kubectl — Command Pattern, Aliases & Exam Setup¶

The Command Pattern¶

Every kubectl command follows the same structure:

kubectl <verb> <resource-type> [resource-name] [flags]

That's it. Once you know the pattern, you can construct any command without memorising each one. The verb tells Kubernetes what to do. The resource type tells it what kind of object. The name tells it which specific one.

kubectl get pod nginx
kubectl edit deployment my-app
kubectl delete serviceaccount group1-sa
kubectl describe clusterrolebinding group1-role-binding-cka

Every single kubectl command you'll ever use is a variation of this pattern.

Full Verb List¶

Not just the basics — the complete set:

Verb	What it does	Example
`get`	Retrieve and display one or more resources	`k get pods`
`describe`	Detailed human-readable info about a resource	`k describe pod nginx`
`edit`	Open a resource in your editor to modify it live	`k edit deployment my-app`
`delete`	Delete a resource	`k delete pod nginx`
`create`	Create a resource from a file or flags	`k create deployment nginx --image=nginx`
`apply`	Apply a YAML file — creates or updates	`k apply -f manifest.yaml`
`patch`	Surgically update specific fields without touching the rest	`k patch pod nginx -p '{"spec":{"containers":[{"name":"nginx","image":"nginx:1.25"}]}}'`
`run`	Create a pod directly (shortcut)	`k run nginx --image=nginx`
`exec`	Run a command inside a running container	`k exec -it nginx -- /bin/sh`
`logs`	Stream or fetch logs from a container	`k logs nginx`
`expose`	Create a Service to expose a pod/deployment	`k expose deployment nginx --port=80`
`scale`	Change the number of replicas	`k scale deployment nginx --replicas=3`
`rollout`	Manage rollouts — status, history, undo	`k rollout status deployment/nginx`
`replace`	Replace a resource by deleting and recreating it	`k replace -f updated.yaml`
`diff`	Show what would change if you applied a file	`k diff -f manifest.yaml`
`cp`	Copy files to/from a container	`k cp nginx:/etc/nginx/nginx.conf ./nginx.conf`
`port-forward`	Forward a local port to a pod port	`k port-forward pod/nginx 8080:80`
`top`	Show CPU/memory usage for pods or nodes	`k top pods`
`cordon`	Mark a node as unschedulable (no new pods)	`k cordon node01`
`uncordon`	Re-enable scheduling on a node	`k uncordon node01`
`drain`	Evict all pods from a node (for maintenance)	`k drain node01 --ignore-daemonsets`
`taint`	Add a taint to a node to repel pods	`k taint nodes node01 key=value:NoSchedule`
`label`	Add or modify labels on a resource	`k label pod nginx env=prod`
`annotate`	Add or modify annotations on a resource	`k annotate pod nginx description="web server"`
`auth`	Check permissions for a user/service account	`k auth can-i create pods --as=system:serviceaccount:default:my-sa`
`config`	Manage kubeconfig — contexts, clusters, users	`k config use-context prod`

create vs apply — the critical difference:

Command	Behaviour	When to use
`create`	Creates the resource. Fails if it already exists	First-time creation from scratch
`apply`	Creates if missing, updates if exists	Idempotent — safe to run repeatedly. Use for everything in practice
`replace`	Deletes then recreates. Destructive	When `apply` won't work (rare)

In the exam: use apply for manifest files, use create with flags for quick imperative commands.

Full Resource List (CKA-relevant)¶

Core Resources¶

Resource	Short name	What it is
`pod`	`po`	Basic unit — one or more containers
`node`	`no`	A worker machine in the cluster
`namespace`	`ns`	Logical isolation boundary
`service`	`svc`	Network endpoint for accessing pods
`endpoints`	`ep`	The actual IPs behind a Service
`configmap`	`cm`	Non-sensitive config data
`secret`		Sensitive data (base64-encoded, not encrypted by default)
`serviceaccount`	`sa`	Identity for processes running in pods
`persistentvolume`	`pv`	Cluster-wide storage resource
`persistentvolumeclaim`	`pvc`	A pod's request for storage
`event`	`ev`	Cluster events — very useful for debugging

Apps (API group: `apps`)¶

Resource	What it is
`deployment`	Manages pods with rolling updates and replicas
`replicaset`	`rs` — ensures N pod copies. Deployments manage these for you
`statefulset`	`sts` — for stateful apps — stable identities + persistent storage
`daemonset`	`ds` — one pod per node — log agents, monitoring agents
`job`	Runs to completion — one-off tasks
`cronjob`	`cj` — scheduled jobs

RBAC¶

Resource	What it is
`role`	Namespace-scoped permissions
`rolebinding`	`rb` — binds a Role to a subject within a namespace
`clusterrole`	`cr` — cluster-wide permissions
`clusterrolebinding`	`crb` — binds a ClusterRole to a subject cluster-wide

Networking¶

Resource	What it is
`ingress`	`ing` — HTTP/HTTPS routing rules
`networkpolicy`	`netpol` — firewall rules between pods

Storage¶

Resource	What it is
`storageclass`	`sc` — defines how PVs are dynamically provisioned

Get the short names: kubectl api-resources — lists every resource type with short names and API groups.

Exam Aliases — Set These First¶

These two lines are mandatory at the start of every CKA exam session. Set them before you touch anything else.

alias k=kubectl
export do="--dry-run=client -o yaml"
export now="--force --grace-period 0"

`alias k=kubectl`¶

Saves 6 characters per command. Over a 2-hour exam with hundreds of commands, that's significant. More importantly it removes the micro-friction of typing kubectl every time.

`export do="--dry-run=client -o yaml"`¶

This is the most powerful shortcut in the CKA.

k create deployment nginx --image=nginx $do

--dry-run=client — runs the command locally on your machine without sending anything to the API server. Nothing is created. The command just validates the inputs and generates the object.

-o yaml — output the result as YAML instead of the default human-readable format.

Combined: you get the full YAML for a resource without actually creating it. You can then redirect that to a file, edit it, and apply it:

k create deployment nginx --image=nginx $do > deployment.yaml
# edit deployment.yaml
k apply -f deployment.yaml

Why this matters: For complex resources (StatefulSets, PodSpecs with multiple containers, PVCs), writing YAML from scratch is slow and error-prone. Using $do to generate a base template is faster and accurate.

--dry-run=client vs --dry-run=server: - client — validated locally, no contact with API server. Fast. Doesn't catch API-level issues (e.g., a CRD that doesn't exist) - server — sends to API server for validation but doesn't persist. Catches more issues. Slower

For exam use: client is fine.

`export now="--force --grace-period 0"`¶

k delete pod nginx $now

--force — skip the normal pod termination process (which sends SIGTERM and waits).

--grace-period 0 — zero seconds grace period. Pod is killed immediately without waiting for a graceful shutdown.

Without this, deleting a pod takes 30 seconds (the default termination grace period). In an exam where every second counts, you want immediate deletion.

When NOT to use in production: --force --grace-period 0 is a hard kill. The pod gets no chance to finish in-flight requests, flush buffers, or clean up connections. Fine for the exam. Not fine for production workloads.

vim Settings for the Exam¶

Put these in your ~/.vimrc at the start of the exam:

set expandtab
set tabstop=2
set shiftwidth=2

Why this matters: Kubernetes YAML is indentation-sensitive. Two-space indentation is the standard. Tabs break YAML parsing.

Setting	What it does
`set expandtab`	When you press Tab, insert spaces instead of a tab character (`\t`)
`set tabstop=2`	Display tab characters as 2 spaces wide
`set shiftwidth=2`	When you use `>>` or `<<` to indent/dedent, shift by 2 spaces

Without expandtab, pressing Tab inserts a literal tab character. YAML parsers treat tab characters differently from spaces — the file will be invalid and kubectl apply will fail with a confusing parse error.

Quickest way to add the vimrc at exam start:

echo -e "set expandtab\nset tabstop=2\nset shiftwidth=2" >> ~/.vimrc

Common Flag Reference¶

Flag	What it does	Example
`-n <namespace>`	Target a specific namespace	`k get pods -n kube-system`
`-A` or `--all-namespaces`	Show resources across all namespaces	`k get pods -A`
`-o yaml`	Output as YAML	`k get pod nginx -o yaml`
`-o json`	Output as JSON	`k get pod nginx -o json`
`-o wide`	Extra columns (node, IP, etc.)	`k get pods -o wide`
`-o jsonpath='{...}'`	Extract specific fields	`k get pod nginx -o jsonpath='{.status.podIP}'`
`-l <label>`	Filter by label	`k get pods -l app=nginx`
`--field-selector`	Filter by field value	`k get pods --field-selector status.phase=Running`
`-f <file>`	Read from a file	`k apply -f manifest.yaml`
`--watch` or `-w`	Watch for changes in real time	`k get pods -w`
`--show-labels`	Show labels column	`k get pods --show-labels`
`-it`	Interactive TTY (for exec)	`k exec -it nginx -- /bin/bash`
`--as`	Impersonate a user (for auth can-i)	`k auth can-i get pods --as=dev-user`