The prompt Engineering Guide of Advanced Kubectl

All cool kubectl commands you need to know about

3 min readJan 2, 2025

Kubectl is the foundation of everything related to kubernetes but did you know how well kubectl can be used to debug and find information.

These are some of the top uncommon commands which are useful for debugging and figuring out issues.

If you find this article useful please consider giving a few claps to help its engagement and help me write better articles.

Enjoy and as a bonus if you are preparing for the CKA and want to gain the skills for free price checkout my repository guide.

The Debug Command

The debug command is useful for creating ephemeral containers with pods for debugging purposes

# Debug a pod
kubectl debug mypod -it --image=busybox

#Debug a node
kubectl debug node/mynode -it --image=ubuntu

#Copy nodes for debugging
kubectl debug mypod --copy-to=my-debugger --image=debian

Monitor Resource Usage

Use the top command to get resource usage of pods based on CPU or memory

#top consuming pods
kubectl top pods --all-namespaces

#highest consuming nodes
kubectl top nodes

Analyse resource request vs actual usage — needs the kubectl-resource-capacity plugin

kubectl resource-capacity --sort cpu.util --pods

Networking

Port forward a pod to view the app locally

kubectl port-forward <pod-name> <local-port>:<remote-port>

Check the endpoints of a service

kubectl get endpoints <service-name>

Inspect the connectivity of a pod/service from INSIDE a pod

kubectl exec -it <pod-name> -- ping <target>

Short Lived Pods for debugging

Use short lived pods to perform actions within the cluster context and kill them off when done.

Example: nslookup and get ip address from within a cluster for a service

kubectl run  test-nslookup --image=busybox:1.28 -it 
--restart=OnFailure -- nslookup nginx-resolver-service

for pods replace with pod ip

kubectl run  test-nslookup --image=busybox:1.28 -it 
--restart=OnFailure -- nslookup {pod IP}

Inline Patching

Use patch commands to modify resources

Example adding an annotation to a deployment

kubectl patch deployment my-deployment -p 
'{"metadata":{"annotations":{"debug":"true"}}}' --type=merge

Advanced Field Selection

Use the — field-selector to filter resources

#List pods not running
kubectl get pods --field-selector=status.phase!=Running

#Find nodes based on some condition
kubectl get nodes --field-selector=spec.unschedulable=true

JSONPath Queries for Custom Outputs

Use jsonpath to filter outputs and get specific resources

#Get all pod names in a namespace
kubectl get pods -o jsonpath='{.items[*].metadata.name}'

#List container images for all pods
kubectl get pods -o jsonpath=
'{range .items[*].spec.containers[*]}{.image}{"\n"}{end}'

#Show restart counts of all containers in a pod
kubectl get pod <pod-name> -o jsonpath=
'{.status.containerStatuses[*].restartCount}'

Debugging Authorization Issues

The auth can-i command is super useful for debugging RBAC issues

Check if a user can perform an operation

#can user delete secrets
kubectl auth can-i delete secrets --as=<user> -n {namespace}

List all the permissions of a user

kubectl auth can-i --list

Sorting and Filtering

The — sort-by is useful to organize outputs

Sort pods based on restarts

kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'

Sort PV’s by storage capacities

kubectl get pv --sort-by=.spec.capacity.storage

Monitor Live Logs from all pods of a label

kubectl logs -l app=<label> -f --all-containers=true

List all resources in tree format

kubectl tree deployment {deployment name}

Playing with Namespaces

Switch to a different namespace

kubectl  config set-context $(kubectl config current-context)
 --namespace=dev
    
kubectl  config set-context --current --namespace=dev

Delete a namespace in terminating state

 kubectl get namespace {namespace} -o json > ns.json
 
 Remove kubernetes from finalizers in json
 
 kubectl replace --raw "/api/v1/namespaces/{namespace}/finalize" 
-f ./ns.json

Registry Secret

Create a secret to hold registry details

kubectl create secret docker-registry regcred \
--docker-server=${SERVER URL} \
--docker-username=${REGISTRY USERNAME} \
--docker-password=${REGISTRY PASSWORD} \
--docker-email=${REGISTRY EMAIL}

Merge two KubeConfigs

backup existing config
cp ~/.kube/config ~/.kube/config.bak

merge and get new config
KUBECONFIG=~/.kube/config:/path/to/new/config kubectl config view
 --flatten > /tmp/config

replace old config
mv /tmp/config ~/.kube/config

These are the top commands which you can find useful , if you found this guide useful be sure to subscribe and follow for more tutorials and step by step tips and techniques.

Till then study well.