kubectl Cheatsheet¶
kubectl ist das Kommandozeilen-Tool zur Interaktion mit Kubernetes Clustern. Sie können Anwendungen bereitstellen, Clusterressourcen inspizieren und verwalten und Protokolle anzeigen.
Installation und Konfiguration¶
Installation¶
```bash
Linux installation¶
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
macOS installation¶
brew install kubectl
Windows installation (PowerShell)¶
curl.exe -LO "https://dl.k8s.io/release/v1.28.0/bin/windows/amd64/kubectl.exe"
Verify installation¶
kubectl version --client ```_
Konfiguration¶
```bash
View current configuration¶
kubectl config view
Get current context¶
kubectl config current-context
List all contexts¶
kubectl config get-contexts
Switch context¶
kubectl config use-context my-cluster
Set default namespace for current context¶
kubectl config set-context --current --namespace=my-namespace
Create new context¶
kubectl config set-context my-context --cluster=my-cluster --user=my-user --namespace=my-namespace
Delete context¶
kubectl config delete-context my-context ```_
Zugriff auf das Unternehmen¶
```bash
Set cluster credentials¶
kubectl config set-cluster my-cluster --server=https://k8s-cluster.example.com --certificate-authority=ca.crt
Set user credentials¶
kubectl config set-credentials my-user --client-certificate=client.crt --client-key=client.key
Set credentials with token¶
kubectl config set-credentials my-user --token=bearer_token_here
Merge kubeconfig files¶
KUBECONFIG=/.kube/config:/.kube/config2 kubectl config view --merge --flatten > ~/.kube/merged_config ```_
Grundlegende Befehle¶
Ressourcen nutzen¶
```bash
Get all resources¶
kubectl get all kubectl get all --all-namespaces
Get specific resources¶
kubectl get pods kubectl get services kubectl get deployments kubectl get nodes kubectl get namespaces
Get with additional information¶
kubectl get pods -o wide kubectl get pods --show-labels kubectl get pods --sort-by=.metadata.creationTimestamp
Get resources in specific namespace¶
kubectl get pods -n kube-system kubectl get pods --all-namespaces
Get resources with custom columns¶
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName ```_
Ressourcen abmelden¶
```bash
Describe resources for detailed information¶
kubectl describe pod
Describe with namespace¶
kubectl describe pod
Erstellen und anwenden¶
```bash
Create resources from file¶
kubectl create -f manifest.yaml kubectl create -f https://raw.githubusercontent.com/example/manifest.yaml
Apply resources (create or update)¶
kubectl apply -f manifest.yaml kubectl apply -f directory/ kubectl apply -R -f directory/ # Recursive
Create resources imperatively¶
kubectl create deployment nginx --image=nginx kubectl create service clusterip nginx --tcp=80:80 kubectl create configmap app-config --from-literal=key=value kubectl create secret generic app-secret --from-literal=password=secret ```_
Löschen von Ressourcen¶
```bash
Delete resources¶
kubectl delete pod
Delete from file¶
kubectl delete -f manifest.yaml
Delete all resources of a type¶
kubectl delete pods --all kubectl delete deployments --all
Delete with label selector¶
kubectl delete pods -l app=nginx
Force delete (use with caution)¶
kubectl delete pod
Podest Management¶
Podeste Operationen¶
```bash
List pods¶
kubectl get pods kubectl get pods -o wide kubectl get pods --field-selector=status.phase=Running
Create pod from image¶
kubectl run nginx --image=nginx kubectl run busybox --image=busybox --rm -it -- /bin/sh # Interactive pod
Get pod logs¶
kubectl logs
Execute commands in pod¶
kubectl exec
Port forwarding¶
kubectl port-forward
Copy files to/from pod¶
kubectl cp
Pod Debugging¶
```bash
Get pod events¶
kubectl get events --field-selector involvedObject.name=
Debug pod startup issues¶
kubectl describe pod
Check resource usage¶
kubectl top pod
Create debug pod¶
kubectl run debug --image=busybox --rm -it -- /bin/sh kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash ```_
Arbeitsverwaltung¶
Einsatzbereiche¶
```bash
Create deployment¶
kubectl create deployment nginx --image=nginx:1.21
Scale deployment¶
kubectl scale deployment nginx --replicas=3 kubectl scale deployment nginx --replicas=0 # Scale down to zero
Update deployment image¶
kubectl set image deployment/nginx nginx=nginx:1.22 kubectl set image deployment/nginx nginx=nginx:1.22 --record
Set environment variables¶
kubectl set env deployment/nginx ENV_VAR=production
Edit deployment¶
kubectl edit deployment nginx
Patch deployment¶
kubectl patch deployment nginx -p '\\{"spec":\\{"replicas":5\\}\\}' ```_
Rollout Management¶
```bash
Check rollout status¶
kubectl rollout status deployment/nginx
View rollout history¶
kubectl rollout history deployment/nginx kubectl rollout history deployment/nginx --revision=2
Rollback deployment¶
kubectl rollout undo deployment/nginx kubectl rollout undo deployment/nginx --to-revision=2
Restart deployment (rolling restart)¶
kubectl rollout restart deployment/nginx
Pause/resume rollout¶
kubectl rollout pause deployment/nginx kubectl rollout resume deployment/nginx ```_
Service Management¶
Dienstleistungen¶
```bash
Expose deployment as service¶
kubectl expose deployment nginx --port=80 --type=ClusterIP kubectl expose deployment nginx --port=80 --type=NodePort kubectl expose deployment nginx --port=80 --type=LoadBalancer
Create service with specific target port¶
kubectl expose deployment nginx --port=80 --target-port=8080
List services¶
kubectl get services kubectl get svc
Describe service¶
kubectl describe service nginx
Get service endpoints¶
kubectl get endpoints nginx
Test service connectivity¶
kubectl run test --image=busybox --rm -it -- wget -qO- http://nginx ```_
ConfigMap und Secret Management¶
ConfigMaßnahmen¶
```bash
Create ConfigMap from literal values¶
kubectl create configmap app-config --from-literal=database_url=mysql://localhost:3306 kubectl create configmap app-config --from-literal=key1=value1 --from-literal=key2=value2
Create ConfigMap from file¶
kubectl create configmap app-config --from-file=config.properties kubectl create configmap app-config --from-file=key=config.properties
Create ConfigMap from directory¶
kubectl create configmap app-config --from-file=config/
View ConfigMap¶
kubectl get configmap app-config -o yaml kubectl describe configmap app-config
Edit ConfigMap¶
kubectl edit configmap app-config ```_
Geheime Operationen¶
```bash
Create secret from literal values¶
kubectl create secret generic app-secret --from-literal=username=admin --from-literal=password=secret
Create secret from file¶
kubectl create secret generic app-secret --from-file=username.txt --from-file=password.txt
Create TLS secret¶
kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key
Create Docker registry secret¶
kubectl create secret docker-registry regcred --docker-server=registry.example.com --docker-username=user --docker-password=pass
View secret (base64 encoded)¶
kubectl get secret app-secret -o yaml
Decode secret value¶
kubectl get secret app-secret -o jsonpath='\\{.data.password\\}'|base64 --decode
Edit secret¶
kubectl edit secret app-secret ```_
Name und Name¶
```bash
List namespaces¶
kubectl get namespaces kubectl get ns
Create namespace¶
kubectl create namespace my-namespace
Delete namespace (deletes all resources in it)¶
kubectl delete namespace my-namespace
Set default namespace for current context¶
kubectl config set-context --current --namespace=my-namespace
Get resources in specific namespace¶
kubectl get pods -n my-namespace
Get resources in all namespaces¶
kubectl get pods --all-namespaces kubectl get pods -A # Short form ```_
Ressourcenüberwachung und Debugging¶
Ressourcennutzung¶
```bash
Node resource usage¶
kubectl top nodes kubectl top nodes --sort-by=cpu kubectl top nodes --sort-by=memory
Pod resource usage¶
kubectl top pods kubectl top pods --sort-by=cpu kubectl top pods --sort-by=memory kubectl top pods --containers # Show container-level metrics kubectl top pods -n kube-system
Specific pod resource usage¶
kubectl top pod
Veranstaltungen und Protokolle¶
```bash
Get cluster events¶
kubectl get events kubectl get events --sort-by=.metadata.creationTimestamp kubectl get events --field-selector type=Warning
Get events for specific resource¶
kubectl get events --field-selector involvedObject.name=
Watch events in real-time¶
kubectl get events --watch
Cluster information¶
kubectl cluster-info kubectl cluster-info dump ```_
Fehlerbehebung¶
```bash
Check node status¶
kubectl get nodes
kubectl describe node
Check system pods¶
kubectl get pods -n kube-system
Check API server health¶
kubectl get --raw='/healthz'
Check component status (deprecated in newer versions)¶
kubectl get componentstatuses kubectl get cs
Network debugging¶
kubectl run netshoot --image=nicolaka/netshoot --rm -it -- /bin/bash kubectl run busybox --image=busybox --rm -it -- /bin/sh
DNS debugging¶
kubectl run debug --image=busybox --rm -it -- nslookup kubernetes.default
kubectl run debug --image=busybox --rm -it -- nslookup
Erweiterte Operationen¶
Label und Annotation Management¶
```bash
Add labels¶
kubectl label pods
Remove labels¶
kubectl label pods
Update labels¶
kubectl label pods
Add annotations¶
kubectl annotate pods
Remove annotations¶
kubectl annotate pods
Select resources by labels¶
kubectl get pods -l environment=production kubectl get pods -l environment!=production kubectl get pods -l 'environment in (production,staging)' kubectl get pods -l 'environment notin (development)' ```_
Feldauswähler¶
```bash
Select by field values¶
kubectl get pods --field-selector status.phase=Running kubectl get pods --field-selector spec.nodeName=node1 kubectl get events --field-selector type=Warning kubectl get events --field-selector involvedObject.kind=Pod
Combine multiple field selectors¶
kubectl get pods --field-selector status.phase=Running,spec.nodeName=node1 ```_
Ausgabeformatierung¶
```bash
JSON output¶
kubectl get pods -o json
kubectl get pod
YAML output¶
kubectl get pods -o yaml
kubectl get pod
Custom columns¶
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName
JSONPath output¶
kubectl get pods -o jsonpath='\\{.items[].metadata.name\\}' kubectl get pods -o jsonpath='\\{range .items[]\\}\\{.metadata.name\\}\\{"\t"\\}\\{.status.phase\\}\\{"\n"\\}\\{end\\}'
Go template output¶
kubectl get pods -o go-template='\\{\\{range .items\\}\\}\\{\\{.metadata.name\\}\\}\\{\\{"\n"\\}\\}\\{\\{end\\}\\}'
Wide output (more columns)¶
kubectl get pods -o wide ```_
Patch Operationen¶
```bash
Strategic merge patch¶
kubectl patch deployment nginx -p '\\{"spec":\\{"replicas":3\\}\\}'
JSON merge patch¶
kubectl patch deployment nginx --type='merge' -p='\\{"spec":\\{"replicas":3\\}\\}'
JSON patch¶
kubectl patch deployment nginx --type='json' -p='[\\{"op": "replace", "path": "/spec/replicas", "value": 3\\}]'
Patch from file¶
kubectl patch deployment nginx --patch-file=patch.yaml ```_
Ressourcenquoten und Grenzwerte¶
```bash
Get resource quotas¶
kubectl get resourcequota kubectl describe resourcequota
Get limit ranges¶
kubectl get limitrange kubectl describe limitrange
Check resource usage against quotas¶
kubectl describe namespace
Batch Operationen¶
Jobs und CronJobs¶
```bash
Create job¶
kubectl create job pi --image=perl -- perl -Mbignum=bpi -wle 'print bpi(2000)'
Create job from cronjob¶
kubectl create job --from=cronjob/backup-job backup-manual
List jobs¶
kubectl get jobs
Describe job¶
kubectl describe job pi
Delete job¶
kubectl delete job pi
List cronjobs¶
kubectl get cronjobs kubectl get cj # Short form
Suspend/resume cronjob¶
kubectl patch cronjob backup-job -p '\\{"spec":\\{"suspend":true\\}\\}' kubectl patch cronjob backup-job -p '\\{"spec":\\{"suspend":false\\}\\}' ```_
Großbetrieb¶
```bash
Delete all pods with label¶
kubectl delete pods -l app=nginx
Delete all resources in namespace¶
kubectl delete all --all -n my-namespace
Scale multiple deployments¶
kubectl scale deployment nginx web api --replicas=3
Apply multiple files¶
kubectl apply -f deployment.yaml -f service.yaml -f ingress.yaml
Apply all files in directory¶
kubectl apply -f ./manifests/
Apply with recursive directory search¶
kubectl apply -R -f ./manifests/ ```_
Sicherheit und RBAC¶
Service Accounts¶
```bash
Create service account¶
kubectl create serviceaccount my-service-account
List service accounts¶
kubectl get serviceaccounts kubectl get sa # Short form
Describe service account¶
kubectl describe serviceaccount my-service-account
Get service account token¶
kubectl get secret $(kubectl get serviceaccount my-service-account -o jsonpath='\\{.secrets[0].name\\}') -o jsonpath='\\{.data.token\\}'|base64 --decode ```_
RBAC-Betriebe¶
```bash
Check permissions¶
kubectl auth can-i create pods kubectl auth can-i create pods --as=system:serviceaccount:default:my-service-account kubectl auth can-i '' '' # Check if cluster admin
List roles and rolebindings¶
kubectl get roles kubectl get rolebindings kubectl get clusterroles kubectl get clusterrolebindings
Describe RBAC resources¶
kubectl describe role
Create role¶
kubectl create role pod-reader --verb=get,list,watch --resource=pods
Create rolebinding¶
kubectl create rolebinding read-pods --role=pod-reader --user=jane
Create clusterrole¶
kubectl create clusterrole cluster-reader --verb=get,list,watch --resource=*
Create clusterrolebinding¶
kubectl create clusterrolebinding cluster-read --clusterrole=cluster-reader --user=jane ```_
Leistung und Optimierung¶
Ressourcenmanagement¶
```bash
Check resource requests and limits¶
kubectl describe nodes|grep -A 5 "Allocated resources"
Get resource usage¶
kubectl top nodes kubectl top pods --all-namespaces
Check pod resource specifications¶
kubectl get pods -o custom-columns=NAME:.metadata.name,CPU-REQUEST:.spec.containers[].resources.requests.cpu,MEMORY-REQUEST:.spec.containers[].resources.requests.memory
Identify pods without resource limits¶
kubectl get pods -o json|jq '.items[]|select(.spec.containers[].resources.limits == null)|.metadata.name' ```_
Clusteranalyse¶
```bash
Get cluster capacity¶
kubectl get nodes -o custom-columns=NAME:.metadata.name,CPU:.status.capacity.cpu,MEMORY:.status.capacity.memory
Check node conditions¶
kubectl get nodes -o custom-columns=NAME:.metadata.name,STATUS:.status.conditions[-1].type
Analyze pod distribution¶
kubectl get pods -o wide --all-namespaces|awk '\\{print $8\\}'|sort|uniq -c
Check for failed pods¶
kubectl get pods --all-namespaces --field-selector=status.phase=Failed ```_
Nützliche Alias und Funktionen¶
```bash
Add to ~/.bashrc or ~/.zshrc¶
Basic aliases¶
alias k='kubectl' alias kg='kubectl get' alias kd='kubectl describe' alias kdel='kubectl delete' alias kl='kubectl logs' alias kex='kubectl exec -it'
Advanced aliases¶
alias kgp='kubectl get pods' alias kgs='kubectl get services' alias kgd='kubectl get deployments' alias kgn='kubectl get nodes'
Functions¶
kns() \\{ kubectl config set-context --current --namespace=$1 \\}
kpf() \\{ kubectl port-forward $1 \(2:\)3 \\}
klf() \\{ kubectl logs -f $1 \\}
Enable kubectl autocompletion¶
source <(kubectl completion bash) # For bash source <(kubectl completion zsh) # For zsh ```_
Gemeinsame Muster und Beispiele¶
Rolling-Updates¶
```bash
Update deployment image¶
kubectl set image deployment/nginx nginx=nginx:1.22 --record
Monitor rollout¶
kubectl rollout status deployment/nginx
Rollback if needed¶
kubectl rollout undo deployment/nginx ```_
Blue-Green Bereitstellung¶
```bash
Create green deployment¶
kubectl create deployment nginx-green --image=nginx:1.22
Scale green deployment¶
kubectl scale deployment nginx-green --replicas=3
Update service selector to point to green¶
kubectl patch service nginx -p '\\{"spec":\\{"selector":\\{"app":"nginx-green"\\}\\}\\}'
Remove blue deployment¶
kubectl delete deployment nginx-blue ```_
Kanarische Bereitstellung¶
```bash
Scale down main deployment¶
kubectl scale deployment nginx --replicas=8
Create canary deployment¶
kubectl create deployment nginx-canary --image=nginx:1.22 kubectl scale deployment nginx-canary --replicas=2
Both deployments serve traffic through same service¶
Monitor metrics and gradually shift traffic¶
```_
Debugging Network Issues¶
```bash
Create debug pod¶
kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash
Inside debug pod:¶
nslookup kubernetes.default¶
nslookup ..svc.cluster.local¶
curl http://..svc.cluster.local¶
traceroute ¶
```_
Best Practices¶
Ressourcenspezifikationen¶
```bash
Always specify resource requests and limits¶
kubectl run nginx --image=nginx --requests='cpu=100m,memory=128Mi' --limits='cpu=200m,memory=256Mi'
Use appropriate restart policies¶
kubectl run job-pod --image=busybox --restart=OnFailure -- /bin/sh -c "echo hello" kubectl run one-time-pod --image=busybox --restart=Never -- /bin/sh -c "echo hello" ```_
Gesundheitschecks¶
```bash
Add health checks to deployments¶
kubectl patch deployment nginx -p '\\{"spec":\\{"template":\\{"spec":\\{"containers":[\\{"name":"nginx","livenessProbe":\\{"httpGet":\\{"path":"/","port":80\\},"initialDelaySeconds":30,"periodSeconds":10\\}\\}]\\}\\}\\}\\}' ```_
Sicherheit¶
```bash
Run containers as non-root¶
kubectl run secure-pod --image=nginx --dry-run=client -o yaml|kubectl patch -f - -p '\\{"spec":\\{"securityContext":\\{"runAsNonRoot":true,"runAsUser":1000\\}\\}\\}'
Use read-only root filesystem¶
kubectl run secure-pod --image=nginx --dry-run=client -o yaml|kubectl patch -f - -p '\\{"spec":\\{"containers":[\\{"name":"secure-pod","securityContext":\\{"readOnlyRootFilesystem":true\\}\\}]\\}\\}' ```_
Ressourcen¶
- Kubectl Referenzdokumentation
- [Kubectl Cheat Sheet](LINK_4
- [Kubernetes API Referenz](LINK_4
- Kubectl Befehle Referenz