kubectl Cheatsheet 2026 — Searchable Command Reference
Complete kubectl cheatsheet with 100+ commands. Searchable and filterable by category — pods, deployments, services, debugging, RBAC, and more.
| Command | Description | Example |
|---|---|---|
kubectl get pods | List all pods in current namespace | kubectl get pods -n production |
kubectl get pods -o wide | List pods with node and IP info | kubectl get pods -o wide -A |
kubectl describe pod <name> | Show pod details, events, and container state | kubectl describe pod myapp-abc123 |
kubectl logs <pod> | Print logs for a pod container | kubectl logs myapp-abc123 -c mycontainer -f |
kubectl logs --previous <pod> | Print logs from previous (crashed) container | kubectl logs --previous myapp-abc123 |
kubectl exec -it <pod> -- bash | Open interactive shell in pod | kubectl exec -it myapp-abc123 -- /bin/sh |
kubectl port-forward pod/<name> 8080:80 | Forward local port to pod port | kubectl port-forward pod/myapp-abc123 8080:8080 |
kubectl delete pod <name> | Delete pod (will restart if managed by controller) | kubectl delete pod myapp-abc123 |
kubectl top pods | Show CPU/memory usage of pods | kubectl top pods -n production --sort-by=memory |
kubectl cp <pod>:/path ./local | Copy files from pod to local | kubectl cp myapp-abc123:/app/logs ./logs |
kubectl get pods -l app=<name> | Filter pods by label selector | kubectl get pods -l app=myapp,env=prod |
kubectl get pods --watch | Watch pod status changes in real time | kubectl get pods -n production --watch |
kubectl annotate pod <name> key=val | Add or update annotation on a pod | kubectl annotate pod myapp team=backend |
kubectl label pod <name> key=val | Add or update label on a pod | kubectl label pod myapp env=staging |
kubectl get deployments | List all deployments | kubectl get deployments -A |
kubectl describe deployment <name> | Show deployment details and events | kubectl describe deployment myapp |
kubectl rollout status deployment/<name> | Watch deployment rollout progress | kubectl rollout status deployment/myapp |
kubectl rollout history deployment/<name> | View rollout history | kubectl rollout history deployment/myapp --revision=2 |
kubectl rollout undo deployment/<name> | Roll back to previous version | kubectl rollout undo deployment/myapp --to-revision=2 |
kubectl scale deployment/<name> --replicas=N | Scale deployment to N replicas | kubectl scale deployment/myapp --replicas=5 |
kubectl set image deployment/<name> <container>=<image> | Update container image | kubectl set image deployment/myapp app=myapp:v2.0 |
kubectl rollout restart deployment/<name> | Rolling restart of all pods | kubectl rollout restart deployment/myapp |
kubectl get deployment -o yaml | Export deployment YAML | kubectl get deployment myapp -o yaml > myapp.yaml |
kubectl apply -f <file> | Apply or update resources from file | kubectl apply -f deployment.yaml |
kubectl delete deployment <name> | Delete a deployment and its pods | kubectl delete deployment myapp |
kubectl get replicasets | List ReplicaSets (managed by deployments) | kubectl get rs -n production |
kubectl set resources deployment/<name> | Update resource requests/limits | kubectl set resources deployment/myapp -c=app --limits=cpu=200m,memory=512Mi |
kubectl get services | List all services | kubectl get svc -A |
kubectl describe service <name> | Show service details and endpoints | kubectl describe svc myapp |
kubectl expose deployment <name> | Create service from deployment | kubectl expose deployment myapp --port=80 --type=ClusterIP |
kubectl port-forward svc/<name> 8080:80 | Forward local port to service | kubectl port-forward svc/myapp 8080:80 |
kubectl get endpoints <name> | Show service endpoints (pod IPs) | kubectl get endpoints myapp |
kubectl get ingress | List all Ingress resources | kubectl get ingress -A |
kubectl describe ingress <name> | Show Ingress rules and backend details | kubectl describe ingress myapp-ingress |
kubectl delete svc <name> | Delete a service | kubectl delete svc myapp |
kubectl create configmap <name> --from-literal=key=val | Create ConfigMap from literal value | kubectl create configmap myconfig --from-literal=DB_HOST=localhost |
kubectl create configmap <name> --from-file=<file> | Create ConfigMap from file | kubectl create configmap myconfig --from-file=config.yaml |
kubectl get configmap <name> -o yaml | View ConfigMap contents | kubectl get configmap myconfig -o yaml |
kubectl create secret generic <name> --from-literal=key=val | Create generic secret | kubectl create secret generic mysecret --from-literal=password=secret123 |
kubectl get secret <name> -o jsonpath | Decode secret value | kubectl get secret mysecret -o jsonpath='{.data.password}' | base64 -d |
kubectl edit configmap <name> | Edit ConfigMap in-place | kubectl edit configmap myconfig -n production |
kubectl create secret tls <name> --cert --key | Create TLS secret from cert files | kubectl create secret tls mytls --cert=tls.crt --key=tls.key |
kubectl get namespaces | List all namespaces | kubectl get ns |
kubectl create namespace <name> | Create a namespace | kubectl create ns production |
kubectl config set-context --current --namespace=<ns> | Set default namespace for context | kubectl config set-context --current --namespace=production |
kubectl get all -n <ns> | List all resources in namespace | kubectl get all -n production |
kubectl delete namespace <name> | Delete namespace and all its resources | kubectl delete ns old-environment |
kubectl config get-contexts | List all kubeconfig contexts | kubectl config get-contexts |
kubectl config use-context <name> | Switch to a different cluster context | kubectl config use-context prod-cluster |
kubectl config current-context | Show the current context name | kubectl config current-context |
kubectl get events --sort-by=.lastTimestamp | List events sorted by time | kubectl get events -n production --sort-by=.lastTimestamp |
kubectl describe node <name> | Show node details, conditions, and capacity | kubectl describe node worker-node-1 |
kubectl run debug --image=busybox -it --rm | Run temporary debug container | kubectl run debug --image=nicolaka/netshoot -it --rm -- bash |
kubectl debug node/<name> -it --image=ubuntu | Debug node with privileged container | kubectl debug node/worker-1 -it --image=ubuntu |
kubectl get pods -o wide --field-selector | Filter pods by field | kubectl get pods --field-selector=status.phase=Running |
kubectl get pods --show-labels | Show pod labels | kubectl get pods -n production --show-labels |
kubectl apply --dry-run=client -f <file> | Validate manifest without applying | kubectl apply --dry-run=client -f deployment.yaml |
kubectl diff -f <file> | Show diff between file and cluster state | kubectl diff -f deployment.yaml |
kubectl logs -l app=<name> --all-containers | Get logs from all pods matching label | kubectl logs -l app=myapp --all-containers -n production |
kubectl get pods -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | Extract specific fields with JSONPath | kubectl get pods -o jsonpath='{.items[*].status.podIP}' |
kubectl auth can-i <verb> <resource> | Check if current user can perform action | kubectl auth can-i create pods -n production |
kubectl auth can-i --list | List all actions current user can perform | kubectl auth can-i --list -n production |
kubectl auth can-i --as=<user> | Check permissions as another user | kubectl auth can-i create pods --as=deploy-bot -n production |
kubectl create role <name> --verb=<v> --resource=<r> | Create a Role | kubectl create role deployer --verb=get,list,create --resource=pods |
kubectl create rolebinding <name> --role=<r> --user=<u> | Bind role to user | kubectl create rolebinding deploy-binding --role=deployer --user=ci-bot |
kubectl get clusterrolebindings -o wide | List all ClusterRoleBindings | kubectl get clusterrolebindings -o wide | grep myuser |
kubectl create serviceaccount <name> | Create a ServiceAccount | kubectl create serviceaccount deploy-bot -n production |
kubectl get roles -n <ns> | List Roles in a namespace | kubectl get roles -n production -o wide |
kubectl describe clusterrole <name> | Show ClusterRole rules in detail | kubectl describe clusterrole cluster-admin |
kubectl create clusterrolebinding <name> --clusterrole=<r> --user=<u> | Bind ClusterRole to user cluster-wide | kubectl create clusterrolebinding admin-binding --clusterrole=cluster-admin --user=admin |
kubectl get nodes | List all cluster nodes | kubectl get nodes -o wide |
kubectl top nodes | Show CPU/memory usage of nodes | kubectl top nodes --sort-by=cpu |
kubectl cordon <node> | Mark node unschedulable | kubectl cordon worker-node-1 |
kubectl drain <node> | Drain node for maintenance | kubectl drain worker-node-1 --ignore-daemonsets --delete-emptydir-data |
kubectl uncordon <node> | Re-enable scheduling on node | kubectl uncordon worker-node-1 |
kubectl version | Show client and server version | kubectl version --short |
kubectl cluster-info | Show cluster endpoint and service URLs | kubectl cluster-info dump > cluster-dump.txt |
kubectl taint nodes <node> key=val:NoSchedule | Add taint to node | kubectl taint nodes gpu-node gpu=true:NoSchedule |
kubectl label nodes <node> key=val | Add label to node | kubectl label nodes worker-1 tier=production |
kubectl get componentstatuses | Check health of cluster components | kubectl get cs |
kubectl get storageclasses | List available StorageClasses | kubectl get sc |
kubectl get pv | List PersistentVolumes cluster-wide | kubectl get pv --sort-by=.spec.capacity.storage |
Need expert Kubernetes help? Our certified K8s engineers at kubernetes.ae can review your cluster security and RBAC configuration. →
Get Expert Kubernetes Help
Talk to a certified Kubernetes expert. Free 30-minute consultation — actionable findings within days.
Talk to an Expert