Kubernetes and OpenShift Quick Reference and Cheat Sheets
Essential kubectl Commands
cluster-info # Display cluster info
version # Show client and server versions
get nodes # List all nodes
get nodes -o wide # List nodes with more details
describe node <node-name> # Detailed node information
top nodes # Show node resource usage
Working with Pods
# List pods
get pods # Pods in current namespace
get pods -A # All namespaces
get pods -n <namespace> # Specific namespace
get pods -o wide # More details (node, IP)
get pods --show-labels # Show labels
get pods -l app = nginx # Filter by label
# Describe and logs
describe pod <pod-name> # Detailed pod info
logs <pod-name> # View logs
logs <pod-name> -f # Follow logs
logs <pod-name> --previous # Previous container logs
logs <pod-name> -c <container> # Specific container
# Execute commands
exec <pod-name> -- <command> # Run command
exec -it <pod-name> -- bash # Interactive shell
# Port forwarding
port-forward <pod-name> 8080 :80
# Copy files
cp <pod-name>:/path/file ./local-file
cp ./local-file <pod-name>:/path/file
# Delete pods
delete pod <pod-name>
delete pods --all
delete pods -l app = nginx
Deployments
# Create deployment
create deployment nginx --image= nginx:1.21
create deployment nginx --image= nginx:1.21 --replicas= 3
# List deployments
get deployments
get deploy -o wide
# Scale deployment
scale deployment nginx --replicas= 5
# Update image
set image deployment/nginx nginx = nginx:1.22
# Rollout management
rollout status deployment/nginx
rollout history deployment/nginx
rollout undo deployment/nginx
rollout restart deployment/nginx
# Edit deployment
edit deployment nginx
# Delete deployment
delete deployment nginx
Services
# Create service
expose deployment nginx --port= 80 --type= LoadBalancer
create service clusterip nginx --tcp= 80 :80
# List services
get services
get svc -o wide
# Describe service
describe svc nginx
# Delete service
delete svc nginx
ConfigMaps and Secrets
# ConfigMaps
create configmap app-config --from-literal= key = value
create configmap app-config --from-file= config.properties
get configmaps
describe configmap app-config
delete configmap app-config
# Secrets
create secret generic db-secret --from-literal= password = secret123
create secret docker-registry regcred --docker-server= docker.io --docker-username= user --docker-password= pass
get secrets
describe secret db-secret
delete secret db-secret
Namespaces
get namespaces
create namespace dev
delete namespace dev
config set-context --current --namespace= dev
Resource Management
# Set resources
set resources deployment nginx --limits= cpu = 500m,memory= 512Mi --requests= cpu = 250m,memory= 256Mi
# Autoscaling
autoscale deployment nginx --min= 2 --max= 10 --cpu-percent= 70
get hpa
# Resource quotas
create quota compute-quota --hard= cpu = 10 ,memory= 20Gi,pods= 50
get resourcequota
Debugging
# Events
get events
get events --sort-by= .metadata.creationTimestamp
get events -w
# Debug pod
run debug --rm -it --image= busybox -- sh
debug <pod-name> -it --image= busybox
# Resource usage
top pods
top nodes
top pods --sort-by= memory
Apply and Delete
apply -f deployment.yaml
apply -f directory/
apply -f https://example.com/deployment.yaml
delete -f deployment.yaml
delete all --all
OpenShift (oc) Commands
Basic Commands
login https://api.cluster.example.com:6443
whoami
status
projects
project myapp
new-project myapp
Application Management
# Create app
new-app nodejs:16~https://github.com/myorg/myapp.git
new-app --docker-image= nginx:latest
# Expose service
expose service myapp
# Build operations
start-build myapp
logs -f bc/myapp
get builds
# Routes
get routes
create route edge myapp --service= myapp
Security
# SCC management
get scc
adm policy add-scc-to-user anyuid -z myapp-sa
describe pod myapp | grep scc
# RBAC
adm policy add-role-to-user admin user1 -n myapp
adm policy add-cluster-role-to-user cluster-admin user1
YAML Templates
Pod
apiVersion : v1
kind : Pod
metadata :
name : myapp
labels :
app : myapp
spec :
containers :
- name : myapp
image : myapp:1.0
ports :
- containerPort : 8080
env :
- name : ENV_VAR
value : "value"
resources :
requests :
memory : "256Mi"
cpu : "250m"
limits :
memory : "512Mi"
cpu : "500m"
livenessProbe :
httpGet :
path : /health
port : 8080
initialDelaySeconds : 30
periodSeconds : 10
readinessProbe :
httpGet :
path : /ready
port : 8080
initialDelaySeconds : 5
periodSeconds : 5
Deployment
apiVersion : apps/v1
kind : Deployment
metadata :
name : myapp
spec :
replicas : 3
selector :
matchLabels :
app : myapp
template :
metadata :
labels :
app : myapp
spec :
containers :
- name : myapp
image : myapp:1.0
ports :
- containerPort : 8080
Service
apiVersion : v1
kind : Service
metadata :
name : myapp-service
spec :
selector :
app : myapp
ports :
- protocol : TCP
port : 80
targetPort : 8080
type : LoadBalancer
ConfigMap
apiVersion : v1
kind : ConfigMap
metadata :
name : app-config
data :
database_url : "postgres://db:5432"
log_level : "info"
Secret
apiVersion : v1
kind : Secret
metadata :
name : db-secret
type : Opaque
stringData :
username : admin
password : secret123
Ingress
apiVersion : networking.k8s.io/v1
kind : Ingress
metadata :
name : myapp-ingress
annotations :
nginx.ingress.kubernetes.io/rewrite-target : /
spec :
ingressClassName : nginx
rules :
- host : myapp.example.com
http :
paths :
- path : /
pathType : Prefix
backend :
service :
name : myapp-service
port :
number : 80
PersistentVolumeClaim
apiVersion : v1
kind : PersistentVolumeClaim
metadata :
name : myapp-pvc
spec :
accessModes :
- ReadWriteOnce
resources :
requests :
storage : 10Gi
storageClassName : standard
HorizontalPodAutoscaler
apiVersion : autoscaling/v2
kind : HorizontalPodAutoscaler
metadata :
name : myapp-hpa
spec :
scaleTargetRef :
apiVersion : apps/v1
kind : Deployment
name : myapp
minReplicas : 2
maxReplicas : 10
metrics :
- type : Resource
resource :
name : cpu
target :
type : Utilization
averageUtilization : 70
Common Troubleshooting Scenarios
Pod Won't Start
# Check status
get pods
describe pod <pod-name>
# Common issues:
# - ImagePullBackOff: Check image name, registry credentials
# - CrashLoopBackOff: Check logs, application errors
# - Pending: Check resources, node availability
# - Error: Check configuration, permissions
Service Not Accessible
# Check service and endpoints
get svc
get endpoints
# Test connectivity
run test --rm -it --image= busybox -- wget -O- http://service-name
# Check network policies
get networkpolicy
High Resource Usage
# Check usage
top nodes
top pods
# Check limits
describe pod <pod-name> | grep -A 5 Limits
# Scale or adjust resources
scale deployment myapp --replicas= 5
set resources deployment myapp --limits= cpu = 1 ,memory= 1Gi
Resource Units
CPU
1 CPU = 1000m (millicores)
100m = 0.1 CPU
500m = 0.5 CPU
1 = 1 CPU core
Memory
Ki = Kibibyte (1024 bytes)
Mi = Mebibyte (1024 Ki)
Gi = Gibibyte (1024 Mi)
K = Kilobyte (1000 bytes)
M = Megabyte (1000 K)
G = Gigabyte (1000 M)
Port Numbers
Kubernetes Components
API Server: 6443
etcd: 2379-2380
Kubelet: 10250
kube-scheduler: 10259
kube-controller-manager: 10257
Common Services
HTTP: 80
HTTPS: 443
NodePort range: 30000-32767
PostgreSQL: 5432
MySQL: 3306
MongoDB: 27017
Redis: 6379
Label Selectors
Equality-based
get pods -l app = nginx
get pods -l app = nginx,tier= frontend
get pods -l 'app!=nginx'
Set-based
get pods -l 'env in (prod,staging)'
get pods -l 'tier notin (frontend,backend)'
get pods -l 'app,!tier'
JSONPath Examples
# Get pod IPs
get pods -o jsonpath = '{.items[*].status.podIP}'
# Get node names
get nodes -o jsonpath = '{.items[*].metadata.name}'
# Get container images
get pods -o jsonpath = '{.items[*].spec.containers[*].image}'
# Get resource requests
get pods -o jsonpath = '{.items[*].spec.containers[*].resources.requests}'
# Custom columns
get pods -o custom-columns= NAME:.metadata.name,STATUS:.status.phase,IP:.status.podIP
Useful Aliases
# Add to ~/.bashrc or ~/.zshrc
alias k = 'kubectl'
alias kgp = 'kubectl get pods'
alias kgs = 'kubectl get svc'
alias kgd = 'kubectl get deployments'
alias kd = 'kubectl describe'
alias kl = 'kubectl logs'
alias kx = 'kubectl exec -it'
alias ka = 'kubectl apply -f'
alias kdel = 'kubectl delete'
# OpenShift
alias o = 'oc'
alias ogp = 'oc get pods'
alias ol = 'oc logs'
Environment Variables
Common Kubernetes Variables
KUBECONFIG = ~/.kube/config
KUBERNETES_SERVICE_HOST = kubernetes.default.svc
KUBERNETES_SERVICE_PORT = 443
Useful in Scripts
NAMESPACE = ${ NAMESPACE :- default }
DEPLOYMENT_NAME = ${ DEPLOYMENT_NAME :- myapp }
IMAGE = ${ IMAGE :- myapp : latest }
REPLICAS = ${ REPLICAS :- 3 }
Exit Codes
0: Success
1: General error
2: Misuse of shell command
126: Command cannot execute
127: Command not found
130: Terminated by Ctrl+C
137: Killed (SIGKILL) - often OOM
143: Terminated (SIGTERM)
Pod Lifecycle Phases
Pending : Accepted but not scheduledRunning : Bound to node, containers runningSucceeded : All containers terminated successfullyFailed : At least one container failedUnknown : Cannot determine state
Container States
Waiting : Not running yetRunning : Executing without issuesTerminated : Finished execution or failed
Service Types
ClusterIP : Internal cluster access (default)NodePort : Exposes on each node's IPLoadBalancer : Cloud provider load balancerExternalName : Maps to DNS name
Storage Access Modes
ReadWriteOnce (RWO) : Single node read-writeReadOnlyMany (ROX) : Multiple nodes read-onlyReadWriteMany (RWX) : Multiple nodes read-write
Deployment Strategies
Rolling Update
strategy :
type : RollingUpdate
rollingUpdate :
maxSurge : 1
maxUnavailable : 0
Recreate
Network Policy Types
Ingress : Incoming traffic to podsEgress : Outgoing traffic from pods
RBAC Resources
Role : Namespace-scoped permissionsClusterRole : Cluster-wide permissionsRoleBinding : Binds Role to subjectsClusterRoleBinding : Binds ClusterRole to subjects
Common Annotations
annotations :
kubernetes.io/change-cause : "Update to version 2.0"
prometheus.io/scrape : "true"
prometheus.io/port : "9090"
nginx.ingress.kubernetes.io/rewrite-target : /
Useful One-Liners
# Delete all evicted pods
get pods --all-namespaces -o json | jq -r '.items[] | select(.status.reason=="Evicted") | "kubectl delete pod \(.metadata.name) -n \(.metadata.namespace)"' | sh
# Get pods sorted by restart count
get pods --sort-by= '.status.containerStatuses[0].restartCount'
# Get pods not running
get pods --field-selector= status.phase!= Running
# Get pod resource usage
top pods --sort-by= memory
# Watch pod status
kubectl get pods
# Get all images used in cluster
get pods --all-namespaces -o jsonpath = "{.items[*].spec.containers[*].image}" | tr -s '[[:space:]]' '\n' | sort | uniq
# Count pods per node
get pods --all-namespaces -o json | jq '.items | group_by(.spec.nodeName) | map({node: .[0].spec.nodeName, count: length})'
Key Concepts to Remember
Kubernetes Architecture
Control Plane: API Server, etcd, Scheduler, Controller Manager
Node: kubelet, kube-proxy, Container Runtime
Add-ons: DNS, Dashboard, Monitoring
Core Objects
Pod: Smallest deployable unit
Deployment: Manages ReplicaSets
Service: Network abstraction
ConfigMap/Secret: Configuration management
Volume: Storage abstraction
Networking
Every pod gets its own IP
Pods can communicate without NAT
Services provide stable endpoints
Ingress manages external access
Security
RBAC for access control
Network Policies for traffic control
Pod Security Standards
Secrets for sensitive data
Best Practices
Set resource requests and limits
Use health checks
Implement monitoring and logging
Follow GitOps principles
Document everything
Test in non-production first