Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
k8s kubectl cheat sheet



cool gear to have


clean up pods

Did this for cleaning up pods with not in Running state such as Terminated

k get po --field-selector=status.phase!=Running -o custom-columns="" --no-headers | xargs kubectl delete po



kubectl run -it --rm debug --image=busybox -- sh

context, namespace

 get current context: kubectl config view -o=jsonpath='{.current-context}'
 get all contexts:  kubectl config get-contexts -o=name | sort -n
 get namesapce:  kubectl get namespaces -o=jsonpath='{range .items[*]}{@}{"\n"}{end}'
kubectl config use-context <cluster_name_in_kubeconfig>
kubectl --context <context>

## set the namespace for the current context
kubectl config set-context gke_sandbox-co_us-west1-a_cka --namespace=kube-system
kubectl config set-context --current --namespace=kube-system


# Print the supported API group and its versions on the server, in the form of "group/version"
k api-versions | sort 

# list api-resources with sorting
kubectl api-resources --sort-by=name 
kubectl api-resources --sort-by=kind

# find out what is under the api group

k api-resources
ingressclasses          false        IngressClass
ingresses         ing   true         Ingress
networkpolicies   netpol   true         NetworkPolicy

# then we can explain with $APIVERSION
k explain --api-version=$APIVERSION ingress --recursive
k explain --api-version=apps/v1 deployment --recursive

# for each "group/version" in the output above except for "api/v1"
kubectl get --raw /apis/${group/version} |  jq -r '.resources[].kind'

kubectl get --raw /apis/apps/v1 | jq . -C | less -R

list resources under a specific api version.

This is due to API deprecations

kubectl get deployments.v1.apps


echo $(kubectl get secret/terraform -o jsonpath="{.data['terraform\.json']}" | base64 --decode)

Play with jid and jq

grace=$(kubectl get po cassandra-0 -o=jsonpath=‘{.spec.terminationGracePeriodSeconds}’) 
grace=$(kubectl get sts -l component=elasticsearch,role=data -o jsonpath='{..terminationGracePeriodSeconds}'

kubectl get svc -l component=elasticsearch,role=client -o jsonpath='{..ip}'
kubectl get pods -o jsonpath="{..image}"
kubectl get pods -o jsonpath="{.items[*].spec.containers[*].image}"
kubectl get pods -o jsonpath='{.items[*].status.podIP}'
kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}' | tr " " "\n"
kubectl get nodes -o json | jq '.items[] | .spec'
kubectl get no -o go-template='{{range .items}}{{.spec.podCIDR}}{{"\n"}}{{end}}'
kubectl get pods -o jsonpath='{range .items[*]}{"\n"}{}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'
kubectl get pods -o go-template --template="{{range .items}}{{range .spec.containers}}{{.image}} {{end}}{{end}}"

kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c


k get po -A -o=custom-columns='DATA:spec.containers[*].image'
k get pv -o=custom-columns=","
k get deployment -o custom-columns='IMAGE:.spec.template.spec.containers[*].image,LABEL:.spec.template.metadata.labels.k8s-app' -n kube-system


kubectl get po --sort-by=.spec.nodeName -o wide
kubectl get po --sort-by=".metadata.creationTimestamp"

Get the TCP LB port and IP

  EXT_IP="$(kubectl get svc hello-server -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')"
  EXT_PORT=$(kubectl --namespace default get service hello-server -o=jsonpath='{.spec.ports[0].port}')
  echo "$EXT_IP:$EXT_PORT"
  [ "$(curl -s -o /dev/null -w '%{http_code}' "$EXT_IP:$EXT_PORT"/)" -eq 200 ] || exit 1



kubectl rollout pause deployment/hello
kubectl rollout status deployment/hello
# check the versions on pods
kubectl get pods -o jsonpath --template='{range .items[*]}{}{"\t"}{"\t"}{.spec.containers[0].image}{"\n"}{end}'
kubectl rollout resume deployment/hello
# roll back
kubectl rollout undo deployment/hello


k auth can-i get crd
k auth can-i '*' '*' --all-namespaces
k auth can-i get crd --as system:serviceaccount:velero:velero
k auth can-i '*' '*' --as system:serviceaccount:default:remote-admin-sa --all-namespaces

# with krew plugins

## check out rbac roles for a given user/group,sa

## first find out what we have 
k rbac-lookup -k user
k rbac-lookup -k group
k rbac-lookup -k serviceaccount
# then find out what velero can do
k rbac-lookup velero -o wide

# from resource perspective
k who-can list '*'
k who-can create customresourcedefinition

## access matrix for user/group,sa
k access-matrix --sa default:deployer
k access-matrix --sa kube-system:kube-state-metrics

find top resource hungry pod

# cpu
k top pods --sort-by=cpu --no-headers 
kubectl top pods -A --no-headers | sort -rn -k 3
# memory
kubectl top pods -A --no-headers | sort -rn -k 4
# top 1
kubectl top pod  --no-headers | grep -v NAME | sort -k 3 -nr | awk -F ' ' 'NR==1{print $1}'


# all nodes
kubectl get --raw /apis/ | jq -C . | less -R
# individual node 
kubectl get --raw /apis/$NODE_NAME

# all pods
kubectl get --raw /apis/ | jq . -C | less -R
# individual pod
kubectl get --raw /apis/$NS/pods/$POD

# jq
kubectl get --raw /apis/ \
| jq '[.items [] | {nodeName:, nodeCpu: .usage.cpu, nodeMemory: .usage.memory}]'

kubectl get --raw /apis/ | jq . -C | less -R
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment