Skip to content

Instantly share code, notes, and snippets.

Last active June 5, 2024 16:53
Show Gist options
  • Save pydevops/0efd399befd960b5eb18d40adb68ef83 to your computer and use it in GitHub Desktop.
Save pydevops/0efd399befd960b5eb18d40adb68ef83 to your computer and use it in GitHub Desktop.
k8s kubectl cheat sheet


cheatsheet & tips

cool gear to have


# loop with range
# list pod's name
k get po -o jsonpath='{range .items[*]}{}{"\n"}{end}'
k get po -o jsonpath={}
# list node names and cpu capacity
k get nodes -o jsonpath='{range .items[*]}{}{"\t"}{.status.capacity.cpu}{"\n"}{end}'

# list image
kubectl get pods -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n'  | sort | uniq
kubectl get pods -o jsonpath="{.items[*].spec.containers[*].image}"
kubectl get pods -o jsonpath='{.items[*].status.podIP}' 
kubectl get pods -o jsonpath='{range .items[*]}{"\n"}{}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'

kubectl get svc -l component=elasticsearch,role=client -o jsonpath='{..ip}'
grace=$(kubectl get po cassandra-0 -o=jsonpath=‘{.spec.terminationGracePeriodSeconds}’) 
grace=$(kubectl get sts -l component=elasticsearch,role=data -o jsonpath='{..terminationGracePeriodSeconds}'

# list node instance type, zone, ami
echo "***list karpenter nodes ami"
kubectl get nodes -L -l -o custom-columns=",InstanceType:.metadata.labels.node\.kubernetes\.io/instance-type,\


# same query  in jsonpath
k get po -o custom-columns=''
# same query as in jsonpath for node and cpu counts
k get nodes -o custom-columns=",CPU:.status.capacity.cpu"

# node name
k get nodes -o
# pod name
k get po -o
# image name
k get po -o custom-columns='IMAGE:spec.containers[*].image'

# list container image and k8s-app lable value in kube-system
k get deployment -o custom-columns='IMAGE:.spec.template.spec.containers[*].image,LABEL:.spec.template.metadata.labels.k8s-app' -n kube-system


# implict range or items[*]

k get nodes --sort-by=""
k get nodes --sort-by=".status.capacity.cpu"

k get po --sort-by=.spec.nodeName -o wide
k get po --sort-by=".metadata.creationTimestamp"
k get pv -o custom-columns=","

clean up pods

Did this for cleaning up pods with not in Running state such as Terminated

k get po --field-selector=status.phase!=Running -o custom-columns="" --no-headers | xargs kubectl delete po



kubectl run -it --rm debug --image=busybox -- sh

context, namespace

 get current context: kubectl config view -o=jsonpath='{.current-context}'
 get all contexts:  kubectl config get-contexts -o=name | sort -n
 get namesapce:  kubectl get namespaces -o=jsonpath='{range .items[*]}{@}{"\n"}{end}'
kubectl config use-context <cluster_name_in_kubeconfig>
kubectl --context <context>

## set the namespace for the current context
kubectl config set-context gke_sandbox-co_us-west1-a_cka --namespace=kube-system
kubectl config set-context --current --namespace=kube-system


# Print the supported API group and its versions on the server, in the form of "group/version"
k api-versions | sort 

# list api-resources with sorting
kubectl api-resources --sort-by=name 
kubectl api-resources --sort-by=kind

# find out what is under the api group

k api-resources
ingressclasses          false        IngressClass
ingresses         ing   true         Ingress
networkpolicies   netpol   true         NetworkPolicy

# then we can explain with $APIVERSION
k explain --api-version=$APIVERSION ingress --recursive
k explain --api-version=apps/v1 deployment --recursive

# for each "group/version" in the output above except for "api/v1"
kubectl get --raw /apis/${group/version} |  jq -r '.resources[].kind'

kubectl get --raw /apis/apps/v1 | jq . -C | less -R

list resources under a specific api version.

This is due to API deprecations

kubectl get deployments.v1.apps


echo $(kubectl get secret/terraform -o jsonpath="{.data['terraform\.json']}" | base64 --decode)

Play with jid and jq

Get the TCP LB port and IP

  EXT_IP="$(kubectl get svc hello-server -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')"
  EXT_PORT=$(kubectl --namespace default get service hello-server -o=jsonpath='{.spec.ports[0].port}')
  echo "$EXT_IP:$EXT_PORT"
  [ "$(curl -s -o /dev/null -w '%{http_code}' "$EXT_IP:$EXT_PORT"/)" -eq 200 ] || exit 1



kubectl rollout pause deployment/hello
kubectl rollout status deployment/hello
# check the versions on pods
kubectl get pods -o jsonpath --template='{range .items[*]}{}{"\t"}{"\t"}{.spec.containers[0].image}{"\n"}{end}'
kubectl rollout resume deployment/hello
# roll back
kubectl rollout undo deployment/hello


# list what a sa 's rbac
k auth can-i --list  --as system:serviceaccount:datadog:datadog 
k auth can-i get crd --as system:serviceaccount:velero:velero
k auth can-i '*' '*' --as system:serviceaccount:default:remote-admin-sa --all-namespaces
# list what I can do
k auth can-i get crd
k auth can-i '*' '*' --all-namespaces

# with krew plugins

## check out rbac roles for a given user/group,sa

## first find out what we have 
k rbac-lookup -k user
k rbac-lookup -k group
k rbac-lookup -k serviceaccount
# then find out what velero can do
k rbac-lookup velero -o wide

# from resource perspective
k who-can list '*'
k who-can create customresourcedefinition

## access matrix for user/group,sa
k access-matrix --sa default:deployer
k access-matrix --sa kube-system:kube-state-metrics

find top resource hungry pod

# pod sort by cpu
k top pods --sort-by=cpu --no-headers 
# container sort by memory
k top pods --containers --sort-by=memory
kubectl top pods -A --no-headers | sort -rn -k 3
# memory
kubectl top pods -A --no-headers | sort -rn -k 4
# top 1
kubectl top pod  --no-headers | grep -v NAME | sort -k 3 -nr | awk -F ' ' 'NR==1{print $1}'


# all nodes
kubectl get --raw /apis/ | jq -C . | less -R
# individual node 
kubectl get --raw /apis/$NODE_NAME

# all pods
kubectl get --raw /apis/ | jq . -C | less -R
# individual pod
kubectl get --raw /apis/$NS/pods/$POD

# jq
kubectl get --raw /apis/ \
| jq '[.items [] | {nodeName:, nodeCpu: .usage.cpu, nodeMemory: .usage.memory}]'

kubectl get --raw /apis/ | jq . -C | less -R
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment