Kubectl Command Line Interface

Published by TechMarmot Editorail Staff on | Category Kubernetes

The kubectl utility serves as the primary command line interface for interacting with Kubernetes clusters. It provides a robust mechanism for running commands against a cluster, allowing administrators and developers to manage the lifecycle of containerized applications, monitor cluster health, and configure complex orchestration parameters. By acting as the bridge between the user and the Kubernetes API server, kubectl enables the execution of operations ranging from simple resource queries to complex rolling updates and debugging sessions.

The utility is designed around a consistent syntax and operation model, ensuring that users can predict how to interact with various resource types. Whether creating a single pod, scaling a deployment, or analyzing the logs of a failing container, kubectl provides the necessary hooks to manipulate the cluster state. This capability is essential for implementing Continuous Integration and Continuous Deployment (CI/CD) pipelines, where automated scripts utilize kubectl to deploy new versions of software.

Command Syntax and Structural Logic

The execution of any command within the kubectl environment follows a strict structural pattern. This consistency allows users to scale their knowledge across different resource types without needing to relearn the syntax for every new object they encounter.

The standard syntax is defined as:

kubectl [command] [TYPE] [NAME] [flags]

The components of this syntax are broken down as follows:

  • command: This element specifies the operation the user intends to perform on one or more resources. Examples include create, get, describe, and delete. The command determines the action taken by the API server.
  • TYPE: This element specifies the resource type being targeted. Resource types are case-sensitive. A critical feature of the TYPE component is its flexibility; users can specify singular, plural, or abbreviated forms. For example, the following commands are functionally identical and will produce the same output:
    • kubectl get pod pod1
    • kubectl get pods pod1
    • kubectl get po pod1
  • NAME: This element specifies the unique name of the resource. Names are case-sensitive and must match the name defined in the cluster metadata.
  • flags: These are optional parameters that modify the behavior of the command, such as specifying an output format, selecting specific namespaces, or defining sorting criteria.

Resource Management Operations

Kubernetes manages a variety of resources, and kubectl provides a suite of commands to handle their creation, modification, and deletion. These operations allow for precise control over the desired state of the cluster.

Resource Creation and Application

Creating resources in Kubernetes can be done via direct command-line input or by applying configuration files.

  • The create command is used to instantiate one or more resources. This is often done using a file or via stdin. The syntax kubectl create -f FILENAME [flags] allows users to deploy resources defined in YAML or JSON manifests.
  • The apply command allows for the application of configuration. A specific use case involves creating secrets. For example, a secret can be created using a heredoc as follows:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: $(echo -n "s33msi4" | base64 -w0)
username: $(echo -n "jane" | base64 -w0)
EOF

This method ensures that sensitive data is encoded in base64 before being sent to the cluster, maintaining the required format for Secret resources.

Resource Retrieval and Inspection

Retrieving information about the cluster state is one of the most frequent tasks performed with kubectl.

  • The get command lists one or more resources. It supports various flags for filtering and formatting. Common usage includes:

    • kubectl get services to list all services in the namespace.
    • kubectl get pods --all-namespaces to list all pods across every namespace in the cluster.
    • kubectl get pods -o wide to provide more detailed information about pods in the current namespace.
    • kubectl get deployment my-dep to list a specific deployment.
    • kubectl get pods to list all pods in the current namespace.
    • kubectl get pod my-pod -o yaml to retrieve the full YAML definition of a specific pod.

  • The describe command provides a more focused, verbose view of a specified resource. Unlike get, which provides a summary, describe may invoke several API calls to the API server to build a comprehensive view. For instance, kubectl describe node retrieves information about the node itself, a summary of pods running on that node, and events generated for the node. Other examples include:

    • kubectl describe nodes my-node
    • kubectl describe pods my-pod

Resource Modification and Deletion

Modifying and removing resources is critical for maintaining cluster hygiene and updating applications.

  • The delete command removes resources. This can be achieved through various methods:

    • Using a file: kubectl delete -f pod.yaml deletes a pod as specified in the YAML file.
    • Using label selectors: kubectl delete pods,services -l <label-key>=<label-value> deletes all pods and services matching the specified label.
    • Using resource selectors: kubectl delete pods --all deletes all pods, including those that are uninitialized.

  • The edit command allows users to update the definition of one or more resources on the server. This is done by using the default editor associated with the user's environment. The syntax used is kubectl edit (-f FILENAME | TYPE NAME | TYPE/NAME) [flags].

  • The label command is used to add or update labels on resources. Labels are key-value pairs that help in organizing and selecting subsets of resources. The syntax is kubectl label (-f FILENAME | TYPE NAME | TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags].

Advanced Operational Commands

Beyond basic CRUD (Create, Read, Update, Delete) operations, kubectl provides advanced tools for cluster maintenance, debugging, and performance monitoring.

Pod Interaction and Debugging

Interacting with the containers inside a pod is essential for troubleshooting application behavior.

  • The exec command executes a command against a container in a pod.

    • To get output from a command (e.g., date) from the first container in a pod: kubectl exec <pod-name> -- date.
    • To specify a container in a multi-container pod: kubectl exec <pod-name> -c <container-name> -- date.
    • To obtain an interactive TTY and run a shell: kubectl exec -ti <pod-name> -- /bin/bash.
    • Other variations include:
      • kubectl exec my-pod -- ls / for a single container case.
      • kubectl exec --stdin --tty my-pod -- /bin/sh for interactive shell access.
      • kubectl exec my-pod -c my-container -- ls / for multi-container pods.

  • The logs command prints the logs for a container.

    • To return a snapshot of logs: kubectl logs <pod-name>.
    • To stream logs in real-time: kubectl logs -f my-pod.
    • To stream logs from a specific container: kubectl logs -f my-pod -c my-container.
    • To stream logs from all pods with a specific label: kubectl logs -f -l name=myLabel --all-containers.

  • The debug command creates an interactive debugging session.

    • For a pod: kubectl debug my-pod -it --image=busybox:1.28.
    • For a node: kubectl debug node/my-node -it --image=busybox:1.28.

  • The attach command allows a user to attach to a running container using kubectl attach my-pod -i.

Node and Cluster Maintenance

Managing the underlying infrastructure requires commands that can isolate or prepare nodes for maintenance.

  • The cordon command marks a node as unschedulable, preventing new pods from being placed on it. The syntax is kubectl cordon NODE [options].
  • The drain command prepares a node for maintenance by evicting all pods from it. The syntax is kubectl drain NODE [options].
  • The top command displays resource metrics. Users can view metrics for all pods in the default namespace using kubectl top pod or for a specific pod using kubectl top pod POD_NAME.

Network and Connectivity

Kubectl provides ways to expose applications and route traffic for testing.

  • The expose command exposes a replication controller, service, or pod as a new Kubernetes service. This allows the application to be reachable via the network. The syntax is kubectl expose (-f FILENAME | TYPE NAME | TYPE/NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [flags].
  • The port-forward command forwards a port from the local machine to a port on a pod. For example, kubectl port-forward my-pod 5000:6000 listens on port 5000 locally and forwards it to port 6000 on the specified pod.

Data Manipulation and Output Formatting

Kubectl offers powerful options for filtering and formatting the data it retrieves from the API server, which is critical for automating tasks.

Sorting and Filtering

Users can sort the output of get commands based on specific fields to identify problematic resources quickly.

  • Sorting by name: kubectl get services --sort-by=.metadata.name.
  • Sorting by restart count for pods: kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'.
  • Sorting PersistentVolumes by capacity: kubectl get pv --sort-by=.spec.capacity.storage.
  • Sorting events by timestamp: kubectl get events --sort-by=.metadata.creationTimestamp.

Filtering can be achieved using selectors. For example, to get the version label of all pods with the label app=cassandra, the following command is used:

kubectl get pods --selector=app=cassandra -o jsonpath='{.items[*].metadata.labels.version}'

Advanced Output Formats

Beyond the default table view, kubectl supports several output formats.

  • YAML: kubectl get pod my-pod -o yaml provides the complete specification of the resource.
  • JSON: When combined with external tools like jq, JSON output allows for complex data extraction. For example, to produce a period-delimited tree of all keys returned for nodes:
    • kubectl get nodes -o json | jq -c 'paths|join(".")'
  • JSONPath: Used for precise extraction of specific fields, as seen in the label selection example above.

Deployment and Lifecycle Management

Managing the lifecycle of applications involves not just starting pods, but handling updates and rollbacks.

Running Pods

The run command is used to start pods.
- Interactive shell: kubectl run -i --tty busybox --image=busybox:1.28 -- sh.
- Single instance in a specific namespace: kubectl run nginx --image=nginx -n mynamespace.
- Generating a manifest without deploying: kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml.

Rollouts and Updates

Updating the image of a deployment triggers a rolling update, ensuring zero downtime.

  • To update the image of containers in a deployment: kubectl set image deployment/frontend www=image:v2.
  • To check the history of deployments: kubectl rollout history deployment/frontend.
  • To rollback to the previous version: kubectl rollout undo deployment/frontend.
  • To rollback to a specific revision: kubectl rollout undo deployment/frontend --to-revision=2.
  • To monitor the status of a rollout: kubectl rollout status -w.

Utility and Configuration Commands

Several commands exist to manage the kubectl tool itself and the configuration files it uses.

Configuration and Documentation

  • The config command modifies kubeconfig files. The syntax is kubectl config SUBCOMMAND [flags].
  • The explain command provides built-in documentation for various resources (e.g., pods, nodes, services). The syntax is kubectl explain TYPE [--recursive=false] [flags].
  • The options command lists global command-line options that apply to all commands.

Specialized Utilities

  • The convert command converts configuration files between different API versions, supporting both YAML and JSON. This requires the kubectl-convert plugin. The syntax is kubectl convert -f FILENAME [options].
  • The diff command compares the current state of the cluster against the state that would result if a manifest were applied. The syntax is kubectl diff -f ./my-manifest.yaml.
  • The kustomize command lists API resources generated from a kustomization.yaml file. The argument must be a path to a directory or a git repository URL. The syntax is kubectl kustomize <dir> [flags] [options].
  • The cp command allows copying files and directories to and from containers. The syntax is kubectl cp <file-spec-src> <file-spec-dest> [options].

Comprehensive Command Reference Table

The following table summarizes the primary commands available within the kubectl ecosystem.

Command Syntax Description
config kubectl config SUBCOMMAND [flags] Modifies kubeconfig files
convert kubectl convert -f FILENAME [options] Convert config files between API versions
cordon kubectl cordon NODE [options] Mark node as unschedulable
cp kubectl cp <file-spec-src> <file-spec-dest> [options] Copy files/directories to/from containers
create kubectl create -f FILENAME [flags] Create resources from file or stdin
delete kubectl delete (-f FILENAME | TYPE [NAME | /NAME | -l label | --all]) [flags] Delete resources via file, label, or name
describe kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | /NAME | -l label]) [flags] Detailed state of resources
diff kubectl diff -f FILENAME [flags] Diff file/stdin against live configuration
drain kubectl drain NODE [options] Drain node for maintenance
edit kubectl edit (-f FILENAME | TYPE NAME | TYPE/NAME) [flags] Edit resource definition on server
events kubectl events List cluster events
exec kubectl exec POD [-c CONTAINER] [-i] [-t] [flags] [-- COMMAND [args...]] Execute command in container
explain kubectl explain TYPE [--recursive=false] [flags] Resource documentation
expose kubectl expose (-f FILENAME | TYPE NAME | TYPE/NAME) [flags] Expose resource as a service
get kubectl get (-f FILENAME | TYPE [NAME | /NAME | -l label]) [flags] List one or more resources
kustomize kubectl kustomize <dir> [flags] [options] List resources from kustomization.yaml
label kubectl label (-f FILENAME | TYPE NAME | TYPE/NAME) KEY=VAL [flags] Add or update resource labels
logs kubectl logs POD [-c CONTAINER] [--follow] [flags] Print container logs
options kubectl options List global command-line options

Technical Analysis of kubectl Operational Flow

The operational effectiveness of kubectl is rooted in its ability to translate high-level user commands into low-level API calls. When a user executes a command like kubectl get pods, the utility does not interact with the containers directly; instead, it sends a request to the Kubernetes API server. The API server then queries the underlying etcd store and returns the current state of the resources.

The describe command exemplifies this complexity. While get may represent a single API call for a list of objects, describe is a composite operation. It retrieves the resource's basic state, then performs additional queries to find related events and pods, aggregating this data into a human-readable format. This highlights the distinction between a summary view and a detailed state analysis.

Furthermore, the integration of tools like jq with kubectl's JSON output allows for the creation of complex automation loops. For instance, the following loop demonstrates how to run a command across all pods in a namespace:

for pod in $(kubectl get po --output=jsonpath={.items..metadata.name}); do echo $pod && kubectl exec -it $pod -- env; done

In this scenario, kubectl is used first to extract a list of pod names via JSONPath, and then it is used in a loop to execute the env command in each pod. This pattern is fundamental for cluster-wide auditing and troubleshooting.

The introduction of the diff command adds a layer of safety to the deployment process. By comparing a local manifest against the live state of the cluster, administrators can predict the impact of a change before it is applied. This prevents accidental deletions or configuration drifts that could lead to service outages.

Finally, the use of kubectl run with the --dry-run=client -o yaml flag transforms kubectl from a mere execution tool into a manifest generator. This allows users to quickly prototype a pod specification and save it to a file, which can then be checked into version control for a formal GitOps workflow. This transition from imperative commands (do this) to declarative manifests (be like this) is the cornerstone of modern Kubernetes management.

Sources

  1. kubectl User Guide
  2. Kubernetes kubectl Reference
  3. Kubernetes kubectl Quick Reference

Related Posts