Unlock Advanced kubectl Tricks for Faster Kubernetes Management

kubectl is the official command‑line tool for Kubernetes, enabling convenient cluster operations. This article presents several advanced kubectl usages for readers with basic Kubernetes experience.

Print Current API

# kubectl's main role is to interact with the ApiServer; the following command prints the API used (useful for debugging API interfaces).
kubectl get ns -v=9

Filter Pods by Status and Delete

kubectl get pods --all-namespaces --field-selector status.phase=Pending -o json | \
  jq '.items[] | "kubectl delete pods \(.metadata.name) -n \(.metadata.namespace)"' | \
  xargs -n 1 bash -c

# Explanation:
# 1. Retrieve all pods with status Pending across namespaces and output JSON.
# 2. Use jq to transform each item into a delete command.
# 3. Execute each delete command with xargs.

# Example for Running phase:
kubectl get pods --all-namespaces --field-selector status.phase=Running -o json | \
  jq '.items[] | "kubectl get pods \(.metadata.name) -o wide -n \(.metadata.namespace)"'

"kubectl get pods metrics-server-6d684c7b5-gtd6q -o wide -n kube-system"
"kubectl get pods local-path-provisioner-58fb86bdfd-98frc -o wide -n kube-system"
"kubectl get pods nginx-deployment-574b87c764-xppmx -o wide -n default"

# Delete pods in a single namespace (less convenient for multiple namespaces):
kubectl -n default get pods | grep Completed | awk '{print $1}' | xargs kubectl -n default delete pods

List All Pods on a Specific Node

# Use field selector with node name
kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=pve-node1

Count Pods per Node for a Specific App

kubectl -n default get pods -o wide -l app="nginx" | awk '{print $7}' | \
awk '{ count[$0]++ }
END{
  printf("%-35s: %s
","Word","Count");
  for(ind in count){
    printf("%-35s: %d
",ind,count[ind]);
  }
}'
# Sample output:
Word                : Count
NODE                : 1
pve-node1           : 1
pve-node2           : 1

Using kubectl proxy

You can think of this command as adding a proxy layer in front of the ApiServer, allowing direct API calls without authentication. After starting it, you can even chain kubectl commands through the proxy.

# When no kubeconfig is set, kubectl defaults to localhost:8080
kubectl get ns -v=9
# Example curl error when the proxy is not running:
curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.21.3 (linux/amd64) kubernetes/ca643a4" 'http://localhost:8080/api?timeout=32s'
# Start proxy on port 8080
KUBECONFIG=~/.kube/config-symv3 kubectl proxy -p 8080
kubectl get ns
NAME   STATUS   AGE
default Active 127d

The default proxy blocks some APIs (e.g., exec into pods). Use --reject-paths='' to lift the restriction.

# Only allow localhost hosts
--accept-hosts='^localhost$,^127\.0\.0\.1$,^\[::1\]$'
# Disallow exec/attach paths by default
--reject-paths='^/api/.*/pods/.*/exec,^/api/.*/pods/.*/attach'
# Remove reject paths to enable exec
kubectl proxy -p 8080 --keepalive 3600s --reject-paths='' -v=9

Although some consider kubectl proxy unnecessary, it becomes valuable when debugging, such as inspecting requests to the Kubernetes dashboard.

Conclusion

kubectl is a powerful CLI; the commands shown are just a glimpse of its capabilities. You don't need to memorize them, but knowing they exist can save time when addressing ad‑hoc tasks without diving into the client API.