kubectl Cheatsheet

"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiado Todos los comandos kubectl id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar kubectl PDF Guía ■/div titulada

kubectl es la herramienta de línea de comandos para interactuar con cúmulos de Kubernetes. Permite desplegar aplicaciones, inspeccionar y gestionar los recursos de grupos temáticos y ver registros.

Instalación y configuración

Instalación

# Linux installation
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

# macOS installation
brew install kubectl

# Windows installation (PowerShell)
curl.exe -LO "https://dl.k8s.io/release/v1.28.0/bin/windows/amd64/kubectl.exe"

# Verify installation
kubectl version --client

Configuración

# View current configuration
kubectl config view

# Get current context
kubectl config current-context

# List all contexts
kubectl config get-contexts

# Switch context
kubectl config use-context my-cluster

# Set default namespace for current context
kubectl config set-context --current --namespace=my-namespace

# Create new context
kubectl config set-context my-context --cluster=my-cluster --user=my-user --namespace=my-namespace

# Delete context
kubectl config delete-context my-context

Acceso al grupo

# Set cluster credentials
kubectl config set-cluster my-cluster --server=https://k8s-cluster.example.com --certificate-authority=ca.crt

# Set user credentials
kubectl config set-credentials my-user --client-certificate=client.crt --client-key=client.key

# Set credentials with token
kubectl config set-credentials my-user --token=bearer_token_here

# Merge kubeconfig files
KUBECONFIG=~/.kube/config:~/.kube/config2 kubectl config view --merge --flatten > ~/.kube/merged_config

Comandos básicos

Obtener recursos

# Get all resources
kubectl get all
kubectl get all --all-namespaces

# Get specific resources
kubectl get pods
kubectl get services
kubectl get deployments
kubectl get nodes
kubectl get namespaces

# Get with additional information
kubectl get pods -o wide
kubectl get pods --show-labels
kubectl get pods --sort-by=.metadata.creationTimestamp

# Get resources in specific namespace
kubectl get pods -n kube-system
kubectl get pods --all-namespaces

# Get resources with custom columns
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName

Describe Recursos

# Describe resources for detailed information
kubectl describe pod <pod-name>
kubectl describe service <service-name>
kubectl describe node <node-name>
kubectl describe deployment <deployment-name>

# Describe with namespace
kubectl describe pod <pod-name> -n <namespace>

Crear y aplicar

# Create resources from file
kubectl create -f manifest.yaml
kubectl create -f https://raw.githubusercontent.com/example/manifest.yaml

# Apply resources (create or update)
kubectl apply -f manifest.yaml
kubectl apply -f directory/
kubectl apply -R -f directory/  # Recursive

# Create resources imperatively
kubectl create deployment nginx --image=nginx
kubectl create service clusterip nginx --tcp=80:80
kubectl create configmap app-config --from-literal=key=value
kubectl create secret generic app-secret --from-literal=password=secret

Suprimir recursos

# Delete resources
kubectl delete pod <pod-name>
kubectl delete service <service-name>
kubectl delete deployment <deployment-name>

# Delete from file
kubectl delete -f manifest.yaml

# Delete all resources of a type
kubectl delete pods --all
kubectl delete deployments --all

# Delete with label selector
kubectl delete pods -l app=nginx

# Force delete (use with caution)
kubectl delete pod <pod-name> --force --grace-period=0

Pod Management

Pod Operations

# List pods
kubectl get pods
kubectl get pods -o wide
kubectl get pods --field-selector=status.phase=Running

# Create pod from image
kubectl run nginx --image=nginx
kubectl run busybox --image=busybox --rm -it -- /bin/sh  # Interactive pod

# Get pod logs
kubectl logs <pod-name>
kubectl logs <pod-name> -c <container-name>  # Multi-container pod
kubectl logs -f <pod-name>  # Follow logs
kubectl logs --previous <pod-name>  # Previous container logs
kubectl logs -l app=nginx  # Logs from all pods with label

# Execute commands in pod
kubectl exec <pod-name> -- ls /app
kubectl exec -it <pod-name> -- /bin/bash
kubectl exec -it <pod-name> -c <container-name> -- /bin/sh

# Port forwarding
kubectl port-forward <pod-name> 8080:80
kubectl port-forward service/<service-name> 8080:80

# Copy files to/from pod
kubectl cp <pod-name>:/path/to/file ./local-file
kubectl cp ./local-file <pod-name>:/path/to/file
kubectl cp <pod-name>:/path/to/file ./local-file -c <container-name>

Pod Debugging

# Get pod events
kubectl get events --field-selector involvedObject.name=<pod-name>

# Debug pod startup issues
kubectl describe pod <pod-name>
kubectl logs <pod-name> --previous

# Check resource usage
kubectl top pod <pod-name>
kubectl top pod <pod-name> --containers

# Create debug pod
kubectl run debug --image=busybox --rm -it -- /bin/sh
kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash

Gestión del despliegue

Operaciones de despliegue

# Create deployment
kubectl create deployment nginx --image=nginx:1.21

# Scale deployment
kubectl scale deployment nginx --replicas=3
kubectl scale deployment nginx --replicas=0  # Scale down to zero

# Update deployment image
kubectl set image deployment/nginx nginx=nginx:1.22
kubectl set image deployment/nginx nginx=nginx:1.22 --record

# Set environment variables
kubectl set env deployment/nginx ENV_VAR=production

# Edit deployment
kubectl edit deployment nginx

# Patch deployment
kubectl patch deployment nginx -p '\\\\{"spec":\\\\{"replicas":5\\\\}\\\\}'

Rollout Management

# Check rollout status
kubectl rollout status deployment/nginx

# View rollout history
kubectl rollout history deployment/nginx
kubectl rollout history deployment/nginx --revision=2

# Rollback deployment
kubectl rollout undo deployment/nginx
kubectl rollout undo deployment/nginx --to-revision=2

# Restart deployment (rolling restart)
kubectl rollout restart deployment/nginx

# Pause/resume rollout
kubectl rollout pause deployment/nginx
kubectl rollout resume deployment/nginx

Gestión de servicios

Operaciones de servicio

# Expose deployment as service
kubectl expose deployment nginx --port=80 --type=ClusterIP
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl expose deployment nginx --port=80 --type=LoadBalancer

# Create service with specific target port
kubectl expose deployment nginx --port=80 --target-port=8080

# List services
kubectl get services
kubectl get svc

# Describe service
kubectl describe service nginx

# Get service endpoints
kubectl get endpoints nginx

# Test service connectivity
kubectl run test --image=busybox --rm -it -- wget -qO- http://nginx

ConfigMap y Gestión Secreta

Operaciones ConfigMap

# Create ConfigMap from literal values
kubectl create configmap app-config --from-literal=database_url=mysql://localhost:3306
kubectl create configmap app-config --from-literal=key1=value1 --from-literal=key2=value2

# Create ConfigMap from file
kubectl create configmap app-config --from-file=config.properties
kubectl create configmap app-config --from-file=key=config.properties

# Create ConfigMap from directory
kubectl create configmap app-config --from-file=config/

# View ConfigMap
kubectl get configmap app-config -o yaml
kubectl describe configmap app-config

# Edit ConfigMap
kubectl edit configmap app-config

Operaciones secretas

# Create secret from literal values
kubectl create secret generic app-secret --from-literal=username=admin --from-literal=password=secret

# Create secret from file
kubectl create secret generic app-secret --from-file=username.txt --from-file=password.txt

# Create TLS secret
kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key

# Create Docker registry secret
kubectl create secret docker-registry regcred --docker-server=registry.example.com --docker-username=user --docker-password=pass

# View secret (base64 encoded)
kubectl get secret app-secret -o yaml

# Decode secret value
kubectl get secret app-secret -o jsonpath='\\\\{.data.password\\\\}'|base64 --decode

# Edit secret
kubectl edit secret app-secret

Gestión del espacio de nombres

# List namespaces
kubectl get namespaces
kubectl get ns

# Create namespace
kubectl create namespace my-namespace

# Delete namespace (deletes all resources in it)
kubectl delete namespace my-namespace

# Set default namespace for current context
kubectl config set-context --current --namespace=my-namespace

# Get resources in specific namespace
kubectl get pods -n my-namespace

# Get resources in all namespaces
kubectl get pods --all-namespaces
kubectl get pods -A  # Short form

Vigilancia de los recursos y depuración

Uso de recursos

# Node resource usage
kubectl top nodes
kubectl top nodes --sort-by=cpu
kubectl top nodes --sort-by=memory

# Pod resource usage
kubectl top pods
kubectl top pods --sort-by=cpu
kubectl top pods --sort-by=memory
kubectl top pods --containers  # Show container-level metrics
kubectl top pods -n kube-system

# Specific pod resource usage
kubectl top pod <pod-name>
kubectl top pod <pod-name> --containers

Eventos y registros

# Get cluster events
kubectl get events
kubectl get events --sort-by=.metadata.creationTimestamp
kubectl get events --field-selector type=Warning

# Get events for specific resource
kubectl get events --field-selector involvedObject.name=<pod-name>

# Watch events in real-time
kubectl get events --watch

# Cluster information
kubectl cluster-info
kubectl cluster-info dump

Solución de problemas

# Check node status
kubectl get nodes
kubectl describe node <node-name>

# Check system pods
kubectl get pods -n kube-system

# Check API server health
kubectl get --raw='/healthz'

# Check component status (deprecated in newer versions)
kubectl get componentstatuses
kubectl get cs

# Network debugging
kubectl run netshoot --image=nicolaka/netshoot --rm -it -- /bin/bash
kubectl run busybox --image=busybox --rm -it -- /bin/sh

# DNS debugging
kubectl run debug --image=busybox --rm -it -- nslookup kubernetes.default
kubectl run debug --image=busybox --rm -it -- nslookup <service-name>.<namespace>.svc.cluster.local

Operaciones avanzadas

Gestión de etiquetas y anotaciones

# Add labels
kubectl label pods <pod-name> environment=production
kubectl label nodes <node-name> disktype=ssd

# Remove labels
kubectl label pods <pod-name> environment-

# Update labels
kubectl label pods <pod-name> environment=staging --overwrite

# Add annotations
kubectl annotate pods <pod-name> description="Web server pod"

# Remove annotations
kubectl annotate pods <pod-name> description-

# Select resources by labels
kubectl get pods -l environment=production
kubectl get pods -l environment!=production
kubectl get pods -l 'environment in (production,staging)'
kubectl get pods -l 'environment notin (development)'

Selectores de campo

# Select by field values
kubectl get pods --field-selector status.phase=Running
kubectl get pods --field-selector spec.nodeName=node1
kubectl get events --field-selector type=Warning
kubectl get events --field-selector involvedObject.kind=Pod

# Combine multiple field selectors
kubectl get pods --field-selector status.phase=Running,spec.nodeName=node1

Formato de salida

# JSON output
kubectl get pods -o json
kubectl get pod <pod-name> -o json

# YAML output
kubectl get pods -o yaml
kubectl get pod <pod-name> -o yaml

# Custom columns
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName

# JSONPath output
kubectl get pods -o jsonpath='\\\\{.items[*].metadata.name\\\\}'
kubectl get pods -o jsonpath='\\\\{range .items[*]\\\\}\\\\{.metadata.name\\\\}\\\\{"\t"\\\\}\\\\{.status.phase\\\\}\\\\{"\n"\\\\}\\\\{end\\\\}'

# Go template output
kubectl get pods -o go-template='\\\\{\\\\{range .items\\\\}\\\\}\\\\{\\\\{.metadata.name\\\\}\\\\}\\\\{\\\\{"\n"\\\\}\\\\}\\\\{\\\\{end\\\\}\\\\}'

# Wide output (more columns)
kubectl get pods -o wide

Operaciones de parche

# Strategic merge patch
kubectl patch deployment nginx -p '\\\\{"spec":\\\\{"replicas":3\\\\}\\\\}'

# JSON merge patch
kubectl patch deployment nginx --type='merge' -p='\\\\{"spec":\\\\{"replicas":3\\\\}\\\\}'

# JSON patch
kubectl patch deployment nginx --type='json' -p='[\\\\{"op": "replace", "path": "/spec/replicas", "value": 3\\\\}]'

# Patch from file
kubectl patch deployment nginx --patch-file=patch.yaml

Recursos Quotas y Límites

# Get resource quotas
kubectl get resourcequota
kubectl describe resourcequota

# Get limit ranges
kubectl get limitrange
kubectl describe limitrange

# Check resource usage against quotas
kubectl describe namespace <namespace-name>

Batch Operations

Trabajos y CronJobs

# Create job
kubectl create job pi --image=perl -- perl -Mbignum=bpi -wle 'print bpi(2000)'

# Create job from cronjob
kubectl create job --from=cronjob/backup-job backup-manual

# List jobs
kubectl get jobs

# Describe job
kubectl describe job pi

# Delete job
kubectl delete job pi

# List cronjobs
kubectl get cronjobs
kubectl get cj  # Short form

# Suspend/resume cronjob
kubectl patch cronjob backup-job -p '\\\\{"spec":\\\\{"suspend":true\\\\}\\\\}'
kubectl patch cronjob backup-job -p '\\\\{"spec":\\\\{"suspend":false\\\\}\\\\}'

Operaciones a granel

# Delete all pods with label
kubectl delete pods -l app=nginx

# Delete all resources in namespace
kubectl delete all --all -n my-namespace

# Scale multiple deployments
kubectl scale deployment nginx web api --replicas=3

# Apply multiple files
kubectl apply -f deployment.yaml -f service.yaml -f ingress.yaml

# Apply all files in directory
kubectl apply -f ./manifests/

# Apply with recursive directory search
kubectl apply -R -f ./manifests/

Seguridad y RBAC

Cuentas de servicios

# Create service account
kubectl create serviceaccount my-service-account

# List service accounts
kubectl get serviceaccounts
kubectl get sa  # Short form

# Describe service account
kubectl describe serviceaccount my-service-account

# Get service account token
kubectl get secret $(kubectl get serviceaccount my-service-account -o jsonpath='\\\\{.secrets[0].name\\\\}') -o jsonpath='\\\\{.data.token\\\\}'|base64 --decode

RBAC Operations

# Check permissions
kubectl auth can-i create pods
kubectl auth can-i create pods --as=system:serviceaccount:default:my-service-account
kubectl auth can-i '*' '*'  # Check if cluster admin

# List roles and rolebindings
kubectl get roles
kubectl get rolebindings
kubectl get clusterroles
kubectl get clusterrolebindings

# Describe RBAC resources
kubectl describe role <role-name>
kubectl describe rolebinding <rolebinding-name>

# Create role
kubectl create role pod-reader --verb=get,list,watch --resource=pods

# Create rolebinding
kubectl create rolebinding read-pods --role=pod-reader --user=jane

# Create clusterrole
kubectl create clusterrole cluster-reader --verb=get,list,watch --resource=*

# Create clusterrolebinding
kubectl create clusterrolebinding cluster-read --clusterrole=cluster-reader --user=jane

Rendimiento y optimización

Gestión de los recursos

# Check resource requests and limits
kubectl describe nodes|grep -A 5 "Allocated resources"

# Get resource usage
kubectl top nodes
kubectl top pods --all-namespaces

# Check pod resource specifications
kubectl get pods -o custom-columns=NAME:.metadata.name,CPU-REQUEST:.spec.containers[*].resources.requests.cpu,MEMORY-REQUEST:.spec.containers[*].resources.requests.memory

# Identify pods without resource limits
kubectl get pods -o json|jq '.items[]|select(.spec.containers[].resources.limits == null)|.metadata.name'

Cluster Analysis

# Get cluster capacity
kubectl get nodes -o custom-columns=NAME:.metadata.name,CPU:.status.capacity.cpu,MEMORY:.status.capacity.memory

# Check node conditions
kubectl get nodes -o custom-columns=NAME:.metadata.name,STATUS:.status.conditions[-1].type

# Analyze pod distribution
kubectl get pods -o wide --all-namespaces|awk '\\\\{print $8\\\\}'|sort|uniq -c

# Check for failed pods
kubectl get pods --all-namespaces --field-selector=status.phase=Failed

Aliases y Funciones útiles

# Add to ~/.bashrc or ~/.zshrc

# Basic aliases
alias k='kubectl'
alias kg='kubectl get'
alias kd='kubectl describe'
alias kdel='kubectl delete'
alias kl='kubectl logs'
alias kex='kubectl exec -it'

# Advanced aliases
alias kgp='kubectl get pods'
alias kgs='kubectl get services'
alias kgd='kubectl get deployments'
alias kgn='kubectl get nodes'

# Functions
kns() \\\\{
  kubectl config set-context --current --namespace=$1
\\\\}

kpf() \\\\{
  kubectl port-forward $1 $2:$3
\\\\}

klf() \\\\{
  kubectl logs -f $1
\\\\}

# Enable kubectl autocompletion
source <(kubectl completion bash)  # For bash
source <(kubectl completion zsh)   # For zsh

Patrones y ejemplos comunes

Actualizaciones de rodillos

# Update deployment image
kubectl set image deployment/nginx nginx=nginx:1.22 --record

# Monitor rollout
kubectl rollout status deployment/nginx

# Rollback if needed
kubectl rollout undo deployment/nginx

Despliegue Blue-Green

# Create green deployment
kubectl create deployment nginx-green --image=nginx:1.22

# Scale green deployment
kubectl scale deployment nginx-green --replicas=3

# Update service selector to point to green
kubectl patch service nginx -p '\\\\{"spec":\\\\{"selector":\\\\{"app":"nginx-green"\\\\}\\\\}\\\\}'

# Remove blue deployment
kubectl delete deployment nginx-blue

Despliegue canario

# Scale down main deployment
kubectl scale deployment nginx --replicas=8

# Create canary deployment
kubectl create deployment nginx-canary --image=nginx:1.22
kubectl scale deployment nginx-canary --replicas=2

# Both deployments serve traffic through same service
# Monitor metrics and gradually shift traffic

Debugging Network Issues

# Create debug pod
kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash

# Inside debug pod:
# nslookup kubernetes.default
# nslookup <service-name>.<namespace>.svc.cluster.local
# curl http://<service-name>.<namespace>.svc.cluster.local
# traceroute <pod-ip>

Buenas prácticas

Especificaciones de recursos

# Always specify resource requests and limits
kubectl run nginx --image=nginx --requests='cpu=100m,memory=128Mi' --limits='cpu=200m,memory=256Mi'

# Use appropriate restart policies
kubectl run job-pod --image=busybox --restart=OnFailure -- /bin/sh -c "echo hello"
kubectl run one-time-pod --image=busybox --restart=Never -- /bin/sh -c "echo hello"

Controles de salud

# Add health checks to deployments
kubectl patch deployment nginx -p '\\\\{"spec":\\\\{"template":\\\\{"spec":\\\\{"containers":[\\\\{"name":"nginx","livenessProbe":\\\\{"httpGet":\\\\{"path":"/","port":80\\\\},"initialDelaySeconds":30,"periodSeconds":10\\\\}\\\\}]\\\\}\\\\}\\\\}\\\\}'

Seguridad

# Run containers as non-root
kubectl run secure-pod --image=nginx --dry-run=client -o yaml|kubectl patch -f - -p '\\\\{"spec":\\\\{"securityContext":\\\\{"runAsNonRoot":true,"runAsUser":1000\\\\}\\\\}\\\\}'

# Use read-only root filesystem
kubectl run secure-pod --image=nginx --dry-run=client -o yaml|kubectl patch -f - -p '\\\\{"spec":\\\\{"containers":[\\\\{"name":"secure-pod","securityContext":\\\\{"readOnlyRootFilesystem":true\\\\}\\\\}]\\\\}\\\\}'

Recursos

• Kubectl Referencia Documentación
• Kubectl Cheat Sheet
• Kubernetes API Reference
• kubectl Commands Reference