Kubernetes : Your Ultimate Cheatsheet

Mastering Kubernetes means mastering kubectl.

This guide contains every important Kubernetes commands from basics to SRE-level advanced debugging. These are not the usual “kubectl get pods” basics but deep cut commands for debugging, networking, performance, API calls, manifests, and cluster internals.

Perfect for DevOps engineers, SREs, Kubernetes admins, and more.

Table of Contents

• Basic Commands
• Pods
• Deployments
• Services
• ConfigMaps & Secrets
• Persistent Storage
• Namespaces
• Logs & Debugging
• Rollouts & Scaling
• RBAC
• Node Commands
• Cluster Info
• Cleanup
• Productivity Tricks
• Advanced Commands (SRE Level)
• Full Printable Cheat Sheet

---

Basic Commands

kubectl version
kubectl cluster-info
kubectl get nodes
kubectl get all
kubectl api-resources
kubectl api-versions
kubectl describe node <name>

Kubernetes is used when it needs to run many containers-> containing images of applications having multiple microservices, reliably, scale automatically, and manage deployments easily.

---

Pods

• A Pod in Kubernetes is the smallest deployable unit that runs your application container(s).

• Its a lightweight wrapper around containers, not a server.
  It runs on a node, and the node is a Linux server.

• A pod is just a logical unit that tells Kubernetes how to run one or more containers together. A Pods gives us-
  IP address for the container
  Network (shared between containers in the pod)
  Storage volumes
  Restart policies
  Sidecar support (multiple containers working together)
  Containers cannot provide these features thus pods were invented.
  

kubectl run nginx --image=nginx
kubectl get pods
kubectl get po -o wide
kubectl get po -A
kubectl describe pod <pod-name>
kubectl delete pod <name>
kubectl exec -it <pod> -- bash

---

Deployments

Deployment is a controller that manages and maintains Pods automatically. It keeps and insures your Pods running, healthy reliably, and updated safely.

kubectl create deployment web --image=nginx
kubectl get deployments
kubectl describe deployment web
kubectl edit deployment web
kubectl delete deployment web

---

Services

kubectl expose deployment web --port=80 --type=ClusterIP
kubectl expose deployment web --type=NodePort --port=80
kubectl expose deployment web --type=LoadBalancer --port=80
kubectl get svc
kubectl describe svc web

• Service → Provides stable access to pods.
• ClusterIP → Internal-only service.
• NodePort → Exposes service on node ports.
• LoadBalancer → Exposes service externally via cloud LB.
• Ingress → Routes HTTP traffic into the cluster.

---

ConfigMaps & Secrets

ConfigMap stores non-sensitive configuration data (like environment variables, app settings, URLs) that your application needs.

Secret stores sensitive data such as passwords, tokens, and certificates (encoded and protected)

kubectl create configmap app-config --from-literal=ENV=dev
kubectl create configmap app-config --from-file=config.json
kubectl get configmap
kubectl describe configmap app-config

kubectl create secret generic app-secret --from-literal=DB_PASS=admin123
kubectl get secrets
kubectl describe secret app-secret

---

Persistent Storage

• Persistent Storage ensures your important data stays safe even when pods don’t.

• Because pods are temporary, they can die, restart, or move to another node at any time. If storage was inside the pod, all data would be lost when that happens.

Following data will need persistent storage.

• Database data (MySQL, PostgreSQL, MongoDB)
• User-uploaded files (images, documents, videos)
• Logs that must be stored long-term
• Application state (caches, sessions, checkpoints)
• Configuration files that apps generate at runtime
• Basically Any data your application needs to keep permanently.

kubectl get pv
kubectl get pvc
kubectl describe pvc <name>
kubectl delete pvc <name>

persistent storage is the main permanent storage for your application’s data. But.....
If persistent storage is lost, your application loses its saved data.

But most real systems avoid this by using highly reliable storage:

1. AWS EBS (replicated)
2. GCP Persistent Disk
3. Azure Disk
4. Ceph / NFS clusters
5. RAID-backed storage

So in production, persistent storage is designed to be very safe and not easily lost.

---

Namespaces

Namespaces are virtual partitions inside a Kubernetes cluster that help organize and isolate resources. It helps to organize things inside the cluster.

Namespaces separate environments or teams inside the same cluster.

For Example:
dev, test, prod --> all in one cluster, but isolated.

kubectl get ns
kubectl create namespace dev
kubectl config set-context --current --namespace=dev
kubectl delete namespace dev

---

Logs & Debugging

Kuberenetes logs = App logs + Pod logs + Node logs + Control Plane logs

kubectl logs <pod>
kubectl logs <pod> -f
kubectl logs <pod> --previous
kubectl exec -it <pod> -- sh
kubectl debug <pod> -it --image=busybox

1.Application Logs - Logs from your container (your app’s stdout/stderr).
Example: API errors, business logic, print statements.

2.Pod Logs - Logs collected from each container inside the pod.
Example: kubectl logs

3.Node Logs - Logs from the underlying server (node).
Example: OS logs, kubelet logs, container runtime logs.

4.Control Plane Logs - Logs from Kubernetes system components:
API Server
Scheduler
Controller Manager
etcd
(These are found in the kube-system namespace.)

---

Rollouts & Scaling

Rollouts mean updating your application safely. Kubernetes replaces old pods with new ones without downtime.

Scaling means increasing or reducing the number of pods based on traffic or load.

kubectl set image deployment/web nginx=nginx:latest
kubectl rollout status deployment/web
kubectl rollout undo deployment/web
kubectl scale deployment web --replicas=5
kubectl autoscale deployment web --min=2 --max=10 --cpu-percent=70

---

RBAC

RBAC controls who can do what in the Kubernetes cluster. It ensures only the right people/services can access the right resources. (permissions)

kubectl create sa dev-user
kubectl get sa

kubectl create role pod-reader --verb=get,list,watch --resource=pods
kubectl get roles -A

kubectl create rolebinding read-pods --role=pod-reader --serviceaccount=default:dev-user

---

Node Commands

-A node is a worker machine (Linux server or VM) where Kubernetes runs your pods. It can be a physical server, virtual machine, or cloud instance.

-A node provides CPU, memory, storage, and network needed to run your pods.

in general:

• A typical node can run 20 to 100 pods(depends on the node’s CPU, RAM, and configuration).
• A powerful production node can run up to 250–300 pods.
• Kubernetes has a default hard limit of ~110 pods per node (can be increased by config).

A Node runs your application Pods. And inside those pods are containers (your actual apps). A node also runs following Kubernetes agents that manage them.

1. kubelet → An agent communicates with the control plane
2. kube-proxy → handles networking & service routing on each node.
3. Container runtime → A software/Engine that actually runs the containers inside pods. Docker, containerd , CRI-O etc.

kubectl drain <node> --ignore-daemonsets
kubectl cordon <node>
kubectl uncordon <node>
kubectl top node
kubectl describe node <node>

---

Cluster Info

• A cluster is a group of machines (nodes) that work together to run your applications.

A cluster has two parts:

1.Master/Control Plane → makes decisions (scheduling, scaling, health checks). The control plane is the brain of the Kubernetes cluster.

2.Worker Nodes → actually run your pods/containers

kubectl cluster-info
kubectl top pod
kubectl top node
kubectl get componentstatus

How the Control Plane Works (4 Simple steps)

1.You tell Kubernetes what you want

For Example:
“Run 3 pods of my app.” You do this using:

• kubectl
• YAML files
• API calls

2.The API Server receives your request
The API Server is like the front door of the control plane.
It stores your desired state in etcd.

3.The Scheduler finds the best Node
The scheduler decides:

• Which node has enough CPU?
• Which node has memory?
• Where should each pod run?
• Then it assigns pods to the right nodes.

4.Kubelet on each node does the work
The kubelet (running on each node) says:

“Okay, I will create this pod on my node.”

It starts containers and keeps them healthy.

Controller Manager - the auto correct system of Kubernetes.
control plane component that keeps the cluster in the desired state.

It runs many small controllers (like robots) that constantly check the cluster and fix anything that goes out of place.

You ask Kubernetes:
“I want 3 pods running.”

Controller Manager keeps checking →
If 1 pod dies, it automatically creates another to make it 3 again.

---

etcd Commands

etcd is the critical database of Kubernetes internally. Not accessed directly by users.
It stores everything about the cluster. nodes, pods, configs, secrets, state, etc. in Distributed key-value store.

etcdctl get → Read data
etcdctl put → Write data
etcdctl del → Delete data
etcdctl snapshot save → Backup
etcdctl snapshot restore → Restore
etcdctl endpoint health → Check health

Cleanup Commands

kubectl delete pod --all
kubectl delete deployment --all
kubectl delete svc --all
kubectl delete cm --all
kubectl delete secret --all
kubectl delete pvc --all
kubectl delete ns dev

---

Productivity Tricks / create shortcuts instead of long commands

alias k=kubectl
alias kgp='kubectl get pods'
alias kga='kubectl get all'
alias kgn='kubectl get nodes'

kubectl apply -f .
kubectl apply -f deploy.yaml --dry-run=client -o yaml

---

Advanced Commands (SRE Level)

kubectl apply -f app.yaml --server-side --force-conflicts
kubectl diff -f app.yaml
kubectl patch namespace dev -p '{"metadata":{"finalizers":[]}}'
kubectl delete pod <pod> --grace-period=0 --force
kubectl debug node/<node-name> -it --image=busybox
kubectl get --raw /api/v1/pods
kubectl create deployment nginx --image=nginx -o yaml --dry-run=client
kubectl port-forward --address 0.0.0.0 svc/my-service 8080:80
kubectl top pod --containers
kubectl proxy
kubectl patch deployment web -p '{"spec": {"replicas": 7}}'
kubectl run diag --image=busybox --overrides '{"spec":{"nodeName":"worker-node-1"}}'
kubectl get endpoints <service>
kubectl auth can-i get pods --as=dev-user
kubectl cp file.txt pod:/tmp/
kubectl get secret my-secret -o jsonpath='{.data.password}' | base64 -d
kubectl rollout restart deployment/web
kubectl get events --sort-by=.lastTimestamp
kubectl run dns-test --image=busybox -it -- nslookup kubernetes.default

---

Full Cheat Sheet

GET:
 kubectl get pods|svc|cm|secret|deploy|pv|pvc|ns -A

DESCRIBE:
 kubectl describe <resource> <name>

CREATE:
 kubectl create deployment|cm|secret|ns|sa|role|rolebinding

EDIT:
 kubectl edit <resource> <name>

DELETE:
 kubectl delete <resource> <name/--all>

LOGS:
 kubectl logs <pod> [-f] [--previous]

EXEC:
 kubectl exec -it <pod> -- bash/sh

SCALE:
 kubectl scale deployment web --replicas=5
 kubectl autoscale deployment web

ROLLING UPDATE:
 kubectl set image
 kubectl rollout status / undo

NODES:
 kubectl drain|cordon|uncordon <node>
 kubectl top pod|node

Hope you liked this post.
Please let me know in the comments....