Kubernetes Cheatsheet
Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.
instalación and Setup
kubectl instalación
# Linux instalación
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# macOS instalación
brew install kubectl
# Windows instalación (PowerShell)
curl.exe -LO "https://dl.k8s.io/release/v1.28.0/bin/windows/amd64/kubectl.exe"
# Verify instalación
kubectl version --client
Cluster Setup opcións
# Minikube (local development)
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
minikube start
# Kind (Kubernetes in Docker)
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind create cluster
# kubeadm (production clusters)
sudo apt-get update && sudo apt-get install -y kubeadm kubelet kubectl
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
configuración
# Set up kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# View current context
kubectl config current-context
# List all contexts
kubectl config get-contexts
# Switch context
kubectl config use-context my-cluster
# Set default namespace
kubectl config set-context --current --namespace=my-namespace
Basic comandos
Cluster Information
# Cluster info
kubectl cluster-info
# Node information
kubectl get nodes
kubectl describe node <node-name>
# Cluster version
kubectl version
# API resources
kubectl api-resources
# API versions
kubectl api-versions
Namespace Management
# List namespaces
kubectl get namespaces
kubectl get ns
# Create namespace
kubectl create namespace my-namespace
# Delete namespace
kubectl delete namespace my-namespace
# Set default namespace
kubectl config set-context --current --namespace=my-namespace
Basic Resource Operations
# Get resources
kubectl get pods
kubectl get servicios
kubectl get deployments
kubectl get all
# Describe resources
kubectl describe pod <pod-name>
kubectl describe servicio <servicio-name>
# Create resources
kubectl create -f manifest.yaml
kubectl apply -f manifest.yaml
# Delete resources
kubectl delete pod <pod-name>
kubectl delete -f manifest.yaml
Pod Management
Pod Operations
# List pods
kubectl get pods
kubectl get pods -o wide
kubectl get pods --all-namespaces
# Create pod from image
kubectl run nginx --image=nginx
# Get pod details
kubectl describe pod <pod-name>
# Get pod logs
kubectl logs <pod-name>
kubectl logs -f <pod-name> # Follow logs
kubectl logs <pod-name> -c <container-name> # Multi-container pod
# Execute comandos in pod
kubectl exec -it <pod-name> -- /bin/bash
kubectl exec <pod-name> -- ls /app
# puerto forwarding
kubectl puerto-forward <pod-name> 8080:80
# Copy files
kubectl cp <pod-name>:/path/to/file ./local-file
kubectl cp ./local-file <pod-name>:/path/to/file
Pod Manifest ejemplo
# pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.21
puertos:
- containerpuerto: 80
env:
- name: ENV_VAR
value: "production"
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
Deployments
Deployment Operations
# Create deployment
kubectl create deployment nginx --image=nginx:1.21
# Scale deployment
kubectl scale deployment nginx --replicas=3
# Update deployment image
kubectl set image deployment/nginx nginx=nginx:1.22
# Rollout status
kubectl rollout status deployment/nginx
# Rollout history
kubectl rollout history deployment/nginx
# Rollback deployment
kubectl rollout undo deployment/nginx
kubectl rollout undo deployment/nginx --to-revision=2
# Delete deployment
kubectl delete deployment nginx
Deployment Manifest
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.21
puertos:
- containerpuerto: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
puerto: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
puerto: 80
initialDelaySeconds: 5
periodSeconds: 5
servicios
servicio Types and Operations
# Expose deployment as servicio
kubectl expose deployment nginx --puerto=80 --type=ClusterIP
# Create servicio from manifest
kubectl apply -f servicio.yaml
# List servicios
kubectl get servicios
kubectl get svc
# Describe servicio
kubectl describe servicio nginx
# Delete servicio
kubectl delete servicio nginx
servicio Manifests
# ClusterIP servicio
apiVersion: v1
kind: servicio
metadata:
name: nginx-clusterip
spec:
selector:
app: nginx
puertos:
- protocolo: TCP
puerto: 80
objetivopuerto: 80
type: ClusterIP
---
# Nodepuerto servicio
apiVersion: v1
kind: servicio
metadata:
name: nginx-nodepuerto
spec:
selector:
app: nginx
puertos:
- protocolo: TCP
puerto: 80
objetivopuerto: 80
nodepuerto: 30080
type: Nodepuerto
---
# LoadBalancer servicio
apiVersion: v1
kind: servicio
metadata:
name: nginx-loadbalancer
spec:
selector:
app: nginx
puertos:
- protocolo: TCP
puerto: 80
objetivopuerto: 80
type: LoadBalancer
ConfigMaps and Secrets
ConfigMap Operations
# Create ConfigMap from literal
kubectl create configmap app-config --from-literal=database_url=mysql://localhost:3306
# Create ConfigMap from file
kubectl create configmap app-config --from-file=config.properties
# Create ConfigMap from directory
kubectl create configmap app-config --from-file=config/
# Get ConfigMap
kubectl get configmap app-config -o yaml
# Delete ConfigMap
kubectl delete configmap app-config
ConfigMap Manifest
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
database_url: "mysql://localhost:3306"
debug_mode: "true"
config.properties: |
database.host=localhost
database.puerto=3306
database.name=myapp
Secret Operations
# Create secret from literal
kubectl create secret generic app-secret --from-literal=contraseña=mysecretcontraseña
# Create secret from file
kubectl create secret generic app-secret --from-file=ssh-privateclave=~/.ssh/id_rsa
# Create TLS secret
kubectl create secret tls tls-secret --cert=tls.crt --clave=tls.clave
# Get secret (base64 encoded)
kubectl get secret app-secret -o yaml
# Decode secret
kubectl get secret app-secret -o jsonpath='\\\\{.data.contraseña\\\\}'|base64 --decode
Secret Manifest
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
nombre de usuario: YWRtaW4= # base64 encoded 'admin'
contraseña: MWYyZDFlMmU2N2Rm # base64 encoded contraseña
Using ConfigMaps and Secrets in Pods
# pod-with-config.yaml
apiVersion: v1
kind: Pod
metadata:
name: app-pod
spec:
containers:
- name: app
image: nginx
env:
- name: DATABASE_URL
valueFrom:
configMapclaveRef:
name: app-config
clave: database_url
- name: DB_contraseña
valueFrom:
secretclaveRef:
name: app-secret
clave: contraseña
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: secret-volume
mountPath: /etc/secrets
readOnly: true
volumes:
- name: config-volume
configMap:
name: app-config
- name: secret-volume
secret:
secretName: app-secret
Persistent Volumes
PersistentVolume and PersistentVolumeClaim
# persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-storage
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
hostPath:
path: /mnt/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: manual
Using PVC in Pod
# pod-with-pvc.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-with-storage
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: storage
mountPath: /usr/share/nginx/html
volumes:
- name: storage
persistentVolumeClaim:
claimName: pvc-storage
Ingress
Ingress Controller Setup
# Install NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
# Verify instalación
kubectl get pods -n ingress-nginx
kubectl get servicios -n ingress-nginx
Ingress Manifest
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-objetivo: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- myapp.ejemplo.com
secretName: tls-secret
rules:
- host: myapp.ejemplo.com
http:
paths:
- path: /
pathType: Prefix
backend:
servicio:
name: nginx-servicio
puerto:
number: 80
- path: /api
pathType: Prefix
backend:
servicio:
name: api-servicio
puerto:
number: 8080
Monitoring and Debugging
Resource Monitoring
# Resource uso
kubectl top nodes
kubectl top pods
kubectl top pods --containers
# Events
kubectl get events
kubectl get events --sort-by=.metadata.creationTimestamp
# Describe for debugging
kubectl describe pod <pod-name>
kubectl describe node <node-name>
# Logs
kubectl logs <pod-name>
kubectl logs <pod-name> --previous # Previous container logs
kubectl logs -l app=nginx # Logs from all pods with label
solución de problemas comandos
# Check pod status
kubectl get pods -o wide
# Debug pod issues
kubectl describe pod <pod-name>
kubectl logs <pod-name>
kubectl exec -it <pod-name> -- /bin/sh
# Network debugging
kubectl run debug --image=busybox --rm -it -- /bin/sh
kubectl run debug --image=nicolaka/netshoot --rm -it -- /bin/bash
# DNS debugging
kubectl run debug --image=busybox --rm -it -- nslookup kubernetes.default
# Check resource quotas
kubectl describe resourcequota
kubectl describe limitrange
Advanced Features
Jobs and CronJobs
# job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pi-calculation
spec:
template:
spec:
containers:
- name: pi
image: perl
comando: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4
---
# cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup-job
spec:
schedule: "0 2 * * *" # Daily at 2 AM
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: backup-tool
comando: ["/bin/sh", "-c", "backup-script.sh"]
restartPolicy: OnFailure
demonioSet
# demonioset.yaml
apiVersion: apps/v1
kind: demonioSet
metadata:
name: fluentd-demonioset
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
- name: fluentd
image: fluentd:v1.14
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
StatefulSet
# statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql-statefulset
spec:
servicioName: mysql
replicas: 3
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
env:
- name: MYSQL_ROOT_contraseña
value: "rootcontraseña"
puertos:
- containerpuerto: 3306
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: mysql-storage
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
Security
RBAC (Role-Based Control de Acceso)
# rbac.yaml
apiVersion: v1
kind: servicioAccount
metadata:
name: app-servicio-account
---
apiVersion: rbac.autorización.k8s.io/v1
kind: Role
metadata:
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.autorización.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
subjects:
- kind: servicioAccount
name: app-servicio-account
namespace: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.autorización.k8s.io
Network Policies
# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
spec:
podSelector: \\\\{\\\\}
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-nginx
spec:
podSelector:
matchLabels:
app: nginx
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
puertos:
- protocolo: TCP
puerto: 80
Pod Security Standards
# pod-security.yaml
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
containers:
- name: app
image: nginx
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- name: tmp
mountPath: /tmp
- name: cache
mountPath: /var/cache/nginx
volumes:
- name: tmp
emptyDir: \\\\{\\\\}
- name: cache
emptyDir: \\\\{\\\\}
Helm Package Manager
Helm instalación
# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3|bash
# Add repository
helm repo add stable https://charts.helm.sh/stable
helm repo update
# Search charts
helm search repo nginx
# Install chart
helm install my-nginx stable/nginx-ingress
# List releases
helm list
# Upgrade release
helm upgrade my-nginx stable/nginx-ingress
# Uninstall release
helm uninstall my-nginx
Creating Helm Charts
# Create new chart
helm create my-app
# Chart structure
my-app/
├── Chart.yaml
├── values.yaml
├── templates/
│ ├── deployment.yaml
│ ├── servicio.yaml
│ └── ingress.yaml
└── charts/
Best Practices
Resource Management
# Always specify resource requests and limits
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
# Use appropriate restart policies
restartPolicy: Always # For Deployments
restartPolicy: OnFailure # For Jobs
restartPolicy: Never # For one-time tasks
Health Checks
# Liveness and readiness probes
livenessProbe:
httpGet:
path: /health
puerto: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
puerto: 8080
initialDelaySeconds: 5
periodSeconds: 5
Labels and Annotations
# Use consistent labeling
metadata:
labels:
app: myapp
version: v1.0.0
component: frontend
part-of: myapp-system
managed-by: helm
annotations:
deployment.kubernetes.io/revision: "1"
Descripción: "Frontend component of myapp"
Useful comandos Reference
# Referencia Rápida comandos
kubectl get all # Get all resources
kubectl get pods -o wide # Detailed pod info
kubectl describe pod <name> # Pod details
kubectl logs -f <pod> # Follow logs
kubectl exec -it <pod> -- /bin/bash # Shell into pod
kubectl puerto-forward <pod> 8080:80 # puerto forward
kubectl apply -f manifest.yaml # Apply manifest
kubectl delete -f manifest.yaml # Delete from manifest
kubectl scale deployment <name> --replicas=3 # Scale deployment
kubectl rollout restart deployment <name> # Restart deployment
kubectl get events --sort-by=.metadata.creationTimestamp # Recent events
kubectl top nodes # Node resource uso
kubectl top pods # Pod resource uso