kubectl Commands - Comprehensive Study Guide

category: Kubernetes Certification tags: cka, kubernetes, exam, kubectl, certification

WHY kubectl Matters (Conceptual Foundation)

The Control Plane Interface

kubectl is your primary interface to the Kubernetes API server. Understanding this conceptually is crucial:

• kubectl is NOT Kubernetes - it's a client that sends HTTP requests to the API server
• Everything is an API call - every kubectl command translates to REST API calls
• Declarative vs Imperative - kubectl supports both paradigms, critical for exam efficiency
• State reconciliation - kubectl commands trigger the control plane's reconciliation loops

Exam Context: Why kubectl Mastery is Critical

• 60% of exam tasks require kubectl proficiency
• Time pressure - knowing the right flags saves precious minutes
• No autocomplete - you must memorize syntax
• Debugging skills - kubectl is your primary troubleshooting tool

---

Core Architectural Understanding

How kubectl Works

kubectl get pods
# Translates to: GET /api/v1/namespaces/default/pods
# Flow: kubectl → kube-apiserver → etcd → response back

Key Concept: kubectl doesn't "do" anything - it's a sophisticated HTTP client that formats API requests.

Command Structure Pattern

kubectl [COMMAND] [TYPE] [NAME] [FLAGS]
#       ↓       ↓     ↓      ↓
#    action  resource name  options

---

Essential Command Categories

1. Resource Management (CRUD Operations)

Creating Resources

# Imperative creation (exam-friendly for speed)
kubectl create deployment nginx --image=nginx
kubectl create service clusterip my-svc --tcp=80:80
kubectl create configmap app-config --from-literal=key1=value1

# Declarative creation (production-friendly)
kubectl apply -f deployment.yaml
kubectl apply -f . # Apply all YAML files in directory
kubectl apply -k . # Kustomize application

Gotcha: create fails if resource exists, apply updates it. Use apply for idempotency.

Reading Resources

# Basic listing
kubectl get pods
kubectl get pods -o wide # More details
kubectl get pods -o yaml # Full YAML output
kubectl get pods -o json | jq '.items[0].metadata.name' # JSON with parsing

# Filtering and selection
kubectl get pods --selector=app=nginx
kubectl get pods -l app=nginx,version=v1
kubectl get pods --field-selector=status.phase=Running
kubectl get pods --show-labels

# Cross-namespace operations
kubectl get pods --all-namespaces
kubectl get pods -A # Shorthand for all namespaces

Pro Tip: Learn output formats (-o): wide, yaml, json, jsonpath, custom-columns

Updating Resources

# Direct edits (opens default editor)
kubectl edit deployment nginx

# Patch operations
kubectl patch deployment nginx -p '{"spec":{"replicas":3}}'
kubectl patch pod nginx --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"nginx:1.20"}]'

# Scaling
kubectl scale deployment nginx --replicas=5
kubectl scale --replicas=3 -f deployment.yaml

Deleting Resources

# Single resource
kubectl delete pod nginx
kubectl delete deployment nginx --cascade=foreground # Wait for dependent resources

# Multiple resources
kubectl delete pods,services -l app=nginx
kubectl delete -f deployment.yaml
kubectl delete all -l app=nginx # Deletes most resource types

# Force deletion (use carefully)
kubectl delete pod nginx --force --grace-period=0

Gotcha: --cascade=orphan leaves dependent resources running (useful for Pod disruption testing).

2. Inspection and Debugging

Detailed Resource Information

# Describe (human-readable, includes events)
kubectl describe pod nginx
kubectl describe node worker-1

# Logs
kubectl logs nginx
kubectl logs nginx -c container-name # Multi-container pods
kubectl logs nginx --previous # Previous container instance
kubectl logs -f nginx # Follow logs real-time
kubectl logs nginx --since=1h # Time-based filtering

Interactive Debugging

# Execute commands in pods
kubectl exec nginx -- ls /usr/share/nginx/html
kubectl exec -it nginx -- /bin/bash

# Port forwarding for local access
kubectl port-forward pod/nginx 8080:80
kubectl port-forward service/nginx 8080:80

# File operations
kubectl cp nginx:/etc/nginx/nginx.conf ./nginx.conf
kubectl cp ./app.jar nginx:/app/

3. Cluster Information and Context

Context Management

# View contexts
kubectl config get-contexts
kubectl config current-context

# Switch contexts
kubectl config use-context production-cluster

# Namespace operations
kubectl config set-context --current --namespace=kube-system
kubectl get pods # Now defaults to kube-system namespace

Cluster inspection

# Cluster information
kubectl cluster-info
kubectl cluster-info dump # Comprehensive cluster state

# API resources
kubectl api-resources # List all available resource types
kubectl api-versions # List API versions
kubectl explain pod.spec.containers # API documentation

---

Advanced kubectl Patterns

1. JSONPath and Custom Columns

# Extract specific fields
kubectl get pods -o jsonpath='{.items[*].metadata.name}'
kubectl get pods -o jsonpath='{.items[*].status.podIP}'

# Custom columns (table format)
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,IP:.status.podIP

# Sorting
kubectl get pods --sort-by=.metadata.creationTimestamp
kubectl get pods --sort-by=.status.startTime

2. Resource Generators (Exam Gold)

# Generate YAML without creating
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > deployment.yaml

# Create and save simultaneously
kubectl create service clusterip my-svc --tcp=80:80 --dry-run=client -o yaml | kubectl apply -f -

# Complex resource generation
kubectl create cronjob hello --image=busybox --schedule="*/1 * * * *" -- echo hello

3. Bulk Operations

# Apply labels to multiple resources
kubectl label pods -l app=nginx version=v1

# Remove labels
kubectl label pods nginx version-

# Annotations
kubectl annotate pods nginx description="Web server pod"

---

Critical Exam Strategies

1. Time-Saving Aliases and Shortcuts

# Essential aliases to memorize
alias k=kubectl
alias kaf='kubectl apply -f'
alias kdel='kubectl delete'
alias kdes='kubectl describe'
alias kex='kubectl exec -it'
alias klog='kubectl logs'

# Use -o yaml --dry-run=client religiously
k create deploy nginx --image=nginx -o yaml --dry-run=client

2. Imperative vs Declarative Decision Matrix

Use Imperative when: - Creating simple resources quickly - Generating YAML templates - One-off debugging tasks - Time pressure in exam

Use Declarative when: - Complex multi-resource applications - Need version control - Production environments - Updating existing resources

3. Common Exam Gotchas

Namespace Awareness

# Always specify namespace or set context
kubectl get pods -n kube-system
kubectl config set-context --current --namespace=target-ns

Resource Naming Conventions

# Use consistent, predictable naming
kubectl create deployment web-app --image=nginx
kubectl expose deployment web-app --port=80 --target-port=8080

Validation and Testing

# Always validate your work
kubectl get all -l app=your-app
kubectl describe pod pod-name # Check events section
kubectl logs pod-name # Verify application startup

---

Troubleshooting Patterns

1. Pod Issues

# Pod won't start
kubectl describe pod problem-pod # Check events
kubectl logs problem-pod --previous # Previous instance logs

# Resource constraints
kubectl top pods # Requires metrics-server
kubectl describe node # Check allocatable resources

2. Service Discovery

# Test service connectivity
kubectl run test-pod --image=busybox -it --rm -- nslookup service-name
kubectl run test-pod --image=nginx:alpine -it --rm -- wget -qO- service-name

3. Network Debugging

# Pod-to-pod communication
kubectl exec pod1 -- ping pod2-ip
kubectl exec pod1 -- nc -zv service-name port

# DNS resolution
kubectl exec pod1 -- nslookup kubernetes.default.svc.cluster.local

---

Performance and Efficiency

1. Resource Queries

# Efficient filtering
kubectl get pods --field-selector=status.phase!=Running
kubectl get events --sort-by='.lastTimestamp'

# Resource usage
kubectl top pods --sort-by=cpu
kubectl top pods --sort-by=memory

2. Batch Operations

# Process multiple files
kubectl apply -f ./manifests/
kubectl delete -f ./manifests/ --ignore-not-found=true

# Label-based operations
kubectl delete pods -l app=old-version
kubectl rollout restart deployment -l tier=frontend

---

Security Considerations

1. RBAC Awareness

# Check permissions
kubectl auth can-i create pods
kubectl auth can-i create pods --as=system:serviceaccount:default:my-sa

# Impersonation for testing
kubectl get pods --as=user1
kubectl get pods --as=system:serviceaccount:namespace:sa-name

2. Secure Practices

# Use specific namespaces
kubectl apply -f deployment.yaml -n production

# Avoid --force unless necessary
kubectl delete pod stuck-pod --force --grace-period=0 # Last resort only

---

Conceptual Mastery Checklist

✅ Understand kubectl as an API client, not the cluster itself ✅ Know when to use imperative vs declarative approaches ✅ Master resource lifecycle: create → apply → patch → delete ✅ Internalize JSONPath for complex data extraction ✅ Practice troubleshooting workflows with describe/logs/exec ✅ Memorize time-saving flags and output formats ✅ Understand kubectl's role in the broader Kubernetes ecosystem

---

This depth of kubectl mastery provides the foundation for all other Kubernetes operations. Every advanced topic builds upon these fundamental command patterns.