kubectl: most useful commands (a growing list)

Can I?Check to see if you can execute a command based on current permissions (RBAC): kubectl auth can-i get podskubectl ContextsI have multiple clusters, let’s switch! What contexts

a month ago

Latest Post kubectl: most useful commands (a growing list) by Matthew Davis

Can I?

Check to see if you can execute a command based on current permissions (RBAC):

kubectl auth can-i get pods

kubectl Contexts

I have multiple clusters, let’s switch!

What contexts are available?

$ kubectl config get-contexts

Switch to a specific context

$ kubectl config use-context some-awesome-cluster-123

Rename that damn long context

$ kubectl config rename-context some-awesome-cluster-123 simplename

Create a new context and switch to it

$ kubectl config set-context new-content --user=cluster-admin
$ kubectl config use-content new-context

Managing Security and RBAC

Granting full privileges to a ServiceAccount

kubectl create clusterrolebinding my-super-admin-role --clusterrole=cluster-admin --user="system:serviceaccount:<namespace>:<service-account-name>"

Managing Workloads

Validate first!

kubectl create -f my.yaml --dry-run --validate=true

Scaling Replicas

kubectl scale --replicas=2 deployment nginx

Superficially scaling down a DaemonSet

Patch the DaemonSet to effectively "scale" to zero by using a nodeSelector:

kubectl -n <namespace> patch daemonset <daemonset-name> -p '{"spec": {"template": {"spec": {"nodeSelector": {"this-doesnt-exist": "true"}}}}}

Remove the nodeSelector from the patch command (above):

kubectl -n <namespace> patch daemonset daemonset-name --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/this-doesnt-exist"}]'

Editing Objects

$ kubectl edit deployment/ingress-controller

Specifying the editor to use:

$ KUBE_EDITOR=nano kubectl edit deployment/ingress-controller

Mark a node as “un-schedulable”

$ kubectl cordon

Remove all workloads from a node

$ kubectl drain

Managing Nodes

Adding a taint

$ kubectl taint node <node> <key>=<value>:NoSchedule

Removing a taint

$ kubectl taint node <node> <key>:NoSchedule-

Showing Utilization

Show utilization per node:

$ kubectl top node

Show utilization per pod:

$ kubectl top pod

Watch utilization per pod (repeatedly reload the command):

$ watch kubectl top pod

Sort pod usage from lowest to highest:

$ kubectl top pod | sort -k2 -n

Scripting

Store the name of a pod by label:

$ MY_POD=$(kubectl get pods --all-namespaces -lapp=my-awesome-app -o jsonpath='{.items[0].metadata.name})

Using the stored name:

$ kubectl logs -f -p $MY_POD $ kubectl exec -it $MY_POD sh

Querying

Listing nodes with taints

$ kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

Sorting by a field and reversing the results (creationTimestamp — thanks to hubt)

kubectl get pods --sort-by .metadata.creationTimestamp | tac

Customizing column names

kubectl get pods --all-namespaces -o=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,NODE:.spec.nodeName --sort-by=.spec.nodeName

Get all EndPoint ip addresses

kubectl get endpoints -o=jsonpath='{.items[*].subsets[*].addresses[*].ip}'

Troubleshooting

Get cluster event logs

$ kubectl get events -f

Get pod logs

kubectl get logs -f <name-of-pod>

Get logs from a terminated pod

$ kubectl logs  -p -f

Show utilization per pod

$ kubectl top pod

Port scan a service using nmap

$ kubectl run --image=mateothegreat/docker-alpine-nmap --rm -i -t nm -- -Pn -p9200,9300 <name-of-service>

See: https://github.com/mateothegreat/docker-alpine-nmap

Additional tools/utilities

Have a handy shortcut or tool?

Post a comment and I’ll get it added to the list!

Matthew Davis

Published a month ago

Comments?

Leave us your opinion.