Master kubectl: Essential Commands and Tips for Kubernetes Management

kubectl Common Commands Guide

Kubectl is the primary command‑line tool for interacting with a Kubernetes cluster; operators need a thorough grasp of its commands.

Kubectl Autocomplete

# setup autocomplete in bash, bash‑completion package should be installed first.
source <(kubectl completion bash)
# setup autocomplete in zsh
source <(kubectl completion zsh)

Kubectl Context and Config

Configure the cluster and modify kubeconfig information. See the “Using kubeconfig files for cross‑cluster authentication” guide for details.

# Show merged kubeconfig
kubectl config view
# Use multiple kubeconfig files and view merged config
KUBECONFIG=~/.kube/config:~/.kube/kubconfig2 kubectl config view
# Get password for user e2e
kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
# Show current context
kubectl config current-context
# Set default context to my‑cluster‑name
kubectl config use-context my-cluster-name
# Add a new cluster with basic auth credentials
kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword
# Set context with specific user and namespace
kubectl config set-context gce --user=cluster-admin --namespace=foo && kubectl config use-context gce

Creating Objects

Kubernetes manifests can be written in JSON or YAML. Use the appropriate file extension (.yaml, .yml, or .json) when creating resources.

# Create a resource from a manifest file
kubectl create -f ./my-manifest.yaml
# Create resources from multiple files
kubectl create -f ./my1.yaml -f ./my2.yaml
# Create resources from all manifests in a directory
kubectl create -f ./dir
# Create a resource from a URL
kubectl create -f https://git.io/vPieo
# Run an nginx pod
kubectl run nginx --image=nginx
# Explain pods and services
kubectl explain pods,svc
# Create multiple YAML objects from stdin
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
  name: busybox-sleep
spec:
  containers:
  - name: busybox
    image: busybox
    args:
    - sleep
    - "1000000"
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox-sleep-less
spec:
  containers:
  - name: busybox
    image: busybox
    args:
    - sleep
    - "1000"
EOF
# Create a Secret with a few keys
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  password: $(echo "s33msi4" | base64)
  username: $(echo "jane" | base64)
EOF

Viewing and Finding Resources

# List all services in all namespaces
kubectl get services
# List all pods in all namespaces
kubectl get pods --all-namespaces
# List pods with wide output
kubectl get pods -o wide
# Get a specific deployment
kubectl get deployment my-dep
# List pods including uninitialized ones
kubectl get pods --include-uninitialized
# Describe a node or pod
kubectl describe nodes my-node
kubectl describe pods my-pod
# List services sorted by name
kubectl get services --sort-by=.metadata.name
# Sort pods by restart count
kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'
# Get version label of pods with label app=cassandra
kubectl get pods --selector=app=cassandra -o jsonpath='{.items[*].metadata.labels.version}'
# Get ExternalIP of all nodes
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
# List pod names belonging to a specific replication controller (example uses jq)
sel=${$(kubectl get rc my-rc -o json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
echo $(kubectl get pods --selector=$sel -o jsonpath={.items..metadata.name})
# Show which nodes are Ready
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
# List Secrets used by current pods
kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq

Updating Resources

# Rolling update a pod
kubectl rolling-update frontend-v1 -f frontend-v2.json
# Rolling update with image change
kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2
# Rolling update a deployment
kubectl rolling-update frontend --image=image:v2
# Rollback a rolling update
kubectl rolling-update frontend-v1 frontend-v2 --rollback
# Replace a pod from stdin JSON
cat pod.json | kubectl replace -f -
# Force replace (deletes then recreates)
kubectl replace --force -f ./pod.json
# Expose a replication controller as a service
kubectl expose rc nginx --port=80 --target-port=8000
# Update image tag of a single‑container pod
kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
# Add a label
kubectl label pods my-pod new-label=awesome
# Add an annotation
kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq
# Autoscale a deployment
kubectl autoscale deployment foo --min=2 --max=10

Patching Resources

Use strategic merge patches or JSON patches to modify resources.

# Patch a node to be unschedulable
kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
# Patch a pod's container image (strategic merge)
kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
# JSON patch to change container image
kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
# JSON patch to remove a livenessProbe from a deployment
kubectl patch deployment valid-deployment --type json -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'

Editing Resources

Edit any API object directly in your preferred editor.

# Edit a service named docker‑registry
kubectl edit svc/docker-registry
# Use a different editor (nano)
KUBE_EDITOR="nano" kubectl edit svc/docker-registry

Scaling Resources

# Scale a replicaset named 'foo' to 3
kubectl scale --replicas=3 rs/foo
# Scale a resource defined in foo.yaml to 3
kubectl scale --replicas=3 -f foo.yaml
# Scale a deployment from 2 to 3 replicas
kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
# Scale multiple replication controllers
kubectl scale --replicas=5 rc/foo rc/bar rc/baz

Deleting Resources

# Delete resources defined in pod.json
kubectl delete -f ./pod.json
# Delete a pod and a service
kubectl delete pod,service baz foo
# Delete pods and services with a label selector
kubectl delete pods,services -l name=myLabel
# Delete with include‑uninitialized flag
kubectl delete pods,services -l name=myLabel --include-uninitialized
# Delete all pods and services in a namespace
kubectl -n my-ns delete po,svc --all

Interacting with Running Pods

# Show pod logs
kubectl logs my-pod
# Show logs of a specific container
kubectl logs my-pod -c my-container
# Stream pod logs
kubectl logs -f my-pod
kubectl logs -f my-pod -c my-container
# Run an interactive shell in a pod
kubectl run -i --tty busybox --image=busybox -- sh
# Attach to a running container
kubectl attach my-pod -i
# Port‑forward a pod port
kubectl port-forward my-pod 5000:6000
# Execute a command in a pod (single container)
kubectl exec my-pod -- ls /
# Execute a command in a specific container
kubectl exec my-pod -c my-container -- ls /
# Show metrics for a pod and its containers
kubectl top pod POD_NAME --containers

Interacting with Nodes and Cluster

# Mark a node unschedulable
kubectl cordon my-node
# Drain a node for maintenance
kubectl drain my-node
# Mark a node schedulable again
kubectl uncordon my-node
# Show node metrics
kubectl top node my-node
# Show cluster information
kubectl cluster-info
# Dump cluster state to stdout or a directory
kubectl cluster-info dump
kubectl cluster-info dump --output-directory=/path/to/cluster-state
# Taint a node
kubectl taint nodes foo dedicated=special-user:NoSchedule

kubectl set Command

The kubectl set family modifies specific fields of resources, such as resources, selector, image, and serviceaccount.

kubectl set resources

Set resource limits and requests for containers. If limits are set without requests, requests default to the limit values.

# Set CPU limit to 200m and memory to 512Mi for the nginx container in a deployment
kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
# Set both limits and requests for all nginx containers
kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi
# Remove resource specifications
kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0

kubectl set selector

Set or replace the selector of a resource (currently only supported for Service objects).

# Example syntax: selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version]

kubectl set image

Update the container image of existing resources.

# Update nginx container image in a deployment
kubectl set image deployment/nginx nginx=nginx:1.9.1
# Update all deployments and replication controllers
kubectl set image deployments,rc nginx=nginx:1.9.1 --all
# Update all containers in a daemonset
kubectl set image daemonset abc *=nginx:1.9.1
# Update image from a local file (dry‑run)
kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml

Resource Types

The table below lists all supported Kubernetes resource types and their aliases.

Formatting Output

Use the -o or --output flag to control the output format of kubectl commands.

Kubectl detailed output and debugging

Use -v or --v followed by an integer to set the log verbosity level.