kubectl: most useful commands (a growing list)

Can I?Check to see if you can execute a command based on current permissions (RBAC): kubectl auth can-i get podskubectl ContextsI have multiple clusters, let’s switch! What contexts

Latest Post GKE docker image pull secret 🔐 by Matthew Davis public

Can I?

Check to see if you can execute a command based on current permissions (RBAC):

kubectl auth can-i get pods

kubectl Contexts

I have multiple clusters, let’s switch!

What contexts are available?

$ kubectl config get-contexts

Switch to a specific context

$ kubectl config use-context some-awesome-cluster-123

Rename that damn long context

$ kubectl config rename-context some-awesome-cluster-123 simplename

Create a new context and switch to it

$ kubectl config set-context new-content --user=cluster-admin
$ kubectl config use-content new-context

Managing Security and RBAC

Granting full privileges to a ServiceAccount

kubectl create clusterrolebinding my-super-admin-role --clusterrole=cluster-admin --user="system:serviceaccount:<namespace>:<service-account-name>"

Managing Workloads

Validate first!

kubectl create -f my.yaml --dry-run --validate=true

Scaling Replicas

kubectl scale --replicas=2 deployment nginx

Superficially scaling down a DaemonSet

Patch the DaemonSet to effectively "scale" to zero by using a nodeSelector:

kubectl -n <namespace> patch daemonset <daemonset-name> -p '{"spec": {"template": {"spec": {"nodeSelector": {"this-doesnt-exist": "true"}}}}}

Remove the nodeSelector from the patch command (above):

kubectl -n <namespace> patch daemonset daemonset-name --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/this-doesnt-exist"}]'

Editing Objects

$ kubectl edit deployment/ingress-controller

Specifying the editor to use:

$ KUBE_EDITOR=nano kubectl edit deployment/ingress-controller

Mark a node as “un-schedulable”

$ kubectl cordon

Remove all workloads from a node

$ kubectl drain

Managing Nodes

Adding a taint

$ kubectl taint node <node> <key>=<value>:NoSchedule

Removing a taint

$ kubectl taint node <node> <key>:NoSchedule-

Showing Utilization

Show utilization per node:

$ kubectl top node

Show utilization per pod:

$ kubectl top pod

Watch utilization per pod (repeatedly reload the command):

$ watch kubectl top pod

Sort pod usage from lowest to highest:

$ kubectl top pod | sort -k2 -n


Store the name of a pod by label:

$ MY_POD=$(kubectl get pods --all-namespaces -lapp=my-awesome-app -o jsonpath='{.items[0]})

Using the stored name:

$ kubectl logs -f -p $MY_POD $ kubectl exec -it $MY_POD sh


Listing nodes with taints

$ kubectl get nodes -o,TAINTS:.spec.taints

Sorting by a field and reversing the results (creationTimestamp — thanks to hubt)

kubectl get pods --sort-by .metadata.creationTimestamp | tac

Customizing column names

kubectl get pods --all-namespaces,NAMESPACE:.metadata.namespace,NODE:.spec.nodeName --sort-by=.spec.nodeName

Get all EndPoint ip addresses

kubectl get endpoints -o=jsonpath='{.items[*].subsets[*].addresses[*].ip}'


Get cluster event logs

$ kubectl get events -f

Get pod logs

kubectl get logs -f <name-of-pod>

Get logs from a terminated pod

$ kubectl logs  -p -f

Show utilization per pod

$ kubectl top pod

Port scan a service using nmap

$ kubectl run --image=mateothegreat/docker-alpine-nmap --rm -i -t nm -- -Pn -p9200,9300 <name-of-service>


Additional tools/utilities

Have a handy shortcut or tool?

Post a comment and I’ll get it added to the list!

Matthew Davis

Published 2 years ago