Kubernetes clusters are generally administrated with kubectl, which communicates with the cluster's API Server to perform operations. It can work either imperatively, acting immediately upon commands, or statefully, where the desired state of the cluster is modified to trigger controllers which act on the actual state of the cluster.

Connecting to a cluster

kubectl allows switching between multiple Kubernetes contexts:

  • kubectl config get-contexts lists all configured contexts.
  • kubectl config use-context docker-desktop switches to the Docker Desktop context.
  • kubectl version lists client and server versions.
  • kubectl cluster-info provides high-level cluster configuration information.

Getting documentation

  • kubectl api-resources lists all resource types known to the cluster.
  • kubectl explain pod yields the description of the root of the pod resource, and can optionally recurse further into the schema with --recursive=1.
  • kubectl explain pod.spec.containers

Managing etcd

To determine the version of the running etcd cluster, first locate the pod, then exec into it to run etcd --version.

kubectl get po -n kube-system
kubectl exec \
    -it -n kube-system \
    etcd-minikube -- etcd --version

More detail on etcd in its page.

Enumerating objects

  • kubectl get all lists all objects.
  • kubectl get pod lists all pods.
  • kubectl get pod hello-world gets a specific pod. Use -o wide for more fields, or -o yaml for a full definition.
  • kubectl describe pod hello-world describes a specific pod in detail.

Launching pods

Launching bare pods is a one-time event and doesn't take advantage of any of Kubernetes's useful behaviours, but it can be useful for letting us test that the cluster is functioning correctly.

  • kubectl run nginx --image nginx:latest launches a pod named nginx running the latest tag of the nginx image.
  • kubectl port-forward pod/nginx 8080:80 forwards traffic on the client's port 8080 to the pod's port 80.
  • kubectl expose service/nginx --type LoadBalancer --name nginx creates a LoadBalancer service for the specified deployment.

Updating resources

set allows modifying individual fields.

edit opens a manifest in $EDITOR.

Creating resources

Resources can be created imperatively with create or statefully from a manifest with apply.

--dry-run prints the changes that would have been applied. --validate (true by default) validates the request against the schema before submission.

Labelling resources

Nodes and pods are commonly labelled for scheduling and matching purposes. Labels can be added like so:

kubectl label node node0 example.com/location=ldn-2

Labels can be removed by specifying the key name with a trailing dash (-):

kubectl label node node0 example.com/location-

Labels can be printed out with the kubectl get --show-labels switch.


Many events in Kubernetes generate Event objects which can be watched:

kubectl get events --watch

Note that since events are namespaced and termination of a namespace makes it read-only Events stop being logged. If you're troubleshooting termination issues, don't delete the namespace.

For application-level problems, dig into logs. -p shows logs from previous instances of the container if it was restarted, and -f follows the log:

kubectl logs -f podName [containerName]

As a last resort, get a shell to the container:

kubectl exec -it podname [-c container] -- sh

  1. Krew