Get & Describe
kubectl get all -A
All resources in all namespaces
kubectl get nodes
List nodes (k3s1/k3s2/k3s3)
kubectl get pods -n <ns>
Pods in namespace
kubectl get pods -A
Pods across all namespaces
kubectl get pods -o wide
Pods with node + IP info
kubectl get svc -n <ns>
Services in namespace
kubectl get deploy -n <ns>
Deployments
kubectl get pvc -A
PersistentVolumeClaims
kubectl get pv
PersistentVolumes (cluster-wide)
kubectl get ingress -A
All ingress resources
kubectl get configmap -n <ns>
ConfigMaps in namespace
kubectl get secret -n <ns>
Secrets (names only)
kubectl get ns
List namespaces
kubectl get events -n <ns> --sort-by='.lastTimestamp'
Events sorted by time
kubectl describe pod <name> -n <ns>
Full pod details + events
kubectl describe node <name>
Node capacity, taints, conditions
kubectl get pod <name> -o yaml
Raw YAML of resource
kubectl api-resources
All resource types + short names
Apply & Create
kubectl apply -f <file.yaml>
Apply manifest (create or update)
kubectl apply -f ./dir/
Apply all manifests in directory
kubectl apply -k ./kustomize/
Apply kustomization
kubectl create ns <name>
Create namespace
kubectl create secret generic <n> \
--from-literal=key=val
--from-literal=key=val
Create opaque secret
kubectl create secret tls <n> \
--cert=tls.crt --key=tls.key
--cert=tls.crt --key=tls.key
Create TLS secret
kubectl create configmap <n> \
--from-file=<file>
--from-file=<file>
ConfigMap from file
kubectl set image deploy/<n> \
<c>=<image>:<tag>
<c>=<image>:<tag>
Update container image
kubectl rollout restart deploy/<n>
Rolling restart deployment
kubectl rollout status deploy/<n>
Watch rollout progress
kubectl rollout undo deploy/<n>
Roll back to previous revision
kubectl patch <res> <n> --patch \
'{"spec":{"replicas":2}}'
'{"spec":{"replicas":2}}'
Patch resource inline (JSON)
kubectl label pod <n> env=prod
Add / update label on resource
kubectl annotate pod <n> <key>=<v>
Add annotation
Delete
kubectl delete -f <file.yaml>
Delete resources from manifest
kubectl delete pod <name> -n <ns>
Delete pod (will restart if managed)
kubectl delete deploy <name>
Delete deployment
kubectl delete ns <name>
Delete namespace + all contents
kubectl delete pod <name> \
--grace-period=0 --force
--grace-period=0 --force
Force delete stuck pod
kubectl delete pvc <name>
Delete PVC (check retain policy)
kubectl delete all --all -n <ns>
Nuke all resources in namespace
Exec & Port-forward
kubectl exec -it <pod> -- bash
Shell into pod
kubectl exec -it <pod> -c <c> -- sh
Shell into specific container
kubectl exec <pod> -- <cmd>
Run one-off command in pod
kubectl cp <pod>:/remote ./local
Copy file from pod
kubectl cp ./local <pod>:/remote
Copy file to pod
kubectl port-forward <pod> 8080:80
Forward localhost:8080 → pod:80
kubectl port-forward svc/<n> 8080:80
Forward to service
kubectl port-forward deploy/<n> 8080:80
Forward to deployment
kubectl proxy
API proxy on localhost:8001
Logs
kubectl logs <pod>
Logs from pod (stdout)
kubectl logs <pod> -f
Follow / tail logs
kubectl logs <pod> --tail=100
Last 100 lines
kubectl logs <pod> --since=1h
Logs from last hour
kubectl logs <pod> -c <container>
Specific container in multi-container pod
kubectl logs <pod> --previous
Logs from previous (crashed) instance
kubectl logs -l app=<label> -n <ns>
Logs from all pods matching label
kubectl logs deploy/<name>
Logs from deployment
Contexts & Config
kubectl config get-contexts
List all contexts
kubectl config current-context
Show active context
kubectl config use-context <name>
Switch context
kubectl config set-context --current \
--namespace=<ns>
--namespace=<ns>
Set default namespace for context
kubectl config view
View merged kubeconfig
KUBECONFIG=~/.kube/config:~/k3s.yaml \
kubectl config view --merge --flatten
kubectl config view --merge --flatten
Merge multiple kubeconfigs
kubectl cluster-info
API server + cluster DNS
kubectl version --short
Client + server version
Scale & Resources
kubectl scale deploy <n> --replicas=3
Scale deployment
kubectl autoscale deploy <n> \
--min=2 --max=5 --cpu-percent=70
--min=2 --max=5 --cpu-percent=70
Horizontal Pod Autoscaler
kubectl top nodes
Node CPU/mem usage (metrics-server)
kubectl top pods -A
Pod resource usage
kubectl top pods --sort-by=cpu
Sort by CPU usage
kubectl get hpa -A
List HorizontalPodAutoscalers
Debug & Troubleshoot
kubectl run tmp --rm -it \
--image=busybox -- sh
--image=busybox -- sh
Temporary debug pod
kubectl run tmp --rm -it \
--image=nicolaka/netshoot -- bash
--image=nicolaka/netshoot -- bash
Netshoot — full network debug toolkit
kubectl debug <pod> -it \
--image=busybox --copy-to=dbg
--image=busybox --copy-to=dbg
Debug copy of pod
kubectl debug node/<node> -it \
--image=ubuntu
--image=ubuntu
Debug node via privileged pod
kubectl get pod <n> -o jsonpath=\
'{.status.containerStatuses}'
'{.status.containerStatuses}'
Container status raw JSON
kubectl get events -A \
--field-selector type=Warning
--field-selector type=Warning
Only Warning events cluster-wide
kubectl describe pod <n> | grep -A5 Events
Grep pod events
kubectl auth can-i <verb> <resource>
Check your RBAC permissions
Nodes & Scheduling
kubectl cordon <node>
Mark node unschedulable
kubectl uncordon <node>
Mark node schedulable again
kubectl drain <node> \
--ignore-daemonsets --delete-emptydir-data
--ignore-daemonsets --delete-emptydir-data
Evict pods (pre maintenance)
kubectl taint nodes <n> key=val:NoSchedule
Add taint to node
kubectl taint nodes <n> key=val:NoSchedule-
Remove taint (trailing -)
kubectl label node <n> role=worker
Label node
kubectl get nodes \
--show-labels
--show-labels
Show node labels
RBAC & ServiceAccounts
kubectl get serviceaccount -n <ns>
List service accounts
kubectl get clusterrole | grep -v system
Custom ClusterRoles
kubectl get rolebinding -A
All RoleBindings
kubectl create serviceaccount <n> -n <ns>
Create service account
kubectl auth can-i list pods \
--as=system:serviceaccount:<ns>:<sa>
--as=system:serviceaccount:<ns>:<sa>
Check SA permissions
kubectl get secret <token-secret> \
-o jsonpath='{.data.token}' | base64 -d
-o jsonpath='{.data.token}' | base64 -d
Decode SA token
Helm
helm repo add <name> <url>
Add chart repository
helm repo update
Update all repo indexes
helm search repo <keyword>
Search charts
helm install <release> <chart> \
-n <ns> -f values.yaml
-n <ns> -f values.yaml
Install with custom values
helm upgrade <release> <chart> \
-n <ns> -f values.yaml
-n <ns> -f values.yaml
Upgrade release
helm upgrade --install <r> <chart>
Install or upgrade (idempotent)
helm list -A
List all releases
helm status <release> -n <ns>
Release status + notes
helm get values <release> -n <ns>
Show user-supplied values
helm rollback <release> <rev>
Roll back to revision
helm uninstall <release> -n <ns>
Remove release
helm template <release> <chart> \
-f values.yaml
-f values.yaml
Render templates without installing
helm show values <chart>
Default values for chart
k3s Specific
systemctl status k3s
k3s service status (server node)
systemctl status k3s-agent
k3s service status (agent node)
journalctl -u k3s -f
Follow k3s logs
k3s kubectl get nodes
kubectl via k3s binary
cat /etc/rancher/k3s/k3s.yaml
kubeconfig (copy to ~/.kube/config)
k3s crictl ps
List running containers (containerd)
k3s crictl images
List local images
k3s crictl rmi <image>
Remove local image
/var/lib/rancher/k3s/server/token
Node join token location
k3s-uninstall.sh
Uninstall k3s (server)
k3s-agent-uninstall.sh
Uninstall k3s-agent
Useful Flags & Patterns
-n <namespace>
Target namespace
-A / --all-namespaces
All namespaces
-o yaml / -o json
Output format
-o wide
Extra columns (node, IP, etc)
-o jsonpath='{.spec.nodeName}'
Extract single field
--dry-run=client -o yaml
Generate manifest without applying
-l app=nginx,env=prod
Label selector filter
--field-selector status.phase=Running
Field selector filter
--watch / -w
Watch for changes
--force --grace-period=0
Immediate deletion
kubectl explain <resource>.spec
Inline API field docs
kubectl diff -f <file.yaml>
Diff live state vs manifest