kubectl: most useful commands (a growing list)

Can I?Check to see if you can execute a command based on current permissions (RBAC): kubectl auth can-i get podskubectl ContextsI have multiple clusters, let’s switch! What contexts

10 months ago

Latest Post Speed up npm install with pnpm by Matthew Davis public

Can I?

Check to see if you can execute a command based on current permissions (RBAC):

kubectl auth can-i get pods

kubectl Contexts

I have multiple clusters, let’s switch!

What contexts are available?

$ kubectl config get-contexts

Switch to a specific context

$ kubectl config use-context some-awesome-cluster-123

Rename that damn long context

$ kubectl config rename-context some-awesome-cluster-123 simplename

Create a new context and switch to it

$ kubectl config set-context new-content --user=cluster-admin
$ kubectl config use-content new-context

Managing Security and RBAC

Granting full privileges to a ServiceAccount

kubectl create clusterrolebinding my-super-admin-role --clusterrole=cluster-admin --user="system:serviceaccount:<namespace>:<service-account-name>"

Managing Workloads

Validate first!

kubectl create -f my.yaml --dry-run --validate=true

Scaling Replicas

kubectl scale --replicas=2 deployment nginx

Superficially scaling down a DaemonSet

Patch the DaemonSet to effectively "scale" to zero by using a nodeSelector:

kubectl -n <namespace> patch daemonset <daemonset-name> -p '{"spec": {"template": {"spec": {"nodeSelector": {"this-doesnt-exist": "true"}}}}}

Remove the nodeSelector from the patch command (above):

kubectl -n <namespace> patch daemonset daemonset-name --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/this-doesnt-exist"}]'

Editing Objects

$ kubectl edit deployment/ingress-controller

Specifying the editor to use:

$ KUBE_EDITOR=nano kubectl edit deployment/ingress-controller

Mark a node as “un-schedulable”

$ kubectl cordon

Remove all workloads from a node

$ kubectl drain

Managing Nodes

Adding a taint

$ kubectl taint node <node> <key>=<value>:NoSchedule

Removing a taint

$ kubectl taint node <node> <key>:NoSchedule-

Showing Utilization

Show utilization per node:

$ kubectl top node

Show utilization per pod:

$ kubectl top pod

Watch utilization per pod (repeatedly reload the command):

$ watch kubectl top pod

Sort pod usage from lowest to highest:

$ kubectl top pod | sort -k2 -n


Store the name of a pod by label:

$ MY_POD=$(kubectl get pods --all-namespaces -lapp=my-awesome-app -o jsonpath='{.items[0]})

Using the stored name:

$ kubectl logs -f -p $MY_POD $ kubectl exec -it $MY_POD sh


Listing nodes with taints

$ kubectl get nodes -o,TAINTS:.spec.taints

Sorting by a field and reversing the results (creationTimestamp — thanks to hubt)

kubectl get pods --sort-by .metadata.creationTimestamp | tac

Customizing column names

kubectl get pods --all-namespaces,NAMESPACE:.metadata.namespace,NODE:.spec.nodeName --sort-by=.spec.nodeName

Get all EndPoint ip addresses

kubectl get endpoints -o=jsonpath='{.items[*].subsets[*].addresses[*].ip}'


Get cluster event logs

$ kubectl get events -f

Get pod logs

kubectl get logs -f <name-of-pod>

Get logs from a terminated pod

$ kubectl logs  -p -f

Show utilization per pod

$ kubectl top pod

Port scan a service using nmap

$ kubectl run --image=mateothegreat/docker-alpine-nmap --rm -i -t nm -- -Pn -p9200,9300 <name-of-service>


Additional tools/utilities

Have a handy shortcut or tool?

Post a comment and I’ll get it added to the list!

Matthew Davis

Published 10 months ago


Leave us your opinion.