Kubernetes Cheatsheet
1.1 Common Commands
NameCommandRun curl test temporarilykubectl run --generator=run-pod/v1 --rm mytest --image=yauritux/busybox-curl -itRun wget test temporarilykubectl run --generator=run-pod/v1 --rm mytest --image=busybox -it wgetRun nginx deployment with 2 replicaskubectl run my-nginx --image=nginx --replicas=2 --port=80Run nginx pod and expose itkubectl run my-nginx --restart=Never --image=nginx --port=80 --exposeRun nginx deployment and expose itkubectl run my-nginx --image=nginx --port=80 --exposeList authenticated contextskubectl config get-contexts, ~/.kube/configSet namespace preferencekubectl config set-context <context_name> --namespace=<ns_name>List pods with nodes infokubectl get pod -o wideList everythingkubectl get all --all-namespacesGet all serviceskubectl get service --all-namespacesGet all deploymentskubectl get deployments --all-namespacesShow nodes with labelskubectl get nodes --show-labelsGet resources with json outputkubectl get pods --all-namespaces -o jsonValidate yaml file with dry runkubectl create --dry-run --validate -f pod-dummy.yamlStart a temporary pod for testingkubectl run --rm -i -t --image=alpine test-$RANDOM -- shkubectl run shell commandkubectl exec -it mytest -- ls -l /etc/hostsGet system conf via configmapkubectl -n kube-system get cm kubeadm-config -o yamlGet deployment yamlkubectl -n denny-websites get deployment mysql -o yamlExplain resourcekubectl explain pods, kubectl explain svcWatch podskubectl get pods -n wordpress --watchQuery healthcheck endpointcurl -L http://127.0.0.1:10250/healthzOpen a bash terminal in a podkubectl exec -it storage shCheck pod environment variableskubectl exec redis-master-ft9ex envEnable kubectl shell autocompletionecho "source <(kubectl completion bash)" >>~/.bashrc, and reloadUse minikube dockerd in your laptopeval $(minikube docker-env), No need to push docker hub any moreKubectl apply a folder of yaml fileskubectl apply -R -f .Get services sorted by namekubectl get services –sort-by=.metadata.nameGet pods sorted by restart countkubectl get pods –sort-by=’.status.containerStatuses[0].restartCount’List pods and imageskubectl get pods -o=’custom-columns=PODS:.metadata.name,Images:.spec.containers[*].image’List all container imageslist-all-images.shkubeconfig skip tls verificationskip-tls-verify.mdUbuntu install kubectl=”deb https://apt.kubernetes.io/ kubernetes-xenial main”=ReferenceGitHub: kubernetes releasesReferenceminikube cheatsheet, docker cheatsheet, OpenShift CheatSheet
1.2 Check Performance
NameCommandGet node resource usagekubectl top nodeGet pod resource usagekubectl top podGet resource usage for a given podkubectl top <podname> --containersList resource utilization for all containerskubectl top pod --all-namespaces --containers=true
1.3 Resources Deletion
NameCommandDelete podkubectl delete pod/<pod-name> -n <my-namespace>Delete pod by forcekubectl delete pod/<pod-name> --grace-period=0 --forceDelete pods by labelskubectl delete pod -l env=testDelete deployments by labelskubectl delete deployment -l app=wordpressDelete all resources filtered by labelskubectl delete pods,services -l name=myLabelDelete resources under a namespacekubectl -n my-ns delete po,svc --allDelete persist volumes by labelskubectl delete pvc -l app=wordpressDelete state fulset only (not pods)kubectl delete sts/<stateful_set_name> --cascade=false
1.4 Log & Conf Files
NameCommentConfig folder/etc/kubernetes/Certificate files/etc/kubernetes/pki/Credentials to API server/etc/kubernetes/kubelet.confSuperuser credentials/etc/kubernetes/admin.confkubectl config file~/.kube/configKubernets working dir/var/lib/kubelet/Docker working dir/var/lib/docker/, /var/log/containers/Etcd working dir/var/lib/etcd/Network cni/etc/cni/net.d/Log files/var/log/pods/log in worker node/var/log/kubelet.log, /var/log/kube-proxy.loglog in master nodekube-apiserver.log, kube-scheduler.log, kube-controller-manager.logEnv/etc/systemd/system/kubelet.service.d/10-kubeadm.confEnvexport KUBECONFIG=/etc/kubernetes/admin.conf
1.5 Pod
NameCommandList all podskubectl get podsList pods for all namespacekubectl get pods -all-namespacesList all critical podskubectl get -n kube-system pods -aList pods with more infokubectl get pod -o wide, kubectl get pod/<pod-name> -o yamlGet pod infokubectl describe pod/srv-mysql-serverList all pods with labelskubectl get pods --show-labelsList all unhealthy podskubectl get pods –field-selector=status.phase!=Running –all-namespacesList running podskubectl get pods –field-selector=status.phase=RunningGet Pod initContainer statuskubectl get pod --template '{{.status.initContainerStatuses}}' <pod-name>kubectl run commandkubectl exec -it -n “$ns” “$podname” – sh -c “echo $msg >>/dev/err.log”Watch podskubectl get pods -n wordpress --watchGet pod by selectorkubectl get pods –selector=”app=syslog” -o jsonpath=’{.items[*].metadata.name}’List pods and imageskubectl get pods -o=’custom-columns=PODS:.metadata.name,Images:.spec.containers[*].image’List pods and containers-o=’custom-columns=PODS:.metadata.name,CONTAINERS:.spec.containers[*].name’ReferenceLink: kubernetes yaml templates
1.6 Label & Annontation
NameCommandFilter pods by labelkubectl get pods -l owner=dennyManually add label to a podkubectl label pods dummy-input owner=dennyRemove labelkubectl label pods dummy-input owner-Manually add annonation to a podkubectl annotate pods dummy-input my-url=https://dennyzhang.com
1.7 Deployment & Scale
NameCommandScale outkubectl scale --replicas=3 deployment/nginx-apponline rolling upgradekubectl rollout app-v1 app-v2 --image=img:v2Roll backupkubectl rollout app-v1 app-v2 --rollbackList rolloutkubectl get rsCheck update statuskubectl rollout status deployment/nginx-appCheck update historykubectl rollout history deployment/nginx-appPause/Resumekubectl rollout pause deployment/nginx-deployment, resumeRollback to previous versionkubectl rollout undo deployment/nginx-deploymentReferenceLink: kubernetes yaml templates, Link: Pausing and Resuming a Deployment
1.8 Quota & Limits & Resource
NameCommandList Resource Quotakubectl get resourcequotaList Limit Rangekubectl get limitrangeCustomize resource definitionkubectl set resources deployment nginx -c=nginx --limits=cpu=200mCustomize resource definitionkubectl set resources deployment nginx -c=nginx --limits=memory=512MiReferenceLink: kubernetes yaml templates
1.9 Service
NameCommandList all serviceskubectl get servicesList service endpointskubectl get endpointsGet service detailkubectl get service nginx-service -o yamlGet service cluster ipkubectl get service nginx-service -o go-template=’{{.spec.clusterIP}}’Get service cluster portkubectl get service nginx-service -o go-template=’{{(index .spec.ports 0).port}}’Expose deployment as lb servicekubectl expose deployment/my-app --type=LoadBalancer --name=my-serviceExpose service as lb servicekubectl expose service/wordpress-1-svc --type=LoadBalancer --name=ns1ReferenceLink: kubernetes yaml templates
1.10 Secrets
NameCommandList secretskubectl get secrets --all-namespacesGenerate secretecho -n 'mypasswd', then redirect to base64 --decodeGet secretkubectl get secret denny-cluster-kubeconfigGet a specific field of a secretkubectl get secret denny-cluster-kubeconfig -o jsonpath=”{.data.value}”Create secret from cfg filekubectl create secret generic db-user-pass –from-file=./username.txtReferenceLink: kubernetes yaml templates, Link: Secrets
1.11 StatefulSet
NameCommandList statefulsetkubectl get stsDelete statefulset only (not pods)kubectl delete sts/<stateful_set_name> --cascade=falseScale statefulsetkubectl scale sts/<stateful_set_name> --replicas=5ReferenceLink: kubernetes yaml templates
1.12 Volumes & Volume Claims
NameCommandList storage classkubectl get storageclassCheck the mounted volumeskubectl exec storage ls /dataCheck persist volumekubectl describe pv/pv0001Copy local file to podkubectl cp /tmp/my <some-namespace>/<some-pod>:/tmp/serverCopy pod file to localkubectl cp <some-namespace>/<some-pod>:/tmp/server /tmp/myReferenceLink: kubernetes yaml templates
1.13 Events & Metrics
NameCommandView all eventskubectl get events --all-namespacesList Events sorted by timestampkubectl get events –sort-by=.metadata.creationTimestamp
1.14 Node Maintenance
NameCommandMark node as unschedulablekubectl cordon $NODE_NAMEMark node as schedulablekubectl uncordon $NODE_NAMEDrain node in preparation for maintenancekubectl drain $NODE_NAME
1.15 Namespace & Security
NameCommandList authenticated contextskubectl config get-contexts, ~/.kube/configSet namespace preferencekubectl config set-context <context_name> --namespace=<ns_name>Switch contextkubectl config use-context <cluster-name>Load context from config filekubectl get cs --kubeconfig kube_config.ymlDelete the specified contextkubectl config delete-context <cluster-name>List all namespaces definedkubectl get namespacesList certificateskubectl get csrCheck user privilegekubectl –as=system:serviceaccount:ns-denny:test-privileged-sa -n ns-denny auth can-i use pods/listCheck user privilegekubectl auth can-i use pods/listReferenceLink: kubernetes yaml templates
1.16 Network
NameCommandTemporarily add a port-forwardingkubectl port-forward redis-134 6379:6379Add port-forwaring for deploymentkubectl port-forward deployment/redis-master 6379:6379Add port-forwaring for replicasetkubectl port-forward rs/redis-master 6379:6379Add port-forwaring for servicekubectl port-forward svc/redis-master 6379:6379Get network policykubectl get NetworkPolicy
1.17 Patch
NameSummaryPatch service to loadbalancerkubectl patch svc $svc_name -p ‘{“spec”: {“type”: “LoadBalancer”}}’
1.18 Extenstions
NameSummaryEnumerates the resource types availablekubectl api-resourcesList api groupkubectl api-versionsList all CRDkubectl get crdList storageclasskubectl get storageclass
1.19 Components & Services
1.19.1 Services on Master Nodes
NameSummarykube-apiserverAPI gateway. Exposes the Kubernetes API from master nodesetcdreliable data store for all k8s cluster datakube-schedulerschedule pods to run on selected nodeskube-controller-managerReconcile the states. node/replication/endpoints/token controller and service account, etccloud-controller-manager
1.19.2 Services on Worker Nodes
NameSummarykubeletA node agent makes sure that containers are running in a podkube-proxyManage network connectivity to the containers. e.g, iptable, ipvsContainer RuntimeKubernetes supported runtimes: dockerd, cri-o, runc and any OCI runtime-spec implementation.
1.19.3 Addons: pods and services that implement cluster features
NameSummaryDNSserves DNS records for Kubernetes servicesWeb UIa general purpose, web-based UI for Kubernetes clustersContainer Resource Monitoringcollect, store and serve container metricsCluster-level Loggingsave container logs to a central log store with search/browsing interface
1.19.4 Tools
NameSummarykubectlthe command line util to talk to k8s clusterkubeadmthe command to bootstrap the clusterkubefedthe command line to control a Kubernetes Cluster FederationKubernetes ComponentsLink: Kubernetes Components
1.20 More Resources
https://kubernetes.io/docs/reference/kubectl/cheatsheet/
https://codefresh.io/kubernetes-guides/kubernetes-cheat-sheet/
1.21 list-all-images.sh
#!/usr/bin/env bash
kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
1.22 get-pod-error-log.sh
#!/usr/bin/env bash
namespace=${1:-""}
log_pattern="grep -iE 'exception|error' | grep -v 'Reconciler error' | tail -n10"
if [ -z "$namespace" ]; then
options="--all-namespaces"
else
options="-n $namespace"
fi
command="kubectl get pods -o='custom-columns=PODS:.metadata.name,PODS:.metadata.namespace' $options | grep -v PODS"
echo "$command"
pods=$(eval "$command")
IFS=$'\n'
for item in $pods; do
pod=$(echo "$item" | awk '{print $1}')
ns=$(echo "$item" | awk '{print $2}')
command="kubectl logs pod/$pod -n $ns | $log_pattern"
echo "$command" && eval "$command"
done
