ht t ps: / / sek8s.

com/ sheet
@k u b esk ills v1.24
set alias for commands below al i as k =k ubec t l

CLUSTER & EVENTS

k c onf i g v i ew list the current context configuration k get ev ent s - w watch events in real-time
k c onf i g v i ew - o \ list all users in the cluster k get ep k ube- s c hedul er - n k ube- s y s t em - o find the elected leader in a highly available cluster (in
j s onpat h=' { . us er s [ * ] . name} ' y aml annotations)
k c onf i g v i ew - - f l at t en > ~/ . k ube/ c onf i g compress kube config into one file named 'config' k ubeadm v er s i on get the version of kubeadm

ex por t KUBECONFI G=c onf i g1: c onf i g2 use two kube config files simultaneously k ubeadm c onf i g pr i nt i ni t - def aul t s list default values kubeadm uses for cluster init

k c l us t er - i nf o view control plane and etcd information k ubeadm t ok en c r eat e - - pr i nt - j oi n- c ommand print the join command to add more nodes (sudo)

k get c omponent s t at us get system health k ubeadm t ok en l i s t list tokens that haven't expired

k api - r es our c es list available resources k ubeadm t ok en gener at e generate a new token to authenticate with cluster

k api - r es our c es - - names pac ed=t r ue list namespaced resources k ubeadm upgr ade pl an plan the upgrade of control plane components

k get - - r aw \ Get metrics data on nodes in the k8s cluster (replace k ubeadm upgr ade node upgrade local kubelet
/ api s / met r i c s . k 8s . i o/ v 1bet a1/ nodes nodes with pods to get pod metrics) k ex ec k ube- api s er v er - pod - n k ube- s y s t em - - view enabled admission controllers (can also look in
k ube- api s er v er - h | gr ep / etc/ kubernetes/ manifests/ kube-apiserver.yaml)
k get ev ent s - A list events in the all namespace enabl e- admi s s i on- pl ugi ns

NAMESPACE & CONTEXT

k c r eat e ns r obot - s hop create a namespace named 'robot-shop' k c onf i g c ur r ent - c ont ex t get the current context for kubectl
k get ns list all namespaces in the cluster k c onf i g s et - c ont ex t gk eCl us t er switch context to a cluster named 'gkeCluster'
k get ns - o y aml get the yaml config for all namespaces k c onf i g s et - c ont ex t - - c ur r ent - - names pac e swtich context to the current context in the
webapp namespace named 'webapp'
k get al l - A list all resources in all namespaces (--all-namespaces)
k c onf i g s et - c ont ex t gk eCl us t er - - names pac e switch context to cluster named 'gkeCluster' and in the
k des c r i be ns describe the namespace configuration r obot - s hop 'robot-shop' namespace
k edi t ns r obot - s hop edit the namespace named 'robot-shop' k c onf i g s et - c ont ex t gk eCl us t er - - us er =admi n switch context to cluster 'gkeCluster' as user 'admin'

k del et e ns r obot - s hop delete the namespace named 'robot-shop' k c onf i g us e- c ont ex t gk eCl us t er set the default context to 'gkeCluster'

k c onf i g get - c ont ex t s list available contexts from kube config k c onf i g del et e- c l us t er doc k er - des k t op remove the cluster 'docker-desktop' from kubeconfig

NODES
k get no list nodes in the default namespace k get no - o j s on | j q ' . i t ems [ ] . s pec . t ai nt s ' view taints on all nodes in the cluster
k get no - o wi de list nodes with IP address & runtime info k get nodes - o j s onpat h=" { r ange view taints on nodes including node names
. i t ems [ * ] } { . met adat a. name}
k get no - l list nodes with the label 'kubernetes.io/ control-plane' { . s pec . t ai nt s [ ?( @. ef f ec t ==' NoSc hedul e' ) ]
node- r ol e. k uber net es . i o/ c ont r ol - pl ane (k get no --show-labels to show labels) . ef f ec t } { \ " \ n\ " } { end} "
k des c r i be no describe all nodes in the cluster k t ai nt no my node1 taint node 'mynode1' to not schedule pods to it
node- r ol e. k uber net es . i o/ mas t er : NoSc hedul e
k l abel no my node1 di s k =s s d label node 'mynode1' with 'disk=ssd'
k t ai nt no my node1 taint node with key 'dedicated', value 'special-user'
k get no - - s how- l abel s shot labels on all nodes in the cluster dedi c at ed=s pec i al - us er : NoSc hedul e and effect 'NoSchedule'
k annot at e no my node1 az ur e=node add the annotation 'azure=node' to node 'mynode1' k t ai nt no my node1 dedi c at ed: NoSc hedul e- take away taint which allows pods to be scheduled
k get nodes - o list external IP addresses of all nodes in the default k t ai nt no my node1 dedi c at ed- take away taint key 'dedicated' from node
j s onpat h=' { i t ems [ * ] . s t at us . addr es s es [ ? namespace
( @. t y pe==" Ex t er nal I P" ) ] . addr es s es } ' k des c r i be no | gr ep Tai nt describe nodes and filter out the word 'Taint'
k get no - o list the first node only within the list of nodes in the k t ai nt no - l di s k =s s d taint node with label 'disk=ssd' and key 'dedicated'
j s onpat h=' { . i t ems [ 0] . met adat a. name} ' cluster dedi c at ed=my node1: Pr ef er NoSc hedul e
k t op node my node1 view cpu and memory metrics for node 'mynode1' k t ai nt no my node1 bar : NoSc hedul e taint node with key 'bar' and no value
 ht t ps: / / sek8s. com/ sheet
@k u b esk ills v1.24
set alias for commands below al i as k =k ubec t l

NODES (cont.)
k dr ai n my node1 - - i gnor e- daemons et s - - f or c e remove pods from node 'mynode1' ignore daemonsets k del et e no my node1 delete node 'mynode1' from the cluster
k c or don my node1 set 'mynode1' to unschedulable (cordon) k edi t no my node1 edit the node configuration
k unc or don my node1 set node 'mynode1' to schedulable (uncordon)

PODS
k r un ngi nx - - i mage=ngi nx create pod using image 'nginx' k annot at e po ngi nx s pec i al =app1 annotate pod with key 'special' and value 'app1'
k r un bus y box - - i mage=bus y box - i t create a pod with image 'busybox' and get a shell to it k get po ngi nx - o y aml show the YAML configuration for pod named 'nginx'
k r un c ur l pod - - i mage=ni c ol ak a/ net s hoot - - r m create pod and get a shell to it when exiting the shell k get pod ngi nx - o y aml - - ex por t > export the YAML for a pod to a file named
- i t - - sh will delete the pod podc onf i g. y ml 'podconfig.yml'
k r un dns t ool s - - i mage i nf obl ox / dns t ool s - - r m create pod with image 'infoblox/ dnstools' and run k get po - - f i el d- s el ec t or list pods that are running only
- i t - - bas h bash s t at us . phas e=Runni ng
k r un debug- pod - - i mage=bus y box - i t describe the namespace configuration k ex ec ngi nx env list environment variables for pod named 'nginx'
k r un ngi nx - - i mage=ngi nx - - dr y - r un=c l i ent - o create the YAML file 'pod.yml' for a pod with image k r un c ur l - - i mage=ni c ol ak a/ net s hoot - - r m - i t create a pod and cat out the 'resolv.conf' file and then
y aml > pod. y ml 'nginx' - - r es t ar t =Nev er - - c at / et c / r es ol v . c onf delete the pod upon exit
k get po list all pods in the default namespace k r un net s hoot - - i mage=ni c ol ak a/ net s hoot create a pod and run the command 'sleep 3600' inside
- - c ommand s l eep - - c ommand " 3600" the container
k get po - A - w tail the pods in all namespaces
k ex ec ?t ngi nx ? c at / et c / r es ol v . c onf cat the 'resolv.conf' file (dns info) on running pod
k wai t - - f or =c ondi t i on=r eady pod - l app=ngi nx tail the pods until pod with label 'app=nginx' is ready
k l ogs ngi nx get the logs for pod named 'nginx'
k get po - - al l - names pac es list pods in all namespaces
k l ogs - l app=ngi nx get the logs for all pods that have label 'app=nginx'
k get pods - A - o wi de - - f i el d- s el ec t or list running pods that reside on the node named
s pec . nodeName=c ont r ol - pl ane k l ogs ngi nx > pod. l og output the logs to file 'pod.log' for pod named 'nginx'
'control-plane'
k get al l - A list all cluster resources in all namespaces k l ogs ngi nx - - s i nc e=1h get the logs from pod 'nginx' forom the last hour
k get po, no, s v c - A list pods, nodes and services in all namespaces k l ogs ngi nx - - t ai l =20 get the last 20 lines from the logs from pod 'nginx'
k get po - o wi de list pods with IP addresses and node assignments k l ogs - f ngi nx - c l og stream the logs for container 'named 'log'
k des c r i be po describe all pods in the default namespace k l ogs ngi nx - f stream (follow) the logs from pod 'nginx'
k l abel ngi nx app=pr od add label 'app=prod' on the pod named 'nginx' k del et e po ngi nx delete pod named 'nginx'
k get po - - s how- l abel s show labels on all pods in the default namespace k edi t po ngi nx edit the pod configuration for pod named 'nginx'
k get po - l app=ngi nx list pods that have the label 'app=nginx' k por t - f or war d ngi nx 8080: 80 port forward from 80 on container to 8080 on host
k ex ec - i t mongodb mongo run the command 'mongo' on pod named 'mongo' k por t - f or war d el as t i c s ear c h- pod 9200: 9200 & port forward from 9200 and run in background (&)

k ex ec - i t my pod - c c ar t - - / bi n/ bas h get a shell to container 'cart' in pod named 'mypod' c ur l - - head ht t p: / / l oc al hos t : 9200 curl the forwarded port from control plane node
k ex ec - i t bux - - s h - c " whi l e t r ue; do ec ho run command in a running pod named 'bux' to echo
hel l o; s l eep 2; done" 'hello' and sleep for 2 seconds on a loop

DEPLOYMENTS & REPLICASETS

k c r eat e depl oy ngi nx - - i mage ngi nx create deployment named 'nginx' using image 'nginx' k r epl ac e - f depl oy . y ml create deployment only if resource already exists
k c r eat e depl oy ngi nx - - i mage ngi nx output deployment YAML to a file named 'deploy.yml' k r ol l out undo depl oy ngi nx undo deployment rollout named 'nginx'
- - dr y - r un=c l i ent - o y aml > depl oy . y ml
k r ol l out undo depl oy ngi nx - - t o- r ev i s i on=3 undo deployment rollout to 3rd revision
k c r eat e - f depl oy . y ml create deployment from file named 'deploy.yml'
k r ol l out paus e depl oy ngi nx pause deployment in the middle of rolling out
k c r eat e - f depl oy . y ml - - r ec or d create deployment from file and record the history
k r ol l out r es ume depl oy ngi nx resume a paused deployment rollout
k appl y - f depl oy . y ml create deployment, even if resource already exists
k r ol l out s t at us depl oy ment / ngi nx get the status of a current rollout
 ht t ps: / / sek8s. com/ sheet
@k u b esk ills v1.24
set alias for commands below al i as k =k ubec t l

DEPLOYMENTS & REPLICASETS (cont.)

k r ol l out r es t ar t depl oy ment / ngi nx restart pods in a deployment named 'nginx' k get depl oy , po, s v c - - al l - names pac es list deployments, pods and services in all namespaces
k r ol l out hi s t or y depl oy ngi nx get the rollout history for deployment 'nginx' k get depl oy - o wi de list deployments with image and selector information
k s c al e depl oy ngi nx - - r epl i c as =5 scale a deployment to have a total of 5 pods k get depl oy - o y aml get the YAML configuration for deployment
k s c al e depl oy ngi nx - - r epl i c as 3 - - r ec or d scale a deployment to 3 and record the output k des c r i be depl oy describe all deployments in the default namespace
k r ol l out hi s t or y depl oy ngi nx get the rollout history for deployment 'nginx' k del et e depl oy ngi nx delete deployment 'nginx' in default namespace
k s et i mage depl oy ment s / ngi nx change the image used for deployment 'nginx' to k get r s list all replicasets in the default namespace
ngi nx =ngi nx : 1. 14. 2 - - v 6 nginx:1.14.2
k get r s - o wi de list replicasets with container image and selector info
k edi t depl oy ngi nx edit the deployment configuration for 'nginx'
k get r s - o y aml output the YAML manifest for replicasets in default ns
k get depl oy list the deployments in the default namespace
k des c r i be r s describe the replicasets in default namespace
k get depl oy - - al l - names pac es list deployments in all namespaces in the cluster
k get al l - - al l - names pac es list all kubernetes resources in all namespaces

SERVICES & INGRESS

k c r eat e s v c nodepor t nodepor t - s v c create a nodeport type service exposing port 8080 from k c r eat e i ng c ool - i ng create ingress named 'cool-ing' that directs requests to
- - t c p=8080: 80 the container to port 80 on the host - - r ul e=" my c ool webapp. c om/ f or ums = mycoolwebapp.com/ forums to servcie named
k ex pos e depl oy ngi nx - - name=app- s er v i c e create service from deployment 'nginx' exposing port f or ums - s v c : 8080, t l s =my - c er t " 'forums-svc' on 8080 with tls secret 'my-cert'
- - por t =80 - - t y pe=NodePor t 80 and set type to nodeport k c r eat e i ng one- i ng create ingress named 'one-ing' that directs to service
k ex pos e s v c ngi nx - - name ngi nx - ht t ps - - por t clone the service 'nginx', creating a new service named - - r ul e=" / pat h=my web- s v c : 80" 'myweb-svc' on port 80
443 - - t ar get - por t 8443 nginx-https exposing port 443 with target 8443 k c r eat e i ng appgw- i ng create ingress 'appgw-ing' that adds an annotation for azure
- - r ul e=" az ur ewebapp. c om/ s hop=web- s v c : 8080" application gateway and directs 'azurewebapp.com/ shop' to
k get s v c list services in the default namespace - - annot at i on k uber net es . i o/ i ngr es s . c l as s = service 'web-svc' on port 8080
az ur e/ appl i c at i on- gat eway
k get s v c - o wi de list services with selector information
k c r eat e i ng r ewi r e- i ng create ingress 'rewir-ing' with annotation to rewrite
k get s v c - o y aml get YAML output for all services in default namespace - - r ul e=" c i r c ui t web. c om/ s hop=web- s v c : 8080"
the path or nginx ingress controllers
- - annot at i on
k des c r i be s v c describe all services in the default namespace " ngi nx . i ngr es s . k uber net es . i o/ r ewr i t e- t ar get = / "

k get s v c - - s how- l abel s view labels applied to all services in default namespace k c r eat e i ng moo- i ng create ingress 'moo-ing' where all requests go to
- - r ul e=" moo. c om/ =mi l k - s v c : 80" service 'milk-svc' on port 80 but requests
k edi t s v c app- s er v i c e edit the service named 'app-service' - - r ul e=" moo. c om/ f l av or s =f l av or - s v c : 8080" 'moo.com/ flavors' go to 'flavor-svc' on port 8080
k del et e s v c app- s er v i c e delete servcie named 'app-service'

ROLES & SERVICE ACCOUNTS

k get r ol es - n k ube- s y s t em list roles in 'kube-system' namespace k get c l us t er r ol ebi ndi ngs - o j s on | j q - r ' . i t ems [ ] list the clusterrolebindings that have a membership in
| s el ec t ( . s ubj ec t s [ 0] . k i nd==" Gr oup" ) |
s el ec t ( . s ubj ec t s [ 0] . name==" s y s t em: mas t er s " ) '
'system:masters' group
k get r ol es - n k ube- s y s t em - o y aml output YAML for roles in kube-system namespace
k aut h c an- i get s ec r et s - - as c had see if user 'chad' can list secrets in default namespace
k get c l us t er r ol es list all cluster roles in cluster
k c r eat e r ol e pod- r eader - - v er b=get create role named 'pod-reader' that can list, get, and
k aut h c an- i del et e pods - - as c had - n see if user 'chad' can delete pods in the default
def aul t namespace
- - v er b=l i s t - - v er b=wat c h - - r es our c e=pods watch pods
k c r eat e c l us t er r ol e pod- r eader k get s a list serviceaccounts in the default namespace
create clusterrole that can get, list, and watch pods
- - v er b=get , l i s t , wat c h - - r es our c e=pods
k get s a - o y aml output the YAML for serviceaccounts in default ns
k c r eat e r ol ebi ndi ng bob- admi n- bi ndi ng create rolebinding 'bob-admin-binding' to role 'admin'
- - c l us t er r ol e=admi n - - us er =bob k get s a def aul t - o y aml > s a. y ml output YAML for the default serviceaccount to sa.yml
for user 'bob' in namespace 'robot-shop'
- - names pac e=r obot - s hop replace 'default' sa with YAML from sa.yml
k r epl ac e s a def aul t - f s a. y ml
k c r eat e c l us t er r ol ebi ndi ng create clusterrolebinding 'root-cluster-admin-binding'
r oot - c l us t er - admi n- bi ndi ng k edi t s a def aul t edit the service account named 'default'
to 'admin' clusterrole for user 'bob'
- - c l us t er r ol e=admi n - - us er =bob
k del et e s a def aul t delete service account 'default' in default namespace
 ht t ps: / / sek8s. com/ sheet
@k u b esk ills v1.24
set alias for commands below al i as k =k ubec t l

CONFIGMAPS & SECRETS

k get c m list configmaps in default namespace k c r eat e s ec r et gener i c v aul t - t l s create a generic secret 'vault-tls' from key file named
- - f r om- f i l e=v aul t . k ey =k ey 'key', client certificate file named
k get c m - - al l - names pac es list confirmaps in all namespaces - - f r om- f i l e=v aul t . c r t =v aul t . ex ampl e. c om. pem 'vault.example.com.pem' and ca file named 'ca'
- - f r om- f i l e=v aul t . c a=c a
k get c m - - al l - names pac es - o y aml get YAML config for all configmaps in all namespaces
k get s ec r et s list secrets in the default namespace
k c r eat e s ec r et gener i c db- us er - pas s create generic secret 'db-user-pass' from file
- - f r om- f i l e=. / us er name. t x t 'username.txt' and 'password.txt' k get s ec r et s - - al l - names pac es list secrets in all namespaces
- - f r om- f i l e=. / pas s wor d. t x t
k c r eat e s ec r et gener i c db- us er - pas s k get s ec r et s - - al l - names pac es - o y aml get YAML for all secrets in all namespaces
create generic secret from file and give the names of
- - f r om- f i l e=us er name=. / us er name. t x t keys as 'username' and 'password' k get s ec r et db- us er - pas s - o get data contents out of the secret 'db-user-pass' (in
- - f r om- f i l e=pas s wor d=. / pas s wor d. t x t j s onpat h=' { . dat a} ' base64 encoded format, decode with base64 -d
k c r eat e s ec r et gener i c v aul t - l i c ens e create generic secret 'vault-license' from an env
- - f r om- l i t er al =" l i c ens e=${ s ec r et } " variable named 'secret'

DAEMONSETS
k get ds list all daemonsets in default namespace k edi t ds k ube- pr ox y - n k ube- s y s t em edit 'kube-proxy' daemonset in kube-system ns
k get ds - - al l - names pac es list all daemonsets in all namespaces k edi t ds k ube- pr ox y - n k ube- s y s t em edit 'kube-proxy' daemonset in kube-system ns
k des c r i be ds k ube- pr ox y - n k ube- s y s t em describe 'kube-proxy' daemonset in kube-system ns k del et e ds k ube- pr ox y - n k ube- s y s t em delete daemonset named 'kube-proxy'
k get ds k ube- pr ox y - n k ube- s y s t em - o y aml get YAML output of 'kube-proxy' daemonset

VOLUMES & STORAGE CLASS

c at <<EOF | k appl y - f - create hostpath persistent volume named 'pv-volume' k get pv list persistent volumes in default namespace
api Ver s i on: v 1
k i nd: Per s i s t ent Vol ume using 1 gigabyte of storage from the host at
met adat a: k get pv pv - v ol ume list only volume named 'pv-volume'
name: pv - v ol ume
'/ mnt/ data' on host
s pec : k get pv pv - v ol ume - o y aml show YAML output of persistent volume 'pv-volume'
hos t Pat h:
pat h: " / mnt / dat a"
c apac i t y : k des c r i be pv describe all persistent volumes in default ns
s t or age: 1Gi
ac c es s Modes : k des c r i be pv pv - v ol ume describe persistent volume 'pv-volume'
- ReadWr i t eOnc e
EOF k get pv c list persistent volume claims in default ns
c at <<EOF | k appl y - f - create persistent volume claim named 'pv-claim' that
api Ver s i on: v 1 k get pv c pv - c l ai m list persistent volume claim named 'pv-claim'
k i nd: Per s i s t ent Vol umeCl ai m requests 1 gigabyte of storage from the first available
met adat a: persistent volume in the cluster k get pv c pv - c l ai m - o y aml get YAML output of persistent volume claim 'pv-claim'
name: pv - c l ai m
s pec :
ac c es s Modes : k des c r i be pv c describe all persistent volume claims in default ns
- ReadWr i t eOnc e
r es our c es : k des c r i be pv c pv - c l ai m describe persistent volume claim 'pv-claim'
r eques t s :
s t or age: 1Gi list persistent volumes and persistent volume claims
EOF k get pv , pv c
c at <<EOF | k appl y - f - create a pod named 'pv-pod' that uses the persistent k del et e pv pv - v ol ume delete persistent volume 'pv-volume'
api Ver s i on: v 1
k i nd: Pod volume claim 'pv-claim' and mounts a volume named delete persistent volume claim 'pv-claim'
met adat a: k del et e pv c pv - c l ai m
name: pv - pod
'pv-storage' inside of the container at
s pec : '/ usr/ share/ nginx/ html' k get s c list storage classes in the default namespace
c ont ai ner s :
- name: pv - c ont ai ner get YAML output of all storage classes in default ns
i mage: ngi nx k get s c - o y aml
v ol umeMount s :
- mount Pat h: " / us r / s har e/ ngi nx / ht ml " k get v ol umeat t ac hment s view the volumes attached to nodes (non-namespaced)
name: pv - s t or age
v ol umes :
- name: pv - s t or age
per s i s t ent Vol umeCl ai m:
c l ai mName: pv - c l ai m
EOF