Kubernetes has a rich command-line toolset, but in day-to-day work you'll reach for the same set of commands repeatedly. This article organizes the most important kubectl commands by component so you can find what you need quickly — whether you're spinning up a deployment, debugging a failing pod, or managing namespaces.
1. Cluster & Node Management
Start here when you need to understand the state of your cluster or take a node out of rotation.
kubectl cluster-info # Show cluster endpoint details
kubectl get nodes # List all nodes in the cluster
kubectl describe node <node-name> # Detailed info about a specific node
kubectl top node # Show CPU & memory usage per node
When you need to perform maintenance on a node, use the cordon/drain workflow:
kubectl cordon <node-name> # Mark node as unschedulable (no new pods)
kubectl drain <node-name> # Evict existing pods from the node
kubectl uncordon <node-name> # Restore the node to schedulable state
kubectl delete node <node-name> # Remove the node from the cluster
cordon stops new pods from being scheduled on the node. drain evicts the pods already running there. Always drain before doing node maintenance, then uncordon once it's back.
2. Pod Management
Pods are the smallest deployable unit in Kubernetes. These are the commands you'll use most often.
Creating and Inspecting Pods
kubectl run my-pod --image=nginx # Create a pod directly
kubectl get pods # List pods in the current namespace
kubectl get pods -o wide # Show pods with node placement and IP
kubectl describe pod <pod-name> # Full details: events, conditions, volumes
kubectl top pod # CPU and memory usage per pod
Debugging and Logs
kubectl logs <pod-name> # Print pod logs
kubectl logs -f <pod-name> # Stream live logs (follow mode)
kubectl exec -it <pod-name> -- /bin/sh # Open an interactive shell inside a pod
kubectl port-forward <pod-name> 8080:80 # Forward pod port 80 to localhost:8080
kubectl delete pod <pod-name> # Delete a pod (it will restart if managed by a Deployment)
kubectl describe pod is your first stop when a pod isn't behaving — look at the Events section at the bottom of the output for error messages from the scheduler and kubelet.
3. Deployment Management
Deployments manage the lifecycle of pod replicas and handle rolling updates and rollbacks.
Creating and Inspecting Deployments
kubectl create deployment my-deployment --image=nginx # Create a deployment
kubectl get deployments # List all deployments
kubectl describe deployment <deployment-name> # Show replica state and events
kubectl scale deployment my-deployment --replicas=3 # Change the number of replicas
kubectl delete deployment <deployment-name> # Delete a deployment and its pods
Updating and Rolling Back
kubectl set image deployment/my-deployment nginx=nginx:1.19 # Update the container image
kubectl rollout status deployment/my-deployment # Watch the rollout progress
kubectl rollout history deployment/my-deployment # List previous revisions
kubectl rollout undo deployment/my-deployment # Roll back to the previous revision
The rollout commands are especially useful in CI/CD pipelines. After kubectl set image, run kubectl rollout status to block until the update is complete (or fails). If something goes wrong, kubectl rollout undo reverts to the last known good state.
4. Services & Networking
Services give pods a stable network identity and expose them to other workloads or the outside world.
Creating and Inspecting Services
kubectl expose pod my-pod --type=ClusterIP --port=80 # Expose a pod internally
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 # Expose externally
kubectl get services # List all services
kubectl describe service <service-name> # Show endpoints and selectors
kubectl delete service <service-name> # Delete a service
Service types at a glance:
ClusterIP— accessible only within the cluster (default)NodePort— accessible via a port on each node's IPLoadBalancer— provisions a cloud load balancer (requires a cloud provider)
Accessing Services Locally
kubectl get svc my-service # Check service details
kubectl port-forward service/my-service 8080:80 # Forward service port to localhost
minikube service my-service # Open service URL in browser (Minikube only)
port-forward works for both pods and services and is the cleanest way to test a service from your local machine without exposing it publicly.
5. ConfigMaps & Secrets
ConfigMaps and Secrets decouple configuration data from container images. ConfigMaps hold plain text; Secrets hold base64-encoded sensitive values.
ConfigMaps
kubectl create configmap my-config --from-literal=key=value # Create from a literal value
kubectl get configmaps # List all configmaps
kubectl describe configmap my-config # Show keys and values
kubectl delete configmap my-config # Delete a configmap
You can also create a ConfigMap from a file: kubectl create configmap my-config --from-file=config.properties
Secrets
kubectl create secret generic my-secret --from-literal=password=supersecret # Create a secret
kubectl get secrets # List secrets
kubectl describe secret my-secret # Show metadata (values are hidden)
kubectl delete secret my-secret # Delete a secret
Note that kubectl describe will not reveal secret values — it shows only the key names and byte sizes. To decode a secret value: kubectl get secret my-secret -o jsonpath='{.data.password}' | base64 --decode
6. Ingress Management
Ingress resources define HTTP/HTTPS routing rules to services inside the cluster. They require an Ingress Controller (like nginx-ingress or Traefik) to be installed.
kubectl get ingress # List all ingress resources
kubectl describe ingress my-ingress # Show routing rules and backend services
kubectl delete ingress my-ingress # Delete an ingress resource
7. Namespace Management
Namespaces partition a cluster into isolated groups — useful for separating environments (dev, staging, prod) or teams.
kubectl get namespaces # List all namespaces
kubectl create namespace my-namespace # Create a namespace
kubectl delete namespace my-namespace # Delete a namespace and all its resources
kubectl get pods --namespace=my-namespace # List pods in a specific namespace
kubectl get pods --all-namespaces # List pods across all namespaces
To avoid typing --namespace repeatedly, set a default namespace for your current context:
kubectl config set-context --current --namespace=my-namespace
8. Role-Based Access Control (RBAC)
RBAC controls what actions users and service accounts can perform on cluster resources.
kubectl create role my-role --verb=get,list --resource=pods # Create a namespace-scoped role
kubectl get roles # List roles in the current namespace
kubectl describe role my-role # Show the role's rules
kubectl delete role my-role # Delete a role
To bind a role to a user or service account:
kubectl create rolebinding my-binding \
--role=my-role \
--serviceaccount=default:my-service-account
For cluster-wide roles, use kubectl create clusterrole and kubectl create clusterrolebinding with the same pattern.
9. Persistent Volumes & Storage
Persistent Volumes (PV) represent storage provisioned in the cluster. Persistent Volume Claims (PVC) are requests for storage made by pods.
kubectl get pv # List all persistent volumes (cluster-scoped)
kubectl get pvc # List all PVCs in the current namespace
kubectl describe pvc my-pvc # Show binding status and storage class
kubectl delete pvc my-pvc # Delete a PVC (may also delete the underlying PV depending on reclaim policy)
Always check the reclaim policy of a PV before deleting its PVC. If the policy is Delete, the underlying storage will be permanently removed.
10. Monitoring & Debugging
Cluster Events
kubectl get events # Recent events across the current namespace
kubectl get events --sort-by='.lastTimestamp' # Sort events by time
Events show scheduling failures, image pull errors, OOM kills, and more. They're often the fastest way to diagnose why something isn't working.
Debugging a Failing Pod
A typical debugging workflow:
# 1. Find the failing pod
kubectl get pods --all-namespaces
# 2. Check why it's not running
kubectl describe pod <pod-name>
# 3. Read the logs
kubectl logs <pod-name>
# 4. If the pod is running, open a shell to investigate
kubectl exec -it <pod-name> -- /bin/sh
# 5. If the pod keeps crashing, get logs from the previous instance
kubectl logs <pod-name> --previous
kubectl logs --previous is invaluable for crash-looping pods — it shows logs from the last terminated container, which is often where the actual error appears.
Quick Reference
| Component | Command |
|-----------|---------|
| Cluster info | kubectl cluster-info |
| List nodes | kubectl get nodes |
| List pods | kubectl get pods -o wide |
| Describe pod | kubectl describe pod <pod-name> |
| Get logs | kubectl logs <pod-name> |
| Shell into pod | kubectl exec -it <pod-name> -- /bin/sh |
| Previous crash logs | kubectl logs <pod-name> --previous |
| Create deployment | kubectl create deployment my-deployment --image=nginx |
| Scale deployment | kubectl scale deployment my-deployment --replicas=3 |
| Roll back deployment | kubectl rollout undo deployment/my-deployment |
| Expose deployment | kubectl expose deployment my-deployment --type=NodePort --port=80 |
| Port forwarding | kubectl port-forward pod/my-pod 8080:80 |
| Create namespace | kubectl create namespace my-namespace |
| List persistent volumes | kubectl get pv |
| Cluster events | kubectl get events --sort-by='.lastTimestamp' |
Bookmark this page and reach for it whenever you're working with a cluster. The more you use these commands, the more they become muscle memory — and the faster you'll be able to diagnose and fix issues when they arise.