CKA Top 30 Commands — With Context¶
Exam Setup (run first, every time)¶
1. Context & Namespace¶
The exam has multiple clusters. If you run commands in the wrong context you'll waste time or corrupt another task. Set this before touching anything.
# 1 - What clusters exist and which am I on right now?
k config get-contexts
# 2 - Switch to the cluster this task needs
k config use-context <context-name>
# 3 - Set a default namespace so you don't have to type -n on every command
k config set-context --current --namespace=<namespace>
# 4 - Quick check: confirm which context I'm on
k config current-context
2. Get / Inspect¶
Before you do anything, you need to see what's already there. These are your eyes.
# 5 - What nodes exist in this cluster?
k get nodes
# 6 - All pods across every namespace — find what's running and where
k get pods -A
# 7 - Pods with node name and IP — needed when a task involves scheduling or networking
k get pods -o wide
# 8 - Everything in a namespace (pods, services, deployments, etc.)
k get all -n <namespace>
# 9 - Full details on a pod: status, events, mounts, image, restarts
# Use this when a pod is not starting or you need to verify config
k describe pod <pod-name>
# 10 - See the full live YAML of a running resource
# Use this to copy an existing config or check what's actually applied
k get pod <pod-name> -o yaml
# 11 - Events sorted by time — first place to look when something is broken
k get events --sort-by=.metadata.creationTimestamp -n <namespace>
3. Scaffold YAML (dry-run)¶
You should never write a YAML from scratch. Use kubectl to generate the skeleton, then edit only what the task needs. Every command below outputs a valid YAML file without creating anything.
# 12 - Generate a Pod YAML
k run nginx --image=nginx $do > pod.yaml
# 13 - Generate a Pod YAML with labels (needed when a Service needs to select it)
k run nginx --image=nginx --labels="app=web" $do > pod.yaml
# 14 - Generate a Deployment YAML
k create deployment nginx --image=nginx --replicas=3 $do > dep.yaml
# 15 - Generate a ServiceAccount YAML
k create serviceaccount sa-name $do > sa.yaml
# 16 - Generate a ConfigMap from a literal key=value
k create configmap cm-name --from-literal=key=value $do > cm.yaml
# 17 - Generate a Secret
k create secret generic sec-name --from-literal=password=123 $do > sec.yaml
# 18 - Generate a Role (namespace-scoped permissions)
k create role role-name --verb=get,list,watch --resource=pods $do > role.yaml
# 19 - Generate a RoleBinding (attach a Role to a ServiceAccount)
k create rolebinding rb-name --role=role-name --serviceaccount=<ns>:<sa-name> $do > rb.yaml
# 20 - Generate a ClusterRole (cluster-wide permissions)
k create clusterrole cr-name --verb=get,list --resource=pods $do > cr.yaml
# 21 - Generate a ClusterRoleBinding
k create clusterrolebinding crb-name --clusterrole=cr-name --serviceaccount=<ns>:<sa-name> $do > crb.yaml
4. Apply / Delete¶
Once your YAML is ready, apply it. If a pod is stuck or you need a clean restart, delete it fast with $now (skips the 30s graceful shutdown wait).
# 22 - Create or update a resource from a file
k apply -f file.yaml
# 23 - Delete a pod immediately, no waiting
k delete pod <pod-name> $now
# 24 - Delete everything defined in a file
k delete -f file.yaml
5. Debug¶
Pod is running but something is wrong. These three commands cover 90% of debugging scenarios: what happened (logs), what's the config (describe), can I get inside (exec).
# 25 - Pod logs — what did the app print/error?
# Use when a pod is CrashLoopBackOff or behaving unexpectedly
k logs <pod-name>
# 26 - Logs from a specific container — use when the pod has multiple containers
# (e.g. init container ran, main container failed)
k logs <pod-name> -c <container-name>
# 27 - Get a shell inside a running container
# Use to check env vars, DNS, file mounts, network connectivity
k exec -it <pod-name> -- /bin/sh
6. Node Management¶
Needed for drain/upgrade tasks. You always check nodes first, then cordon to stop new pods landing on it, drain to evict existing pods, do your work, then uncordon to bring it back.
# 28 - Cordon: mark a node unschedulable (new pods won't land here)
# Does NOT evict existing pods
k cordon <node-name>
# 29 - Drain: evict all pods from the node safely before maintenance
# --ignore-daemonsets: daemonset pods can't be evicted, so skip them
# --delete-emptydir-data: pods using emptyDir will lose that data, force allow it
k drain <node-name> --ignore-daemonsets --delete-emptydir-data
# 30 - Uncordon: mark the node schedulable again after maintenance
k uncordon <node-name>
Cheat Reference¶
| Situation | Command |
|---|---|
| Wrong cluster | k config use-context <n> |
| Wrong namespace | k config set-context --current --namespace=<ns> |
| What's running? | k get pods -A or k get all -n <ns> |
| Pod not starting | k describe pod <n> + k get events --sort-by=... |
| App broken inside pod | k logs <n> + k exec -it <n> -- sh |
| Scaffold any resource | k create <type> <n> $do > file.yaml |
| Kill pod fast | k delete pod <n> $now |
| Node maintenance | cordon → drain → work → uncordon |