Cheat sheet · No. IV
kubectl.
kubectl is a thin client over the API server. You declare desired state with apply; controllers reconcile reality toward it. Most debugging is reading what the controller saw.
The reference
INSPECT
get pods -o wide- With node + IP
get pods --watch- Stream changes
describe pod <p>- Events + status
logs <p> -f --tail=100- Follow tail
logs <p> -p- Previous container's logs
top pods --sort-by cpu- CPU/memory by pod
DEBUG
exec -it <p> -- sh- Shell inside container
port-forward <p> 8080:80- Local → pod port
debug <p> --image=alpine- Ephemeral sidecar
cp <p>:/path /tmp- Copy file out
APPLY
apply -f <file|dir>- Declarative apply
diff -f <file>- Preview changes
delete -f <file>- Remove what apply created
apply -k <dir>- Kustomize
ROLL
rollout status deploy/<d>- Wait for ready
rollout history deploy/<d>- Past revisions
rollout undo deploy/<d>- Roll back one
scale deploy/<d> --replicas=3- Scale
CONTEXT
config get-contexts- List clusters
config use-context <c>- Switch
config set-context --current --namespace=<ns>- Change default namespace
SHORT NAMES
podeploysvc- pods, deployments, services
nscmsec- namespace, configmap, secret
ingpvpvc- ingress, persistent volume(claim)
sastsds- service account, statefulset, daemonset
Field notes
describe before logs
describe pod surfaces events — scheduling failures, image-pull errors, OOMKills — that the application logs will never show.
Pin the namespace
Set it once with config set-context --current --namespace=x and stop typing -n on every command.
Stay declarative
apply reconciles from manifests in git; create is one-shot and imperative. Mixing the two causes drift — pick apply.
Read the previous container
logs -p shows the container that crashed. Without it you only see the fresh restart, which often looks healthy.