Production Reference

Kubernetes Cheat Sheet

Essential kubectl commands and Kubernetes workflows for inspecting workloads, debugging rollouts, and operating clusters safely.

Command-firstProduction notesSecurity warningsHardened patterns

Cluster Info

6 commands

kubectl cluster-info

Cluster endpoint info

kubectl get nodes

List all nodes

kubectl get nodes -o wide

Nodes with IPs and OS

kubectl top nodes

Node resource usage

kubectl api-resources

All resource types

kubectl get all -A

Everything in all namespaces

Pod Management

10 commands

kubectl get pods

List pods in current ns

kubectl get pods -A

Pods in all namespaces

kubectl get pods -o wide

Pods with node/IP info

kubectl describe pod NAME

Detailed pod info

kubectl logs NAME

Pod logs

kubectl logs NAME --previous

Crashed container logs

kubectl logs NAME -f

Stream logs (follow)

kubectl exec -it NAME -- bash

Shell into pod

kubectl delete pod NAME

Delete a pod

kubectl run debug --image=busybox -it --rm -- sh

Quick debug pod

Deployments

7 commands

kubectl get deployments

List deployments

kubectl create deploy NAME --image=IMG

Create deployment

kubectl scale deploy NAME --replicas=3

Scale replicas

kubectl rollout status deploy/NAME

Watch rollout

kubectl rollout undo deploy/NAME

Rollback deploy

kubectl rollout history deploy/NAME

Rollout history

kubectl set image deploy/NAME c=img:v2

Update image

Services & Networking

6 commands

kubectl get svc

List services

kubectl expose deploy NAME --port=80

Create service

kubectl get endpoints NAME

Service endpoints

kubectl get ingress

List ingress rules

kubectl port-forward svc/NAME 8080:80

Local port forward

kubectl get networkpolicy

Network policies

Config & Secrets

5 commands

kubectl get configmap

List ConfigMaps

kubectl get secret

List Secrets

kubectl create secret generic NAME --from-literal=k=v

Create secret

kubectl create configmap NAME --from-file=f

Create from file

kubectl get secret NAME -o jsonpath='{.data.key}' | base64 -d

Decode secret

Debugging

6 commands

kubectl describe pod NAME

Events + status

kubectl get events --sort-by=.lastTimestamp

Recent events

kubectl top pods

CPU/memory usage

kubectl get pods --field-selector=status.phase=Failed

Failed pods

kubectl run debug --image=nicolaka/netshoot -it --rm -- bash

Network debug pod

kubectl auth can-i create pods

Check permissions

Contexts & Namespaces

5 commands

kubectl config get-contexts

List contexts

kubectl config use-context NAME

Switch context

kubectl config set-context --current --namespace=NS

Set default ns

kubectl get ns

List namespaces

kubectl create ns NAME

Create namespace

Apply & Delete

5 commands

kubectl apply -f file.yaml

Create/update resource

kubectl delete -f file.yaml

Delete resource

kubectl apply -k ./dir

Apply kustomization

kubectl diff -f file.yaml

Preview changes

kubectl delete pod --all

Delete all pods

RBAC & Security

7 commands

kubectl get clusterroles

List cluster roles

kubectl get rolebindings -A

All role bindings

kubectl auth can-i create pods --as user

Test permissions

kubectl create sa my-sa

Create service account

kubectl get psp

Pod security policies

kubectl get networkpolicy -A

All network policies

kubectl create secret tls NAME --cert=c --key=k

Create TLS secret

Autoscaling

6 commands

kubectl autoscale deploy NAME --min=2 --max=10 --cpu-percent=80

Create HPA

kubectl get hpa

List horizontal pod autoscalers

kubectl describe hpa NAME

HPA details + events

kubectl get vpa

Vertical pod autoscalers

kubectl get nodeclaims

Karpenter-managed nodes

kubectl get nodepool

Karpenter node pools

Helm

9 commands

helm repo add NAME URL

Add chart repository

helm search repo nginx

Search for charts

helm install NAME chart --namespace ns

Install release

helm upgrade NAME chart

Upgrade release

helm rollback NAME 1

Rollback to revision

helm list -A

All releases

helm uninstall NAME

Delete release

helm template NAME chart

Render templates locally

helm show values chart

Show default values

CRDs & Custom Resources

6 commands

kubectl get crd

List custom resource definitions

kubectl get crd NAME -o yaml

CRD definition

kubectl get RESOURCE -A

List custom resources

kubectl explain RESOURCE.spec

Show resource schema

kubectl api-versions

All API versions

kubectl api-resources --verbs=list --namespaced

Namespaced resources

Advanced Debugging

8 commands

kubectl debug pod/NAME -it --image=busybox

Ephemeral debug container

kubectl run debug --image=nicolaka/netshoot -it --rm -- bash

Network debug pod

kubectl get events --sort-by=.lastTimestamp -A

Cluster-wide events

kubectl get pod NAME -o jsonpath='{.status.conditions}'

Pod conditions

kubectl logs -l app=NAME --all-containers

Logs by label

kubectl cp pod:/path ./local

Copy from pod

kubectl attach pod/NAME -c container -it

Attach to process

kubectl proxy

API server proxy (localhost:8001)

Jobs & CronJobs

6 commands

kubectl create job NAME --image=img -- cmd

Create one-time job

kubectl get jobs

List jobs

kubectl get cronjobs

List cron jobs

kubectl create job test --from=cronjob/NAME

Manual trigger

kubectl delete job NAME

Delete job + pods

kubectl logs job/NAME

Job logs

All reference sheets