Portal | Level: L1: Foundations | Topics: Kubernetes Core | Domain: Kubernetes
kubectl Drills¶
25 drills for Kubernetes CLI muscle memory. Each should take 1-3 minutes.
Difficulty: [E] Easy = single command | [I] Intermediate = flags or two commands | [H] Hard = multi-step or internal knowledge
Remember: The kubectl debugging trifecta:
get(what exists),describe(detailed state + events),logs(application output). For any pod issue, run these three in order before anything else. Mnemonic: "GDL" — Get, Describe, Logs.Gotcha:
kubectl logsshows the current container's logs. If the container has crashed and restarted, use--previousto see the logs from the last terminated container. Without--previous, you may see an empty output or the new container's startup logs — missing the actual crash reason.
Drill 1: Find the failing pod [E]¶
Question: List all pods in grokdevops namespace. Identify any that are not Ready.
training/library/runbooks/crashloopbackoff.md
Answer: answers/kubectl_answers.md
Drill 2: Get previous crash logs [E]¶
Question: A pod named grokdevops-xyz is in CrashLoopBackOff. Get the logs from the PREVIOUS container (before it crashed).
training/library/runbooks/crashloopbackoff.md
Answer: answers/kubectl_answers.md
Drill 3: Check pod events [E]¶
Question: Show the Events section for all pods in the grokdevops namespace that match the label app.kubernetes.io/name=grokdevops.
training/library/runbooks/kubernetes/readiness_probe_failed.md
Answer: answers/kubectl_answers.md
Drill 4: Find the readiness probe configuration [I]¶
Question: Extract the readiness probe config for the grokdevops deployment as formatted JSON.
training/interactive/runtime-labs/lab-runtime-01-rollout-probe-failure/
Answer: answers/kubectl_answers.md
Drill 5: Check HPA status [E]¶
Question: Show HPA details for the grokdevops namespace, including current and target CPU utilization.
training/library/runbooks/kubernetes/hpa_not_scaling.md
Answer: answers/kubectl_answers.md
Drill 6: Find the pod using the most CPU [I]¶
Question: Show CPU and memory usage for all pods in grokdevops namespace, sorted by CPU.
training/interactive/runtime-labs/lab-runtime-02-hpa-live-scaling/
Answer: answers/kubectl_answers.md
Drill 7: Check if a service has endpoints [E]¶
Question: List the endpoints for the grokdevops service. Determine if any pods are backing it.
training/library/runbooks/kubernetes/ingress_404.md
Answer: answers/kubectl_answers.md
Drill 8: Check rollout status [E]¶
Question: Check whether the grokdevops deployment rollout is complete. Set a 30-second timeout.
training/interview-scenarios/01-deployment-stuck-progressing.md
Answer: answers/kubectl_answers.md
Drill 9: View rollout history [E]¶
Question: Show the revision history of the grokdevops deployment.
training/interactive/runtime-labs/lab-runtime-05-helm-upgrade-rollback/
Answer: answers/kubectl_answers.md
Drill 10: DNS resolution test [I]¶
Question: From inside the cluster, resolve the DNS name of the grokdevops service in the grokdevops namespace.
training/library/runbooks/dns_resolution.md
Answer: answers/kubectl_answers.md
Drill 11: Check resource limits [I]¶
Question: Show the resource requests and limits for containers in the grokdevops deployment.
training/interactive/runtime-labs/lab-runtime-08-resource-limits-oom/
Answer: answers/kubectl_answers.md
Drill 12: Find OOMKilled pods [H]¶
Question: Find any pods that were terminated with reason OOMKilled in the grokdevops namespace.
training/library/runbooks/oomkilled.md
Answer: answers/kubectl_answers.md
Drill 13: Check NetworkPolicy [I]¶
Question: List all NetworkPolicies in the grokdevops namespace and show their ingress/egress rules.
training/library/runbooks/kubernetes/networkpolicy_block.md
Answer: answers/kubectl_answers.md
Drill 14: Port-forward to a pod [E]¶
Question: Forward local port 8080 to port 8000 on the grokdevops service.
Drill 15: Check image version [I]¶
Question: Show which container image (with tag) is running in the grokdevops deployment.
training/library/runbooks/kubernetes/imagepullbackoff.md
Answer: answers/kubectl_answers.md
Drill 16: View ConfigMap contents [E]¶
Question: Show the data in the ConfigMap used by the grokdevops deployment.
Answer: answers/kubectl_answers.mdDrill 17: Check ServiceMonitor [I]¶
Question: List ServiceMonitors in the monitoring namespace and show their label selectors.
training/library/runbooks/prometheus_target_down.md
Answer: answers/kubectl_answers.md
Drill 18: Scale deployment [E]¶
Question: Scale the grokdevops deployment to 3 replicas and wait for rollout completion.
Drill 19: Get pod YAML [E]¶
Question: Output the full YAML spec of a running grokdevops pod (pick the first one).
Answer: answers/kubectl_answers.mdDrill 20: Check RBAC permissions [I]¶
Question: Check if the default service account in grokdevops namespace can list pods.
training/library/runbooks/kubernetes/rbac_forbidden.md
Answer: answers/kubectl_answers.md
Drill 21: Watch events in real-time [E]¶
Question: Stream all events in the grokdevops namespace, showing new events as they happen.
Drill 22: Get container restart count [H]¶
Question: Show restart counts for all containers in all pods in grokdevops namespace.
Drill 23: Check ingress rules [I]¶
Question: List all Ingress resources in the grokdevops namespace and show their routing rules.
training/library/runbooks/kubernetes/ingress_404.md
Answer: answers/kubectl_answers.md
Drill 24: Exec into a pod [E]¶
Question: Open an interactive shell inside a running grokdevops pod.
Answer: answers/kubectl_answers.mdDrill 25: Compare desired vs live state [H]¶
Question: Show the diff between the last-applied configuration and the live state of the grokdevops deployment.
Relevant lab:training/interactive/runtime-labs/lab-runtime-07-gitops-sync-and-drift/
Answer: answers/kubectl_answers.md
Wiki Navigation¶
Prerequisites¶
- Kubernetes Exercises (Quest Ladder) (CLI) (Exercise Set, L1)
Related Content¶
- Adversarial Interview Gauntlet (30 sequences) (Scenario, L2) — Kubernetes Core
- Case Study: Alert Storm — Flapping Health Checks (Case Study, L2) — Kubernetes Core
- Case Study: Canary Deploy Routing to Wrong Backend — Ingress Misconfigured (Case Study, L2) — Kubernetes Core
- Case Study: CrashLoopBackOff No Logs (Case Study, L1) — Kubernetes Core
- Case Study: DNS Looks Broken — TLS Expired, Fix Is Cert-Manager (Case Study, L2) — Kubernetes Core
- Case Study: DaemonSet Blocks Eviction (Case Study, L2) — Kubernetes Core
- Case Study: Deployment Stuck — ImagePull Auth Failure, Vault Secret Rotation (Case Study, L2) — Kubernetes Core
- Case Study: Drain Blocked by PDB (Case Study, L2) — Kubernetes Core
- Case Study: HPA Flapping — Metrics Server Clock Skew, Fix Is NTP (Case Study, L2) — Kubernetes Core
- Case Study: ImagePullBackOff Registry Auth (Case Study, L1) — Kubernetes Core