99 Essential Kubectl Commands for Mastering Kubernetes Diagnostics

Cluster Information

Show Kubernetes version: kubectl version Display cluster info: kubectl cluster-info List all nodes: kubectl get nodes Describe a specific node: kubectl describe node <node-name> List all namespaces: kubectl get namespaces List all pods across namespaces:

kubectl get pods --all-namespaces

Pod Diagnosis

List pods in a namespace: kubectl get pods -n <namespace> Describe a pod: kubectl describe pod <pod-name> -n <namespace> View pod logs: kubectl logs <pod-name> -n <namespace> Tail pod logs: kubectl logs -f <pod-name> -n <namespace> Execute a command in a pod:

kubectl exec -it <pod-name> -n <namespace> -- <command>

Pod Health Checks

Check readiness status:

kubectl get pods <pod-name> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'

Inspect pod events:

kubectl get events -n <namespace> --field-selector involvedObject.name=<pod-name>

Service Diagnosis

List services in a namespace: kubectl get svc -n <namespace> Describe a service:

kubectl describe svc <service-name> -n <namespace>

Deployment Diagnosis

List deployments: kubectl get deployments -n <namespace> Describe a deployment:

kubectl describe deployment <deployment-name> -n <namespace>

Check rollout status:

kubectl rollout status deployment/<deployment-name> -n <namespace>

View rollout history:

kubectl rollout history deployment/<deployment-name> -n <namespace>

StatefulSet Diagnosis

List StatefulSets: kubectl get statefulsets -n <namespace> Describe a StatefulSet:

kubectl describe statefulset <statefulset-name> -n <namespace>

ConfigMap & Secret Diagnosis

List ConfigMaps: kubectl get configmaps -n <namespace> Describe a ConfigMap:

kubectl describe configmap <configmap-name> -n <namespace>

List Secrets: kubectl get secrets -n <namespace> Describe a Secret:

kubectl describe secret <secret-name> -n <namespace>

Namespace Diagnosis

Describe a namespace:

kubectl describe namespace <namespace-name>

Resource Usage

Pod resource usage: kubectl top pod <pod-name> -n <namespace> Node resource usage:

kubectl top nodes

Network Diagnosis

Show pod IPs:

kubectl get pods -n <namespace> -o custom-columns=POD:metadata.name,IP:status.podIP --no-headers

List network policies: kubectl get networkpolicies -n <namespace> Describe a network policy:

kubectl describe networkpolicy <network-policy-name> -n <namespace>

Persistent Volume & PVC Diagnosis

List PVs: kubectl get pv Describe a PV: kubectl describe pv <pv-name> List PVCs: kubectl get pvc -n <namespace> Describe a PVC:

kubectl describe pvc <pvc-name> -n <namespace>

Node Diagnosis

List pods on a node:

kubectl get pods --field-selector spec.nodeName=<node-name> -n <namespace>

Describe node conditions:

kubectl describe node <node-name> | grep Conditions -A5

Show node capacity and allocatable resources:

kubectl describe node <node-name> | grep -E 'Capacity|Allocatable'

Resource Quotas

List quotas: kubectl get resourcequotas -n <namespace> Describe a quota:

kubectl describe resourcequota <resource-quota-name> -n <namespace>

Custom Resource Definition (CRD) Diagnosis

List custom resources:

kubectl get <custom-resource-name> -n <namespace>

Describe a custom resource instance:

kubectl describe <custom-resource-name> <custom-resource-instance-name> -n <namespace>

Scaling & Autoscaling

Scale a deployment:

kubectl scale deployment <deployment-name> --replicas=<replica-count> -n <namespace>

Enable autoscaling:

kubectl autoscale deployment <deployment-name> --min=<min-pods> --max=<max-pods> --cpu-percent=<cpu-percent> -n <namespace>

Check HPA status:

kubectl get hpa -n <namespace>

Job & CronJob Diagnosis

List jobs: kubectl get jobs -n <namespace> Describe a job: kubectl describe job <job-name> -n <namespace> List cronjobs: kubectl get cronjobs -n <namespace> Describe a cronjob:

kubectl describe cronjob <cronjob-name> -n <namespace>

Capacity Diagnosis

List PVs sorted by capacity: kubectl get pv --sort-by=.spec.capacity.storage Show PV reclaim policy:

kubectl get pv <pv-name> -o=jsonpath='{.spec.persistentVolumeReclaimPolicy}'

List storage classes:

kubectl get storageclasses

Ingress & Service Mesh Diagnosis

List ingresses: kubectl get ingress -n <namespace> Describe an ingress:

kubectl describe ingress <ingress-name> -n <namespace>

List Istio VirtualServices: kubectl get virtualservices -n <namespace> Describe a VirtualService:

kubectl describe virtualservice <virtualservice-name> -n <namespace>

Pod Network Troubleshooting

Run a debug pod:

kubectl run -it --rm --restart=Never --image=busybox net-debug-pod -- /bin/sh

Test connectivity from a pod:

kubectl exec -it <pod-name> -n <namespace> -- curl <endpoint-url>

Traceroute between pods:

kubectl exec -it <source-pod-name> -n <namespace> -- traceroute <destination-pod-ip>

Check DNS inside a pod:

kubectl exec -it <pod-name> -n <namespace> -- nslookup <domain-name>

Configuration Validation

Dry‑run a manifest: kubectl apply --dry-run=client -f <yaml-file> Check pod security context:

kubectl auth can-i list pods --as=system:serviceaccount:<namespace>:<serviceaccount-name>

RBAC & Security

List roles and bindings: kubectl get roles,rolebindings -n <namespace> Describe a role:

kubectl describe role <role-name> -n <namespace>

Service Account Diagnosis

List service accounts: kubectl get serviceaccounts -n <namespace> Describe a service account:

kubectl describe serviceaccount <serviceaccount-name> -n <namespace>

Node Drain & Uncordon

Drain a node: kubectl drain <node-name> --ignore-daemonsets Uncordon a node:

kubectl uncordon <node-name>

Pod Deletion

Force delete a pod (use with caution):

kubectl delete pod <pod-name> -n <namespace> --grace-period=0 --force

Pod Affinity & Anti‑Affinity

Show pod affinity rules:

kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.affinity}'

Show pod anti‑affinity rules:

kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.affinity.podAntiAffinity}'

Pod Security Policy (PSP)

List PSPs:

kubectl get psp

Pod Disruption Budgets (PDB)

List PDBs: kubectl get pdb -n <namespace> Describe a PDB:

kubectl describe pdb <pdb-name> -n <namespace>

Resource Locks (if used)

List resource locks:

kubectl get resourcelocks -n <namespace>

Service Endpoints & DNS

Show service endpoints:

kubectl get endpoints <service-name> -n <namespace>

Inspect DNS config inside a pod:

kubectl exec -it <pod-name> -n <namespace> -- cat /etc/resolv.conf

Custom Metrics (Prometheus/Grafana)

Port‑forward to Prometheus or Grafana:

kubectl port-forward <pod-name> <local-port>:<remote-port> -n <namespace>

Pod Priority & Preemption

List priority classes:

kubectl get priorityclasses

Pod Overhead (K8s 1.18+)

Show pod overhead:

kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.overhead}'

VolumeSnapshot Diagnosis (if used)

List volume snapshots: kubectl get volumesnapshot -n <namespace> Describe a snapshot:

kubectl describe volumesnapshot <snapshot-name> -n <namespace>

Resource Deserialization

Get resource as JSON:

kubectl get <resource-type> <resource-name> -n <namespace> -o=json

Node Taints

Show node taints:

kubectl describe node <node-name> | grep Taints

Webhook Configuration

List mutating webhooks: kubectl get mutatingwebhookconfigurations List validating webhooks:

kubectl get validatingwebhookconfigurations

Audit Logs

Retrieve audit logs (if enabled) by checking the cluster’s audit configuration.

Node OS Details

Show node OS image:

kubectl get node <node-name> -o jsonpath='{.status.nodeInfo.osImage}'

Replace placeholders such as <namespace>, <pod-name>, <deployment-name>, etc., with the actual values from your environment before running the commands.