Overview
This card collects the kubectl commands needed to inspect, deploy, debug, and recover workloads. The full API reference is at kubectl api-resources; this page covers the 20 percent you use 80 percent of the time. For the container layer underneath, see docker-commands.
Get and describe
Read state before changing it.
| Command | What it does |
|---|---|
kubectl get pods | List pods in current namespace. |
kubectl get pods -A | List pods across all namespaces. |
kubectl get pods -n staging | List pods in staging namespace. |
kubectl get pods -o wide | Include node, IP, and age. |
kubectl get pods -l app=api | Filter by label selector. |
kubectl get all -n staging | All resources in a namespace. |
kubectl get nodes | List cluster nodes and their status. |
kubectl describe pod api-6f9d4 -n prod | Full events and conditions for one pod. |
kubectl describe node worker-1 | Node capacity, allocations, and events. |
kubectl get events --sort-by='.lastTimestamp' | Recent cluster events, newest last. |
kubectl describe is the first stop when a pod is Pending or CrashLoopBackOff; the Events section shows exactly what went wrong.
Apply, delete, and rollout
Manage resources declaratively; apply over create.
| Command | What it does |
|---|---|
kubectl apply -f deploy.yaml | Create or update resources from a file. |
kubectl apply -f ./k8s/ | Apply all manifests in a directory. |
kubectl delete -f deploy.yaml | Delete resources declared in a file. |
kubectl delete pod api-6f9d4 | Force-delete a pod; it will be recreated by the controller. |
kubectl rollout status deployment/api | Block until a rollout finishes. |
kubectl rollout history deployment/api | Show revision history. |
kubectl rollout undo deployment/api | Roll back to the previous revision. |
kubectl rollout undo deployment/api --to-revision=3 | Roll back to a specific revision. |
kubectl scale deployment api --replicas=3 | Scale a deployment. |
kubectl set image deployment/api api=myapp:v2 | Update the container image. |
Prefer kubectl apply over kubectl create; apply is idempotent and works for both create and update.
Logs and exec
Reach inside running pods to read output and run commands.
| Command | What it does |
|---|---|
kubectl logs api-6f9d4 | Print log output for a pod. |
kubectl logs -f api-6f9d4 | Stream logs. |
kubectl logs -f api-6f9d4 -c sidecar | Stream logs from a specific container in a multi-container pod. |
kubectl logs --previous api-6f9d4 | Logs from the previous (crashed) container instance. |
kubectl logs -l app=api --tail=50 | Last 50 lines across all pods matching a label. |
kubectl exec -it api-6f9d4 -- bash | Open an interactive shell inside a pod. |
kubectl exec api-6f9d4 -- env | Print environment variables. |
kubectl exec api-6f9d4 -- cat /etc/resolv.conf | Read a file without entering the pod interactively. |
kubectl cp api-6f9d4:/app/logs/err.log ./err.log | Copy a file out of a pod. |
Use kubectl logs --previous when a pod restarted before you could check it; it reads the terminated instance’s logs.
Port-forward and proxy
Access services locally without exposing them publicly.
| Command | What it does |
|---|---|
kubectl port-forward pod/api-6f9d4 8080:8080 | Forward local port 8080 to pod port 8080. |
kubectl port-forward svc/api 8080:80 | Forward through a Service. |
kubectl port-forward deployment/api 8080:8080 | Forward through a Deployment (picks a random pod). |
kubectl proxy | Start a proxy to the Kubernetes API at localhost:8001. |
kubectl port-forward svc/api 5432:5432 is the standard way to connect a local Postgres client to a cluster database.
Common selectors and resource shortnames
Save keystrokes with short names and label selectors.
| Full name | Shortname | Example |
|---|---|---|
pods | po | kubectl get po |
services | svc | kubectl get svc |
deployments | deploy | kubectl get deploy |
replicasets | rs | kubectl get rs |
configmaps | cm | kubectl get cm |
namespaces | ns | kubectl get ns |
nodes | no | kubectl get no |
persistentvolumeclaims | pvc | kubectl get pvc |
ingresses | ing | kubectl get ing |
Label selector syntax: -l key=value, -l 'key in (a,b)', -l key!=value. Field selectors: --field-selector status.phase=Running.
Common gotchas
kubectl applywithout a namespace usesdefault. Set the namespace in the manifest metadata or always pass-n.kubectl delete podon a pod managed by a Deployment deletes the pod but the controller immediately creates a replacement. Delete the Deployment to stop the recreation loop.kubectl get podshides pods in other namespaces silently. Use-Aor-n <ns>to avoid investigating the wrong namespace.kubectl execrequires the container to havebashorsh. Minimal images (distroless, scratch) do not; use an ephemeral debug container withkubectl debug.kubectl rollout undoonly rolls back one step. Store manifest history in git; use a specific--to-revisionfor predictable rollbacks.kubectl port-forwardexits silently when the pod restarts. For persistent tunnels, use a local proxy or a properIngress.