Matthias' Blog

Cheat Sheet - kubectl

Debugging

Keep a base image container running

This is not best practice, but another quick and dirty way to spin up a base image to do some testing, e.g., mounting a PVC, ... and let's you shell into it... 

apiVersion: v1
kind: Pod
metadata:
  name: temp
spec: 
  containers:
  - name: temp
    image: ubuntu:latest
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 30; done;" ]

Shell into a distroless container

kubectl debug -it fluent-bit-npdd2 --target='fluent-bit' --image='busybox:1.28' --namespace='fluent-bit' --container='debugger' --share-processes

You'll find the file system under /proc/1/root

Run netshoot on a specific nodepool

kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot --namespace <foobar> --overrides '{"spec": {"nodeSelector": {"agentpool": "<nodepool>"}}}'

Create an interactive throwaway shell

kubectl run my-shell --rm -i --tty --image ubuntu -- bash

List events per namespace

kubectl get events -n demo

Generate artifical logs for fluent-bit development 

kubectl run logger --image docker.io/mingrammer/flog --namespace flog-1 -- -f json -n 1 -d 1 -l

Pod Management

List all pods running on a specific node

kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=<nodeName>

See on which nodes the pods are running 

kubectl get pods -n demo -o wide

Access pod terminal

kubectl exec --stdin --tty mysql-694d95668d-w7lv5 -- /bin/bash

Get pod logs

kubectl logs <pod>
kubectl logs --follow <pod>

# Or use labels
kubectl logs -l app=my-killer-app --follow

Get the environment variables of a running pod 

kubectl exec -it <pod> -n <namespace> -- printenv

Watch the restart of pods 

kubectl get pod -w -n <namespace>

Restart a daemon set

kubectl rollout restart daemonset <name> -n <namespace>

Secret Management

Read secret

kubectl get secrets/my-secret -o yaml | yq .data.admin-password | base64 -d

Adding secret from plain text

kubectl create -n <namespace> secret generic <object> --from-literal=<key>=<value-plain-text>

Config Management

Display content of config map 

kubectl describe cm my-configmap -n <namespace>

Network Management

Port forwarding

kubectl port-forward -n <namespace> <pod> <localport>:<podport>

# JVM remote debug
kubectl port-forward -n <namespace> <pod> 5005:5005

Volume Management

Forcefully remove a PVC & PV

kubectl patch pvc <pvc> -p '{\"metadata\":{\"finalizers\":null}}' -n <namespace>
kubectl delete pvc <pvc> --grace-period=0 --force -n <namespace>

Node Management

Reboot a specific node 

# get the AKS node resource group name
az aks show -g groupName -n aksName --query nodeResourceGroup

# get the scale set info and all the instance id
az vmss list -g nodeGroupName --query [].name
az vmss list-instances -g nodeGroupName -n vmssName -o table

# restart the instance with the instance Id
az vmss restart -g nodeGroupName -n vmssName --instance-ids n

Remove a node

# Mark node as unschedulable.
kubectl cordon <node>
kubectl drain --ignore-daemonsets --delete-emptydir-data <node>
kubectl delete node <node>

Mixed

Tree view for easy grep'in 

# kubectl get pods -o json | jq -c 'paths|joins(".")'

Autocompletion and alias 

alias k=kubectl
complete -o default -F __start_kubectl k

Scaling a daemon set to zero 

# scale to zero
kubectl -n <namespace> patch daemonset <name-of-daemon-set> -p '{"spec": {"template": {"spec": {"nodeSelector": {"non-existing": "true"}}}}}'

# re-enable scheduling
kubectl -n <namespace> patch daemonset <name-of-daemon-set> --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]'

View resource utilization 

kubectl top [node|pod]

Quickly switch between contexts

alias devkube "kubectl config use-context kube-dev-context"
alias stgkube "kubectl config use-context kube-stg-context"
alias prdkube "kubectl config use-context kube-prd-context"

Set default namespace

kubectl config set-context --current --namespace=foobar

Get and switch current context

kubectl config get-contexts
kubectl config use-context ...

Use projection with jsonpath

kubectl get node/mynode -o jsonpath='[{.metadata.name}, {.status.allocatable}, {.status.capacity}]'

Get all default cluster roles 

kubectl get clusterroles -l "kubernetes.io/boostrapping=rbac-defaults"

Get resources not having a specific label 

kubectl get clusterroles --selector="!kubernetes.io/bootstrapping"

Get all non-default cluster roles

External cheat sheets

kubectl Cheat Sheet
This page contains a list of commonly used kubectl commands and flags. Kubectl autocomplete BASH source <(kubectl completion bash) # set up autocomplete in bash into the current shell, bash-completion package should be installed first. echo “source <(kubectl completion bash)” >> ~/.bashrc # add auto…
Kubernetes

The official cheat sheet