $POD_NAME

resource-capacity

Install resource-capacity:

kubectl krew install resource-capacity

List node request and limits:

kubectl resource-capacity

List node request, limits and usage (require the metrics-server):

kubectl resource-capacity --util

List pod request and limits:

kubectl resource-capacity --pods

List node and pods request, limits and usage (require the metrics-server):

kubectl resource-capacity --pods --util

List node available resources:

kubectl resource-capacity --available

sick-pods

Install sick-pods:

kubectl krew install sick-pods

Use sick-pods:

kubectl sick-pods $POD_NAME

topology

Install topology:

kubectl krew install topology

Get the topology for the nodes:

kubectl topology node

Get the topology for the pods:

kubectl topology pod

unused-volumes

Install unused-volumes:

kubectl krew install unused-volumes

Use unused-volumes:

kubectl unused-volumes

Quick install

kubectl krew install deprecations
kubectl krew install ktop
kubectl krew install lineage
kubectl krew install ns
kubectl krew install outdated
kubectl krew install pod-inspect
kubectl krew install resource-capacity
kubectl krew install sick-pods
kubectl krew install topology
kubectl krew install unused-volumes

Bonus

Install autocompletion:

echo "source <(kubectl completion bash)" >> ~/.bashrc