Last active
January 24, 2024 22:31
-
-
Save mmastoras/11d438eafd9581206b547b2004348ba6 to your computer and use it in GitHub Desktop.
kubectl cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # get logs from a pod | |
| $ kubectl logs -f <pod name> --namespace <namespace> | |
| # get logs from a specific container in a pod | |
| $ kubectl logs -f <pod name> -c <container> -n <namespace> | |
| # get logs across several containers | |
| $ kubectl logs -l istio=ingressgateway -n istio-system -c ingress-sds # by using label | |
| # get list of pods and observe their logs | |
| for pod in $(kubectl get pods --namespace kube-system --selector=k8s-app=aws-iam-authenticator -o jsonpath="{.items[*].metadata.name}"); do | |
| kubectl logs -f "${pod}" --namespace kube-system & | |
| done | |
| # view config of service | |
| $ kubectl get service/mercury-web -n entelo -o yaml | |
| # switch kubectl context for different clusters | |
| $ kubectl config use-context dev | |
| # list services across all namespaces | |
| $ kubectl get services --all-namespaces | |
| # describe deployment | |
| $ kubectl describe <deployment> -n <namespace> | |
| # create secret | |
| $ kubectl create secret generic mtt-secret --from-literal=postgres-password=XXXXXXXX --from-file=sentry-token=./sentry_token.txt | |
| # get secret value | |
| $ kubectl get secret <secret name> -n <namespace> -o yaml | |
| # get external secret value | |
| $ kubectl get externalsecret <secret name> -n <namespace> | |
| # describe pod | |
| $ kubctl describe pod <pod name> -n <namespace> | |
| # bash into running pod | |
| $ kubectl exec -it <pod name> -n <namespace> -- /bin/bash | |
| # base into a specific container within a pod | |
| $ kubectl exec -it <pod name> -c <container name> -n <namespace> -- /bin/bash | |
| # delete pod | |
| $ kubectl delete pod <pod name> -n <namespace> [--force] [--grace-period=0] | |
| # delete all pods in namespace | |
| $ kubectl -n <namespace> delete pod --all | |
| # run a container for network troubleshoting | |
| $ kubectl run -it --rm --restart=Never --image nicolaka/netshoot -n <namespace> "$(whoami)-interactive" | |
| $ kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash | |
| bash-4.4# nslookup kubernetes.default | |
| # list container in pod | |
| $ kubectl get pods -n <namespace> -o jsonpath="{.items[*].spec.containers[*].image}" | |
| # get kube2iam logs | |
| $ kubectl get pods -n <namespace> -o wide # select NODE id your container(s) are running on | |
| $ kubectl describe/<node id> # Get the pod name of the kube2iam-*** | |
| $ kubectl logs -f <kube2iam-***> -n <addon-kube2iam> | |
| # get all service accounts | |
| $ kubectl get sa --all-namespaces | |
| # get container manifest | |
| $ kubectl get pod/<pod name> -n <namespace> -o yaml | |
| # copy a file to a running container | |
| $ kubectl cp <local file path> <namespace>/<pod name>:<container file path> -c <container name> | |
| # Create/Apply run a kustomize build pipe through the kubectl apply | |
| $ kustomize build <path to overlay> | kubectl apply -f - | |
| # kustomize build to verify base/overlays | |
| $ kustomize build . > output.yaml | |
| # Delete run a customize build pipe throuh to kubectl delete | |
| $ kustomize build <path to overlay> | kubectl delete -f - | |
| # apply a kustomize.yaml | |
| $ kubectl apply -k . | |
| # dry-run apply a kustomize.yaml | |
| $ kubectl apply -k . --dry-run | |
| # apply a yaml | |
| $ kubectl apply -f some-yaml.yml | |
| # delete | |
| $ kubectl delete -k . --dry-run | |
| # get full manifest from resource | |
| $ kubectl get Ingress -n app1 app1-ingress -o yaml | |
| # switch kubectl context | |
| $ kubectl config use-context dev | |
| # delete all from kustomize manifest | |
| $ kubectl delete -k . | |
| # find which nodes pods are running on | |
| $ kubectl get pods -o wide -n app1 | |
| # annotate a resource | |
| $ kubectl annotate sa flaskhelloworld eks.amazonaws.com/role-arn=arn:aws:iam::458891109543:role/alpha-k8s-IRSA-Vault-Auth -n app1 | |
| # patch a resource | |
| kubectl patch deployment flaskhelloworld --patch "$(cat patches/agent-inject-aws-auth.yaml)" -n app1 | |
| # launch an interactive pod | |
| $ kubectl run -it --rm=true --restart=Never --image ubuntu:18.04 --namespace argocd --overrides='{ "spec": { "serviceAccount": "argocd-server" } }' "$(whoami)-interactive" | |
| $ kubectl run -it --rm=true --restart=Never --image nicolaka/netshoot --namespace amenities --overrides='{ "spec": { "serviceAccount": "amenities" } }' "$(whoami)-interactive" | |
| # patch a pod to allow it to delete, if stuck terminating | |
| $ kubectl -n actions-runner-system patch pod/arc-runner-7fnnz-fvf7q -p '{"metadata":{"finalizers":null}}' | |
| # patch a namespace to allow it to delete, if stuck terminating | |
| $ kubectl get namespace actions-runner-system -o json > actions-runner-system.json | |
| # remove kubernetes from finalizers array which is under spec | |
| $ kubectl replace --raw "/api/v1/namespaces/actions-runner-system/finalize" -f ./actions-runner-system.json | |
| # get all endpoints | |
| $ kubectl get endpoints -A | |
| # set command to allow you to exec into a container that is in CrashLoopBackOff | |
| command: ['tail', '-f', '/dev/null'] | |
| # port forwarding onto a pod | |
| $ kubectl -n <namespace> port-forward <pod name> 8080:8080 | |
| # restart pod via a deployment rollout | |
| $ kubectl rollout restart deployment <deployment_name> -n <namespace> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment