Kubernetes Core Cheat Sheet¶
Name origin: Kubernetes (K8s) is Greek for "helmsman" or "pilot." The 8 replaces the eight letters between K and s. Originally created at Google based on their internal Borg system (which ran production workloads since 2003), donated to the CNCF in 2015.
Extended Version
For a more comprehensive kubectl reference with jq/yq patterns, Helm commands, and observability stack debugging, see kubectl Debugging Cheatsheet.
Remember: The five kubectl verbs you use 90% of the time:
get,describe,logs,exec,apply. Mnemonic: "GDLEA" — Get the state, Describe the details, Logs for output, Exec for shell access, Apply for changes.Gotcha:
kubectl applyis declarative (merges with existing),kubectl createis imperative (fails if exists). For production, always useapply— it is idempotent.createis only useful for quick one-off resources in development.
kubectl Essentials¶
# Get resources
kubectl get pods -A # All namespaces
kubectl get pods -o wide # Show node, IP
kubectl get pods -w # Watch mode
kubectl get deploy,svc,ing -n prod # Multiple types
# Describe (events, conditions)
kubectl describe pod <name>
# Logs
kubectl logs <pod> --tail=50 -f # Stream last 50
kubectl logs <pod> -c <container> # Specific container
kubectl logs <pod> --previous # Previous crash (crucial for CrashLoopBackOff)
# Exec
kubectl exec -it <pod> -- bash
kubectl exec <pod> -- env # Quick env check
# Port-forward
kubectl port-forward svc/myapp 8080:80
# Debug
kubectl debug -it <pod> --image=busybox --target=<container>
kubectl debug node/<node> -it --image=ubuntu
# Apply / Delete
kubectl apply -f manifest.yaml
kubectl delete -f manifest.yaml
kubectl apply -k ./kustomize-dir/
# Scale
kubectl scale deploy myapp --replicas=5
Resource Lifecycle¶
Deployment → ReplicaSet → Pod → Container
| | |
Strategy Hash-based Probes:
(rolling) naming - startup
- readiness
- liveness
Probes¶
livenessProbe: # Kill container if fails
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 15
periodSeconds: 10
failureThreshold: 3
readinessProbe: # Remove from Service if fails
httpGet:
path: /ready
port: 8080
periodSeconds: 5
startupProbe: # Delay other probes until passes
httpGet:
path: /healthz
port: 8080
failureThreshold: 30
periodSeconds: 10 # 30 × 10s = 5 min to start
Resource Management¶
resources:
requests: # Scheduling guarantee
cpu: "250m" # 0.25 cores
memory: "256Mi"
limits: # Hard ceiling
cpu: "500m" # Throttled above
memory: "512Mi" # OOMKilled above
HPA¶
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: myapp
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
ConfigMap & Secret¶
# Create from literal
kubectl create configmap app-config --from-literal=ENV=prod
# Create from file
kubectl create secret generic tls --from-file=cert.pem --from-file=key.pem
# Use in pod
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: db-creds
Labels & Selectors¶
# Filter by label
kubectl get pods -l app=myapp,env=prod
# Add label
kubectl label pod mypod env=staging
# Remove label
kubectl label pod mypod env-
# Label selectors in specs
selector:
matchLabels:
app: myapp
matchExpressions:
- key: env
operator: In
values: [prod, staging]
Common Troubleshooting¶
| Symptom | Check |
|---|---|
Pending |
describe pod → Insufficient CPU/memory, no matching node |
CrashLoopBackOff |
logs --previous → App crash, wrong command, missing config |
ImagePullBackOff |
Wrong image name/tag, auth issue, registry down |
OOMKilled |
Memory limit too low, memory leak → increase limit or fix app |
Evicted |
Node disk pressure → check node disk, clean up |
0/1 Ready |
Readiness probe failing → check endpoint, probe config |
Quick Debug Flow¶
kubectl get pods # Status overview
kubectl describe pod <name> # Events + conditions
kubectl logs <pod> --tail=50 # Application logs
kubectl get events --sort-by=.lastTimestamp # Cluster events
kubectl top pods # Resource usage