Kubernetes Cheat Sheet: kubectl Commands and Concepts

Quick Answer: Get pods: kubectl get pods. Deploy: kubectl apply -f deployment.yaml. Logs: kubectl logs pod-name. Shell: kubectl exec -it pod-name -- /bin/bash. Scale: kubectl scale deployment app --replicas=3. Delete: kubectl delete pod pod-name.

Cluster Info

# Cluster info
kubectl cluster-info

# List nodes
kubectl get nodes
kubectl get nodes -o wide

# Node details
kubectl describe node node-name

# Current context
kubectl config current-context

# Switch context
kubectl config use-context my-cluster

# List all contexts
kubectl config get-contexts

# View config
kubectl config view

Namespaces

# List namespaces
kubectl get namespaces

# Create namespace
kubectl create namespace my-app

# Set default namespace
kubectl config set-context --current --namespace=my-app

# Get resources in a specific namespace
kubectl get pods -n kube-system

# Get resources in all namespaces
kubectl get pods -A
kubectl get pods --all-namespaces

Pods

# List pods
kubectl get pods
kubectl get pods -o wide          # Show IPs and nodes
kubectl get pods --show-labels    # Show labels

# Pod details
kubectl describe pod pod-name

# Create a pod (quick)
kubectl run nginx --image=nginx

# Delete a pod
kubectl delete pod pod-name

# Delete all pods in namespace
kubectl delete pods --all

# Get pod YAML
kubectl get pod pod-name -o yaml

# Watch pods (live updates)
kubectl get pods -w

Pod YAML Template

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  labels:
    app: my-app
spec:
  containers:
    - name: my-container
      image: nginx:latest
      ports:
        - containerPort: 80
      resources:
        requests:
          memory: "64Mi"
          cpu: "250m"
        limits:
          memory: "128Mi"
          cpu: "500m"

Deployments

# List deployments
kubectl get deployments

# Create deployment
kubectl create deployment nginx --image=nginx

# Apply from file
kubectl apply -f deployment.yaml

# Scale
kubectl scale deployment nginx --replicas=3

# Update image
kubectl set image deployment/nginx nginx=nginx:1.25

# Rollout status
kubectl rollout status deployment/nginx

# Rollout history
kubectl rollout history deployment/nginx

# Rollback to previous version
kubectl rollout undo deployment/nginx

# Rollback to specific revision
kubectl rollout undo deployment/nginx --to-revision=2

# Delete
kubectl delete deployment nginx

Deployment YAML Template

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: my-app:1.0
          ports:
            - containerPort: 8080
          env:
            - name: DATABASE_URL
              value: "postgres://db:5432/myapp"
          resources:
            requests:
              memory: "128Mi"
              cpu: "250m"
            limits:
              memory: "256Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /ready
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10

Services

# List services
kubectl get services
kubectl get svc

# Expose a deployment
kubectl expose deployment nginx --port=80 --type=ClusterIP
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl expose deployment nginx --port=80 --type=LoadBalancer

# Delete service
kubectl delete svc nginx

# Get endpoints
kubectl get endpoints

Service Types

Type	Accessible From	Use Case
ClusterIP	Inside cluster only	Internal services (default)
NodePort	External via node IP:port	Development, testing
LoadBalancer	External via cloud LB	Production (cloud)
ExternalName	DNS alias	Route to external service

Service YAML Template

apiVersion: v1
kind: Service
metadata:
  name: my-app-service
spec:
  selector:
    app: my-app
  ports:
    - protocol: TCP
      port: 80            # Service port
      targetPort: 8080     # Container port
  type: ClusterIP

ConfigMaps and Secrets

ConfigMaps

# Create from literal
kubectl create configmap my-config --from-literal=key1=value1 --from-literal=key2=value2

# Create from file
kubectl create configmap my-config --from-file=config.properties

# View
kubectl get configmap my-config -o yaml

# Delete
kubectl delete configmap my-config

Secrets

Security warning: Kubernetes Secrets are base64-encoded, NOT encrypted at rest by default. Anyone with API access can decode them. Enable encryption at rest or use an external secret manager (HashiCorp Vault, Sealed Secrets) for sensitive data.

# Create from literal
kubectl create secret generic my-secret --from-literal=password=s3cret

# Create from file
kubectl create secret generic tls-secret --from-file=cert.pem --from-file=key.pem

# View (base64 encoded)
kubectl get secret my-secret -o yaml

# Decode a secret value
kubectl get secret my-secret -o jsonpath='{.data.password}' | base64 -d

Using in Pods

# As environment variables
env:
  - name: DB_PASSWORD
    valueFrom:
      secretKeyRef:
        name: my-secret
        key: password
  - name: APP_MODE
    valueFrom:
      configMapKeyRef:
        name: my-config
        key: key1

# As mounted files
volumes:
  - name: config-vol
    configMap:
      name: my-config
volumeMounts:
  - name: config-vol
    mountPath: /etc/config

Logs and Debugging

# View logs
kubectl logs pod-name
kubectl logs pod-name -c container-name    # Specific container
kubectl logs pod-name --previous            # Previous crashed container
kubectl logs pod-name -f                    # Follow (tail)
kubectl logs pod-name --tail=100            # Last 100 lines
kubectl logs pod-name --since=1h            # Last hour

# Shell into pod
kubectl exec -it pod-name -- /bin/bash
kubectl exec -it pod-name -- /bin/sh       # Alpine images

# Run a command in a pod
kubectl exec pod-name -- ls /app

# Port forward (access pod locally)
kubectl port-forward pod-name 8080:80
kubectl port-forward svc/my-service 8080:80

# Copy files to/from pod
kubectl cp file.txt pod-name:/tmp/file.txt
kubectl cp pod-name:/tmp/file.txt ./file.txt

# Get events (recent cluster events)
kubectl get events --sort-by='.lastTimestamp'

# Debug with a temporary pod
kubectl run debug --image=busybox --rm -it -- /bin/sh
kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash

Storage

PersistentVolumeClaim

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: standard

Using in Deployment

volumes:
  - name: data
    persistentVolumeClaim:
      claimName: my-pvc
containers:
  - name: app
    volumeMounts:
      - name: data
        mountPath: /data

# List PVs and PVCs
kubectl get pv
kubectl get pvc

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-app-service
                port:
                  number: 80
  tls:
    - hosts:
        - app.example.com
      secretName: tls-secret

# List ingresses
kubectl get ingress

Scaling and Autoscaling

# Manual scale
kubectl scale deployment my-app --replicas=5

# Autoscale (HPA)
kubectl autoscale deployment my-app --min=2 --max=10 --cpu-percent=80

# View autoscalers
kubectl get hpa

# Delete autoscaler
kubectl delete hpa my-app

Labels and Selectors

# Add label
kubectl label pod pod-name env=production

# Remove label
kubectl label pod pod-name env-

# Filter by label
kubectl get pods -l app=nginx
kubectl get pods -l 'env in (production,staging)'

# Show labels
kubectl get pods --show-labels

Resource Management

# Top pods (CPU/memory)
kubectl top pods
kubectl top nodes

# Resource quotas
kubectl get resourcequotas

# Limit ranges
kubectl get limitranges

# Describe resource usage
kubectl describe node node-name | grep -A 10 "Allocated resources"

Common Operations

# Apply changes from file
kubectl apply -f manifest.yaml

# Apply all files in a directory
kubectl apply -f ./manifests/

# Delete from file
kubectl delete -f manifest.yaml

# Dry run (see what would happen)
kubectl apply -f manifest.yaml --dry-run=client

# Output YAML for an existing resource
kubectl get deployment my-app -o yaml > my-app.yaml

# Edit a resource in-place
kubectl edit deployment my-app

# Patch a resource
kubectl patch deployment my-app -p '{"spec":{"replicas":5}}'

# Wait for condition
kubectl wait --for=condition=available deployment/my-app --timeout=60s

Quick Reference

Command	What It Does
`kubectl get pods`	List pods
`kubectl get all`	List all resources
`kubectl describe pod NAME`	Pod details
`kubectl logs NAME`	View logs
`kubectl exec -it NAME -- bash`	Shell into pod
`kubectl apply -f FILE`	Apply manifest
`kubectl delete -f FILE`	Delete from manifest
`kubectl scale deploy NAME --replicas=N`	Scale
`kubectl rollout undo deploy NAME`	Rollback
`kubectl port-forward NAME 8080:80`	Port forward
`kubectl get events`	Recent events
`kubectl top pods`	CPU/memory usage

Related Guides

Docker Cheat Sheet — container basics
Docker Compose Examples — multi-container apps
Complete Docker Guide — Docker deep dive
Nginx Cheat Sheet — ingress backend
YAML Cheat Sheet — manifest syntax
Complete Self-Hosting Guide — server setup