The Complete kubectl Cheatsheet 2026 — Every Command You Need
The definitive kubectl cheatsheet for 2026: every command for pods, deployments, services, RBAC, debugging, and cluster management — all in one place.
kubectl mastery is the difference between spending 10 minutes debugging a pod crash and spending 2 hours on it. This cheatsheet covers every command you’ll need in day-to-day Kubernetes operations — organized by task, with flags that actually matter.
Bookmark this page. Operators who know these commands cold resolve incidents 3-5x faster than those who don’t.
How to Read This Guide
Commands are shown with the most common flags. Replace angle-bracketed values (<name>, <namespace>) with your actual resource names. All commands assume kubectl is configured to point at the right cluster context — run kubectl config current-context to verify.
Pod Commands
Getting pod information is the most frequent operation in Kubernetes debugging:
# List pods in current namespace
kubectl get pods
# List pods across all namespaces
kubectl get pods -A
# List pods with node placement and IP
kubectl get pods -o wide
# Watch pod status in real time
kubectl get pods -w
# Show detailed pod events and state
kubectl describe pod <pod-name>
# Describe a pod in a specific namespace
kubectl describe pod <pod-name> -n <namespace>
Streaming and reading logs — critical for application debugging:
# Tail logs for a pod
kubectl logs <pod-name>
# Follow (stream) logs in real time
kubectl logs -f <pod-name>
# Last 100 lines only
kubectl logs --tail=100 <pod-name>
# Logs from a specific container in a multi-container pod
kubectl logs <pod-name> -c <container-name>
# Logs from a previous crashed container
kubectl logs <pod-name> --previous
# Logs from all pods with a label selector
kubectl logs -l app=my-app --all-containers
Exec into a running container for live debugging:
# Interactive shell in a running pod
kubectl exec -it <pod-name> -- /bin/bash
# Run a single command without interactive shell
kubectl exec <pod-name> -- env
# Exec into a specific container
kubectl exec -it <pod-name> -c <container-name> -- /bin/sh
Port forwarding for local access to cluster services:
# Forward local port 8080 to pod port 80
kubectl port-forward pod/<pod-name> 8080:80
# Forward to a service instead
kubectl port-forward svc/<service-name> 8080:80
# Background port forward (add & or use tmux)
kubectl port-forward pod/<pod-name> 8080:80 &
Copy files to/from pods:
# Copy from pod to local
kubectl cp <pod-name>:/app/config.yaml ./config.yaml
# Copy from local to pod
kubectl cp ./config.yaml <pod-name>:/app/config.yaml
# Copy with specific container
kubectl cp <pod-name>:/app/logs -c <container> ./logs/
Resource usage — requires metrics-server installed:
# CPU and memory usage for all pods
kubectl top pods
# Top pods sorted by CPU
kubectl top pods --sort-by=cpu
# Top pods in a specific namespace
kubectl top pods -n <namespace>
Deployment Commands
Managing deployments is where most cluster operations live:
# List all deployments
kubectl get deployments
# Detailed deployment info
kubectl describe deployment <name>
# Watch rollout status (use this after any deploy)
kubectl rollout status deployment/<name>
# View rollout history
kubectl rollout history deployment/<name>
# View a specific revision
kubectl rollout history deployment/<name> --revision=3
Rollback deployments — the fastest recovery tool you have:
# Undo last rollout
kubectl rollout undo deployment/<name>
# Roll back to a specific revision
kubectl rollout undo deployment/<name> --to-revision=2
Scaling and updating:
# Scale replicas
kubectl scale deployment <name> --replicas=5
# Update a container image
kubectl set image deployment/<name> <container>=<image>:<tag>
# Force a rolling restart (no config change needed)
kubectl rollout restart deployment/<name>
# Pause a rollout (useful for staged deploys)
kubectl rollout pause deployment/<name>
# Resume a paused rollout
kubectl rollout resume deployment/<name>
Service Commands
Kubernetes services control how your workloads are exposed:
# List services
kubectl get services
kubectl get svc # short form
# Service details with endpoints
kubectl describe svc <name>
# Expose a deployment as a ClusterIP service
kubectl expose deployment <name> --port=80 --target-port=8080
# Expose as a NodePort service
kubectl expose deployment <name> --type=NodePort --port=80
# Port forward to a service for local access
kubectl port-forward svc/<name> 8080:80
ConfigMap & Secret Commands
ConfigMaps and Secrets are how Kubernetes manages configuration:
# Create ConfigMap from literal values
kubectl create configmap my-config --from-literal=key1=value1 --from-literal=key2=value2
# Create ConfigMap from a file
kubectl create configmap my-config --from-file=config.properties
# Create ConfigMap from a directory
kubectl create configmap my-config --from-file=./config-dir/
# Get and describe ConfigMaps
kubectl get configmap <name>
kubectl describe configmap <name>
# View ConfigMap data as YAML
kubectl get configmap <name> -o yaml
Secrets management:
# Create a generic secret
kubectl create secret generic my-secret --from-literal=password=s3cr3t
# Create a TLS secret from cert files
kubectl create secret tls my-tls-secret --cert=tls.crt --key=tls.key
# Create Docker registry secret
kubectl create secret docker-registry regcred \
--docker-server=registry.example.com \
--docker-username=user \
--docker-password=pass
# List and view secrets
kubectl get secrets
kubectl describe secret <name>
# Base64 decode a secret value (useful for debugging)
kubectl get secret <name> -o jsonpath='{.data.password}' | base64 --decode
Namespace Commands
Namespace management is essential for multi-team clusters:
# List all namespaces
kubectl get namespaces
kubectl get ns # short form
# Create a namespace
kubectl create namespace <name>
# Set default namespace for your current context
kubectl config set-context --current --namespace=<name>
# Run any command against all namespaces
kubectl get pods -A
kubectl get pods --all-namespaces # long form
# Delete a namespace (WARNING: deletes all resources inside)
kubectl delete namespace <name>
Debugging Commands
Kubernetes debugging requires a specific toolkit. These are the commands that matter most in incidents:
# Show cluster events sorted by time (best first step in any incident)
kubectl get events --sort-by='.lastTimestamp'
# Events for a specific namespace
kubectl get events -n <namespace> --sort-by='.lastTimestamp'
# Filter events for a specific resource
kubectl get events --field-selector involvedObject.name=<pod-name>
# Get all resource details for a failing pod
kubectl describe pod <pod-name> | grep -A 20 Events
# List pods with non-Running status quickly
kubectl get pods -A --field-selector=status.phase!=Running
Ephemeral debug containers — introduced in K8s 1.23, now stable:
# Attach a debug container to a running pod (great for distroless images)
kubectl debug -it <pod-name> --image=busybox --target=<container-name>
# Create a copy of a pod with debug tools added
kubectl debug <pod-name> -it --copy-to=debug-pod --image=nicolaka/netshoot
# Debug a node by running a privileged pod on it
kubectl debug node/<node-name> -it --image=busybox
Checking resource availability:
# See pending pods and why they're pending
kubectl describe pod <pending-pod> | grep -A 10 Events
# Check resource requests vs node capacity
kubectl describe nodes | grep -A 5 "Allocated resources"
# Get pods with their resource requests
kubectl get pods -o custom-columns='NAME:.metadata.name,CPU:.spec.containers[0].resources.requests.cpu,MEM:.spec.containers[0].resources.requests.memory'
RBAC Commands
Role-Based Access Control governs who can do what in your cluster:
# Check if current user can perform an action
kubectl auth can-i get pods
kubectl auth can-i create deployments -n production
# Check what a specific ServiceAccount can do
kubectl auth can-i --list --as=system:serviceaccount:<namespace>:<sa-name>
# Check all permissions in a namespace
kubectl auth can-i --list -n <namespace>
# Create a Role (namespace-scoped)
kubectl create role pod-reader --verb=get,list,watch --resource=pods -n <namespace>
# Create a ClusterRole (cluster-scoped)
kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
# Create a RoleBinding
kubectl create rolebinding read-pods \
--role=pod-reader \
--serviceaccount=<namespace>:<sa-name> \
-n <namespace>
# Create a ClusterRoleBinding
kubectl create clusterrolebinding read-pods-global \
--clusterrole=pod-reader \
--serviceaccount=<namespace>:<sa-name>
# Describe a role to see its rules
kubectl describe role <role-name> -n <namespace>
# List all RoleBindings in a namespace
kubectl get rolebindings -n <namespace> -o wide
Node & Cluster Commands
Node management commands for cluster administrators:
# List nodes with status and roles
kubectl get nodes
# List nodes with detailed info (OS, kernel, container runtime)
kubectl get nodes -o wide
# Node resource usage (requires metrics-server)
kubectl top nodes
# Detailed node info including taints and conditions
kubectl describe node <node-name>
# Mark a node as unschedulable (no new pods will be placed)
kubectl cordon <node-name>
# Drain a node (evict pods, then cordon) — for maintenance
kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data
# Mark node schedulable again after maintenance
kubectl uncordon <node-name>
# Taint a node (prevent scheduling unless pod has matching toleration)
kubectl taint nodes <node-name> key=value:NoSchedule
# Remove a taint
kubectl taint nodes <node-name> key=value:NoSchedule-
Cluster-level information:
# Check kubectl and cluster versions
kubectl version
# Cluster endpoint and service info
kubectl cluster-info
# Dump cluster state (useful before migrations)
kubectl cluster-info dump > cluster-dump.txt
# List all API resources available in the cluster
kubectl api-resources
# Explain a resource's spec (great for learning fields)
kubectl explain pod.spec.containers
kubectl explain deployment.spec.strategy
Power User Tips
Output formats that matter:
# YAML output (use for editing and applying)
kubectl get pod <name> -o yaml
# JSON output (use with jq for scripting)
kubectl get pods -o json | jq '.items[].metadata.name'
# Custom columns
kubectl get pods -o custom-columns='NAME:.metadata.name,STATUS:.status.phase'
# JSONPath for specific fields
kubectl get pod <name> -o jsonpath='{.status.podIP}'
# Wide output (more columns)
kubectl get pods -o wide
Context and config management:
# List all configured contexts
kubectl config get-contexts
# Switch context
kubectl config use-context <context-name>
# View current context
kubectl config current-context
# Merge kubeconfig files
KUBECONFIG=~/.kube/config:~/new-cluster.yaml kubectl config view --flatten > ~/.kube/merged-config
What’s Next
This cheatsheet covers the commands. But knowing when to use each one — and building muscle memory around incident response patterns — takes practice in real clusters.
Use our interactive kubectl cheatsheet tool for a searchable, filterable version you can use directly in your browser without switching tabs.
For deeper Kubernetes operations support, explore our Managed Kubernetes Operations service at kubernetes.ae — we run clusters so your team can ship features.
Get Expert Kubernetes Help
Talk to a certified Kubernetes expert. Free 30-minute consultation — actionable findings within days.
Talk to an Expert