Kubernetes How-To logo

Kubernetes How-To - World's Greatest Source for Kubernetes

Authored by a production Kubernetes practitioner of 10+ years.

About these guides

Practical, production-tested Kubernetes how-tos. This block is populated dynamically with library stats.

About the author

Cassius Adams — Senior Kubernetes practitioner with 10 years running real world production Kubernetes clusters, 30+ years in Internet tech. He has designed, operated, and secured 100s of AKS/GKE/OpenShift/native on-prem and cloud multi-cluster k8s platforms with a focus on automation, reliability, and secure defaults. Publishes tested runbooks and DRY IaC that work in enterprise environments. Cassius has been responsible for deploying and/or managing 100s of Kubernetes clusters throughout his over decades-long IT career.

"Below is my ever-evolving list of Kubernetes 'HowTos' which I believe every Kubernetes novice and expert will find useful!"

Bookmark this page now!

  • Kubernetes
  • kubectl
  • IaC
  • AKS
  • GKE
  • OpenShift
  • Cloud Native
Editorial policy →

Quick Fill (optional)

Provide your own values once and this page will substitute them into the code-blocks below for quick Copy button action! Completely optional and you can stick to relevant objects. If left blank, commands stay unchanged.

Pods

Pods are the smallest deployable units in Kubernetes. This section covers day‑2 operations like safe exec access, live log streaming, ephemeral debug containers, copying files, and restart strategies with ready‑to‑use kubectl commands.

Pods — FAQ

When should I exec into a pod vs. use an ephemeral debug container?

Use ephemeral debug in production when the base image is minimal or restricted; it adds tooling without changing the running container image or file system. See Use an ephemeral debug container and How to exec into a pod.

Why are my logs empty even though the pod is running?

Check the container name in multi-container pods, recent restarts (--previous), and log output location; some apps, unfortunately, log to file only. See How to get logs from a pod and How to describe a pod.

Is deleting a pod a safe way to “restart” it?

Safe for Deployment/ReplicaSet/DaemonSet because the controller replaces it. Application teams should develop in a way that allows for the clean shutdown of their application upon termination signals, which will minimize or completely eliminate risk of deleting a pod. For standalone pods, it's better to redeploy from a manifest. See How to restart a pod.

Kubernetes: How to exec into a pod

Author: Cassius Adams •
EXPERT TIP Prefer an ephemeral debug container in production to avoid altering running workloads where/when you can. In reality this isn't always possible.
  1. Find the pod and namespace: 
    $ kubectl get pods -A
  2. Exec into it with a shell: 
    $ kubectl exec -it POD_NAME -n NAMESPACE /bin/bash
    or 
    $ kubectl exec -it POD_NAME -n NAMESPACE -- sh
  3. On a restricted cluster, use ephemeral debugging. "target" should specify which container inside that pod you want to debug alongside: 
    $ kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=CONTAINER_NAME
HEADS-UP
1. PodSecurity or RBAC may block exec/debug, so it may help to check roles before using it.
2. External registries may be blocked, in which case busybox may not be available unless you've uploaded it to your private registry - in which case target that address.
IMPORTANT
1. Avoid exec'ing into pods with sensitive data from untrusted networks. Use a bastion host, and logging.
2. A debug container will live in your pod until the end of its lifespan. If you can cleanly destroy the pod, do so when complete with your investigation.
EDITOR'S NOTE Just because you can exec into a Pod doesn't mean there's going to be much tooling in there. A lot of organizations keep container images to a minimal, for security and speed reasons. I like to first start by doing ls /bin/ to find out what binaries are available to use. Assuming you're not placing anything custom in /bin/, you can toss the list into ChatGPT and ask it to help choose which tool(s) from the list to achieve your goal.

If you are able to use debug, this is what it might look like: 
kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=container-2
	
apiVersion: v1
kind: Pod
metadata:
  name: POD_NAME
  namespace: NAMESPACE
spec:
  containers:
  - name: container-1
    image: app-image-1:latest
  - name: container-2
    image: app-image-2:latest
  # Below is automatically added to existing pod after kubectl debug
  ephemeralContainers:
  - name: debugger-xxxxx <-- autogenerated 
    image: busybox
    targetContainerName: container-2
    tty: true <-- set since running with -it̲
    stdin: true <-- set since running with -i̲t

Kubernetes: How to port-forward to a pod

Author: Cassius Adams •
  1. Find the pod and its namespace: 
    $ kubectl get pods -A
  2. Forward a local port to the pod’s port: 
    $ kubectl port-forward pod/POD_NAME 8080:80 -n NAMESPACE
  3. Open the forwarded endpoint by visiting in your browser, or curl http://localhost:8080
EXPERT TIP Use a resource type prefix (e.g., pod/) to avoid ambiguous names.
HEADS-UP The session runs until you close it, so keep the terminal open while you're using it.
EDITOR'S NOTE I don't use this feature nearly as much as I should. It's a great way of verifying correct functionality, and performing tests against a specific pod's application.

Kubernetes: How to describe a pod

Author: Cassius Adams •
  1. Describe the pod for a full status dump: 
    $ kubectl describe pod POD_NAME -n NAMESPACE
  2. Filter for events (shell grep example): 
    $ kubectl describe pod POD_NAME -n NAMESPACE | grep -A5 -i events
  3. Check recent warnings across a namespace: 
    $ kubectl get events -n NAMESPACE --sort-by=.lastTimestamp | tail -n 50
EXPERT TIP If a pod is Pending or CrashLoopBackOff, describe usually points to the root cause the fastest.

Kubernetes: How to list pods by label

Author: Cassius Adams •
  1. List pods matching an exact label in a namespace: 
    $ kubectl get pods -l app=web -n NAMESPACE
  2. List pods across all namespaces for a label: 
    $ kubectl get pods -A -l tier=backend
  3. You can show labels as columns to see/find values quickly: 
    $ kubectl get pods -l app=web -L app,tier -n NAMESPACE
  4. Use JSONPath to print only the pod names (handy when scripting things): 
    $ kubectl get pods -l app=web -n NAMESPACE -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'
EXPERT TIP You can combine multiple selectors using commas or logical ops. Examples:
-l 'app=web,environment=prod' -l 'environment in (prod,staging)'
HEADS-UP Label keys are case-sensitive and usually use prefixes that resemble DNS in larger orgs or tools (ex: team.example.com/owner).
EDITOR'S NOTE I often add -o wide to see node placement while filtering by label. I find it makes spotting poorly balanced or hot nodes much easier.

Kubernetes: How to view pod events

Author: Cassius Adams •
  1. View events for a specific pod and sort by most recent at the top: 
    $ kubectl get events --field-selector involvedObject.kind=Pod,involvedObject.name=POD_NAME -n NAMESPACE --sort-by=.lastTimestamp
  2. Show only warnings in a specific namespace (and tail 50 most recent): 
    $ kubectl get events -n NAMESPACE --field-selector type=Warning --sort-by=.lastTimestamp | tail -n 50
  3. Use describe to see a pod’s embedded event section: 
    $ kubectl describe pod POD_NAME -n NAMESPACE
  4. Watch events live, as they happen: 
    $ kubectl get events -n NAMESPACE --watch
EXPERT TIP Add --field-selector involvedObject.namespace=NAMESPACE when viewing cluster-wide events to reduce a ton of unnecessary noise.
HEADS-UP Events are ephemeral (controlled by TTL on your cluster). This is a common frustration in Kubernetes. So if you need historical context beyond the TTL, capture them to logs or an observability stack.
EDITOR'S NOTE I use the --watch parameter a LOT. Especially when impatiently awaiting a new node to enter the cluster. It's definitely not limited to just events.

I'll also sometimes run the warning-only filter in one terminal while reproducing an issue in another because it keeps signal high and fluff low during triage.

Kubernetes: How to set env vars on a pod (kubectl set env)

Author: Cassius Adams •
  1. Get a list of current environment variables on a pod: 
    $ kubectl set env pod/POD_NAME --list -n NAMESPACE
  2. Set or update an env var on a Deployment (which automatically triggers a rollout) and also check on rollout status: 
    $ kubectl set env deployment/DEPLOYMENT_NAME FOO=bar -n NAMESPACE
    $ kubectl rollout status deployment/DEPLOYMENT_NAME -n NAMESPACE
  3. Populate env vars from a Secret or ConfigMap: 
    $ kubectl set env deployment/DEPLOYMENT_NAME --from=secret/SECRET_NAME -n NAMESPACE
    $ kubectl set env deployment/DEPLOYMENT_NAME --from=configmap/CONFIGMAP_NAME -n NAMESPACE
  4. Remove an env var (which automatically triggers rollout): 
    $ kubectl set env deployment/DEPLOYMENT_NAME FOO- -n NAMESPACE
EXPERT TIP When importing from a Secret or ConfigMap, you can add a prefix with --prefix=APP_ to avoid name collisions.
HEADS-UP kubectl set env updates the pod template, so controllers (ex, Deployments, DaemonSets, etc) will roll out new pods. Use rollout status to watch health.
IMPORTANT Avoid putting sensitive values directly in commands or manifests. Prefer --from=secret/SECRET_NAME or valueFrom: secretKeyRef and tighten RBAC.
EDITOR'S NOTE I default to ConfigMap or Secret sources for portability. If you must set a one-off var for a hotfix, it's advisable to commit a follow-up PR that formalizes it in IaC immediately.

And speaking of IaC, setting the environment variables manually in general is inadvisable unless it's a lower or testing environment. It should be a code-driven configuration (not the secrets! But the Deployment, DaemonSet, etc should be). If you're not already doing that, get in the habit of applying the env var that way.

Kubernetes: How to use an ephemeral debug container

Author: Cassius Adams •
  1. Start a debug container in the target pod (uses same network & NS as the app). Use --target to choose the specific container within the pod you're troubleshooting: 
    $ kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=CONTAINER_NAME
  2. Confirm the debug container is attached (look for ephemeralContainers): 
    $ kubectl describe pod POD_NAME -n NAMESPACE | sed -n '/Ephemeral Containers:/,$p'
    Essentially the same as above, but more reliable (less brittle) - and more complex. (Use this one if scripting) 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{range .spec.ephemeralContainers[*]}{.name}{"\t"}{.image}{"\t"}{.targetContainerName}{"\n"}{end}'
  3. Troubleshoot and collect your evidence from within the debug container (See How to exec into a pod): 
    $ nslookup SERVICE_NAME.NAMESPACE.svc.cluster.local
    $ wget -qO- http://127.0.0.1:PORT
  4. Clean up when finished (let the controller recreate the pod if applicable): 
    $ kubectl delete pod POD_NAME -n NAMESPACE
EXPERT TIP Use the smallest image with the tooling you need (ex busybox for basics). In restrictive environments, push your chosen toolbox image to the private registry first and use that.
HEADS-UP PodSecurity/RBAC policies may forbid debug. Check permissions if you see forbidden errors.
IMPORTANT Ephemeral containers share the pod's network and may access sensitive data and paths. Limit who can create them and remove the pod when done to return to a known-good state.
EDITOR'S NOTE The debug container cannot easily be removed from the pod once started - it will live in there for the pod's lifespan. So I'd advise the recreation of the pod once troubleshooting is complete.

Usually the first few things I do in a debug shell are to check DNS, check local ports (netstat if it's present), then curl the internal pod HTTP endpoint. These are basics and you'll often need to dive much deeper to reveal the source of the issue you're troubleshooting.

In situations where security doesn't allow debug containers, I'll sometimes hop into the app container, find out what's in /bin/ and write a script to check network states. Deciphering /proc/net/(tcp|udp) and /proc/net/tcp6, for example, can be challenging. But we work with what we have :)

Kubernetes: How to force delete pod (kubectl)

Author: Cassius Adams •
  1. Check what’s holding the Pod up (finalizers, stuck volumes, etc): 
    $ kubectl describe pod POD_NAME -n NAMESPACE | sed -n '/Finalizers:/,/^Events/p'
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{.metadata.finalizers}'
  2. Force delete from the API immediately (skips grace period, may kill requests in process): 
    $ kubectl delete pod POD_NAME -n NAMESPACE --grace-period=0 --force
  3. If finalizers are the blocker, remove them (advanced): 
    $ kubectl patch pod POD_NAME -n NAMESPACE --type=merge -p '{"metadata":{"finalizers":[]}}'
  4. (Controller-managed) When applicable, avoid instant respawn while you investigate by shutting down the app: 
    $ kubectl scale deployment/DEPLOYMENT_NAME --replicas=0 -n NAMESPACE
EXPERT TIP If the Pod is part of a Deployment/ReplicaSet/DaemonSet, scale or pause the controller first or the Pod will be recreated before you can validate the fix.
HEADS-UP Force delete removes the object from the API without waiting for kubelet/containers to exit. The node may clean up later; don’t rely on this for graceful shutdown.

If GitOps (like ArgoCD) is used, it could potentially revert pod back instantly if it targets pods directly (avoid).
IMPORTANT Removing finalizers via patch is a last-resort move! You're bypassing safety mechanisms so make sure you understand what the finalizer is doing (ex, PV protection, custom controllers).
EDITOR'S NOTE Most of the time, it's a finalizer from a storage or service mesh controller. I will generally watch the events in a second terminal to get a view into what's happening while I force delete.

Kubernetes: How to terminate pod (kubectl)

Author: Cassius Adams •
  1. Request a standard graceful pod termination: 
    $ kubectl delete pod POD_NAME -n NAMESPACE
  2. Customize the grace period (seconds) and return immediately: 
    $ kubectl delete pod POD_NAME --grace-period=20 --wait=false -n NAMESPACE
  3. Wait for deletion to complete (useful in scripts and CI - exits 0 if delete worked, non-0 if it didn't): 
    $ kubectl wait --for=delete pod/POD_NAME --timeout=60s -n NAMESPACE
  4. Prefer restarting via controller for managed pods (deployment, daemonset, etc) when appropriate: 
    $ kubectl rollout restart deployment/DEPLOYMENT_NAME -n NAMESPACE
EXPERT TIP If a readiness/liveness probe is failing, termination can cascade into flapping. Consider fixing probes and rolling the controller instead of deleting individual Pods.
HEADS-UP Deleting a standalone unmanaged Pod is not persistent. If there's no controller to recreate it, you should redeploy from a manifest. For managed Pods, it should immediate respawn.
EDITOR'S NOTE My general rule: always gracefully restart first - I force it only when I know exactly what I'm bypassing. I'll sometimes --wait=false so I can keep working in the same terminal when confident.

Kubernetes: How to access container

Author: Cassius Adams •
  1. Open a shell in a specific container: 
    $ kubectl exec -it POD_NAME -c CONTAINER_NAME -n NAMESPACE -- sh
    $ kubectl exec -it POD_NAME -c CONTAINER_NAME -n NAMESPACE /bin/bash
  2. Attach to the main process (no shell required - you'll attach directly to the running process of the container). Ctrl+P, Ctrl+Q to detatch: 
    $ kubectl attach -it POD_NAME -c CONTAINER_NAME -n NAMESPACE
  3. Work with logs for only this container, last 200 lines and live logs: 
    $ kubectl logs POD_NAME -c CONTAINER_NAME -n NAMESPACE -f --tail=200
  4. Port-forward to reach a container's listening port (pod-level): 
    $ kubectl port-forward pod/POD_NAME LOCAL_PORT:CONTAINER_PORT -n NAMESPACE
  5. Copy files to/from a specific container:
    Local → Container 
    $ kubectl cp ./local-file.txt NAMESPACE/POD_NAME:/tmp/local-file.txt -c CONTAINER_NAME
    Container → Local 
    $ kubectl cp NAMESPACE/POD_NAME:/tmp/local-file.txt ./local-file.txt -c CONTAINER_NAME
EXPERT TIP Always include -c CONTAINER_NAME for multi-container pods. If you omit it, kubectl will pick a default and it might not be the one you expect.
HEADS-UP Many base images don’t include a shell. If sh and bash are missing, either attach to the process or use an ephemeral debug container targeted at CONTAINER_NAME.
IMPORTANT Treat interactive access as privileged. Don’t paste secrets into terminals, and prefer audit-logged bastion/jumpbox access where possible.
EDITOR'S NOTE In practice, I almost never attach directly to a container. I generally exec in, or switch to debug containers when I need tooling.
HEADS-UP Some managed platforms disable Dashboard or ship their own. Namespaces and service names can differ - confirm before you assume it's kubernetes-dashboard.

Kubernetes: How to access dashboard

Author: Cassius Adams •
  1. Verify Dashboard components (namespace, service, deployment): 
    $ kubectl get ns | grep -i dashboard
    $ kubectl get all -n NAMESPACE
$ kubectl get svc -n NAMESPACE
$ kubectl get deploy -n NAMESPACE
  2. (If not installed) Apply the recommended manifest (research and pick a version appropriate to your cluster): 
    $ kubectl apply -f URL
  3. Port-forward the Dashboard service to your workstation: 
    $ kubectl port-forward -n NAMESPACE svc/SERVICE_NAME 8443:443
    Then open: https://127.0.0.1:8443
  4. Generate a login token (Kubernetes 1.24+ ServiceAccount token request): 
    $ kubectl -n NAMESPACE create token SERVICE_ACCOUNT_NAME
    Older clusters that still mount Secret-based tokens: 
    $ kubectl -n NAMESPACE get sa SERVICE_ACCOUNT_NAME -o jsonpath='{.secrets[0].name}'
$ kubectl -n NAMESPACE get secret SECRET_NAME -o jsonpath='{.data.token}' | base64 -d
  5. Sign into dasbhoard UI with the token. Use a least privilege ServiceAccount; avoid cluster admin unless you're in a lab.
EXPERT TIP Keep Dashboard internal-only and reach it via port-forward or a short-lived bastion. It's simpler and safer than exposing it with an Ingress.
IMPORTANT Don't leave an admin token lying around. Rotate or delete short-lived tokens and restrict RBAC to the minimum verbs/namespaces you need.
EDITOR'S NOTE Honestly, I don't generally use dashboard - I stick to sources provided on managed platforms, like AKS, GKE, OpenShift, etc. That said: if you must expose Dashboard broadly, still please don't. If you do, put it behind SSO, strong network controls, and log everything.

Kubernetes: How to access pod

Author: Cassius Adams •
  1. Interactive shell (single or multi-container with -c): 
    $ kubectl exec -it POD_NAME -n NAMESPACE -- sh
    $ kubectl exec -it POD_NAME -c CONTAINER_NAME -n NAMESPACE /bin/bash
  2. Attach to the running process (no shell): 
    $ kubectl attach -it POD_NAME -n NAMESPACE
  3. Reach a Pod’s listening port from your machine (pod-level port-forward): 
    $ kubectl port-forward pod/POD_NAME LOCAL_PORT:CONTAINER_PORT -n NAMESPACE
    Then browse/curl: http://127.0.0.1:LOCAL_PORT
  4. Access via an ephemeral debug toolbox (won't change app image): 
    $ kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=CONTAINER_NAME
  5. Copy files to/from the Pod: 
    $ kubectl cp ./local.txt NAMESPACE/POD_NAME:/tmp/local.txt
    $ kubectl cp NAMESPACE/POD_NAME:/tmp/remote.txt ./remote.txt
EXPERT TIP For multi-container pods, always pass -c CONTAINER_NAME to avoid landing in a sidecar you don’t care about.
HEADS-UP Some images don’t ship a shell. If sh/bash are missing, use attach or a debug container with the tooling you need.
IMPORTANT Treat interactive access as privileged. Route through a bastion and log commands when possible.
EDITOR'S NOTE When I’m just testing HTTP on a pod, port-forwarding is the fastest path. When I need tooling, it's better to go to an ephemeral debug container (debug container will remain for pod's lifetime). Or exec into the pod's container.

Kubernetes: How to communicate between pods

Author: Cassius Adams •
  1. Prefer Service DNS over Pod IPs (stable, load-balanced). From within pod container: 
    $ curl http://SERVICE_NAME.NAMESPACE.svc.cluster.local:PORT/healthz
    Or if pods are guaranteed to reside in the same namespace: 
    $ curl http://SERVICE_NAME:PORT/healthz
  2. From a debug toolbox (same namespace or specify FQDN): 
    $ kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=CONTAINER_NAME
    $ nslookup SERVICE_NAME.NAMESPACE.svc.cluster.local
$ wget -qO- http://SERVICE_NAME.NAMESPACE.svc.cluster.local:PORT
  3. Inspect endpoints behind a Service: 
    $ kubectl get endpoints SERVICE_NAME -n NAMESPACE -o wide
    Or EndpointSlices (version 1.21+ clusters) of a Service: 
    $ kubectl get endpointslice -n NAMESPACE -l kubernetes.io/service-name=SERVICE_NAME -o wide
  4. Pod-to-Pod direct by IP (diagnostics only; if you must): 
    $ kubectl get pod -o wide -n NAMESPACE | grep POD_NAME
    $ curl http://POD_IP:PORT/healthz
  5. Validate NetworkPolicies aren't blocking traffic: 
    $ kubectl get netpol -A
    $ kubectl describe netpol NETPOL_NAME -n NAMESPACE
EXPERT TIP Always test by FQDN first (service.namespace.svc.cluster.local) to avoid search-path surprises when you’re crossing namespaces.
HEADS-UP Pod IPs are ephemeral; reschedules break direct IP calls. Use Services or (for stateful sets) headless Services for stable discovery.
IMPORTANT NetworkPolicies default-deny in many shops. If traffic fails only across namespaces, it’s probably a policy, not DNS.
EDITOR'S NOTE You may want to keep a tiny toolbox container around (busybox, distroless-curl, etc) just for quick way to test DNS or HTTP. Especially if exec is unavailable or undesireable. It can save valuable time when triaging weird cross-namespace transactions.

I almost always prefer that apps use the namespace-local service name (SERVICE_NAME:PORT) rather than the general FQDN (SERVICE_NAME.NAMESPACE.svc.cluster.local:PORT) wherever possible. It makes IaC more straight-forward, with objects much more tightly coupled, somewhat more opinionated, and highly portable across multiple clusters, namespace renames, or migrations.

Kubernetes: How to copy file from pod

Author: Cassius Adams •
  1. Copy a file from a Pod to your local machine: 
    $ kubectl cp NAMESPACE/POD_NAME:/path/in/pod/file.txt ./file.txt
  2. Copy a file to a Pod (single-container): 
    $ kubectl cp ./local.txt NAMESPACE/POD_NAME:/tmp/local.txt
  3. (Multi-container) Specify the container explicitly: 
    $ kubectl cp -c CONTAINER_NAME ./local.txt NAMESPACE/POD_NAME:/tmp/local.txt
    $ kubectl cp -c CONTAINER_NAME NAMESPACE/POD_NAME:/var/log/app.log ./app.log
  4. Copy a directory (contents) out of a Pod: 
    $ kubectl cp NAMESPACE/POD_NAME:/var/log/app ./logs
    Copy a directory into a Pod: 
    $ kubectl cp ./scripts NAMESPACE/POD_NAME:/opt/scripts
  5. Fallback when kubectl cp fails (ex due to tar flag/version mismatch). Use a tar pipe: 
    $ kubectl exec -i POD_NAME -n NAMESPACE -- sh -c "tar -C /path/in/pod -cf - ." > ./archive.tar
$ tar -C ./extract-here -xf ./archive.tar
EXPERT TIP
Quote paths with spaces:"NAMESPACE/POD_NAME:/var/log/my app/log.txt". Add -c CONTAINER_NAME whenever the Pod has sidecars.
HEADS-UP kubectl cp shells out to tar inside the container. If the image has no tar at all, both kubectl cp and the tar-pipe fallback will fail. The tar-pipe trick is only usable when tar is present but kubectl cp itself fails. For truly tar-less images, use kubectl exec with cat for single files, or attach a debug container with tar tools.
IMPORTANT Be mindful of secrets. Don’t copy sensitive files out of Pods unless you absolutely must, and ensure RBAC and audit logs are in place.
EDITOR'S NOTE If you need to run some tests from the container itself, it's good to keep some custom bash scripts on your local machine that you can rely on when using minimal containers. Quickly cp them into the container, exec in and run your testing scripts. I'll often stage files under /tmp first, then copy from there, so I'm not having to remember crazy-long paths. Also, it keeps permissions sane and avoids noisy permission errors from system or read-only paths. All this assumes you are not using a debug container.

Kubernetes: How to create a pod

Author: Cassius Adams •
  1. Spin up a quick, disposable unmanaged test Pod (no controller): 
    $ kubectl run POD_NAME --image=IMAGE --restart=Never -n NAMESPACE --port=CONTAINER_PORT
    Wait (90 seconds) for Ready: 
    $ kubectl wait --for=condition=Ready pod/POD_NAME -n NAMESPACE --timeout=90s
  2. Create a minimal Pod from YAML (recommended for anything reproducible): 
    apiVersion: v1
kind: Pod
metadata:
  name: POD_NAME
  namespace: NAMESPACE
  labels:
    app: example
spec:
  terminationGracePeriodSeconds: 30
  containers:
  - name: app
    image: IMAGE
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: CONTAINER_PORT
    resources:
      requests:
        cpu: "100m"
        memory: "128Mi"
      limits:
        cpu: "500m"
        memory: "256Mi"
    securityContext:
      allowPrivilegeEscalation: false
      runAsNonRoot: true
    Apply it: 
    $ kubectl apply -f pod.yaml -n NAMESPACE
  3. Verify and check the logs: 
    $ kubectl get pod POD_NAME -o wide -n NAMESPACE
    $ kubectl logs POD_NAME -n NAMESPACE --tail=100
  4. (Optional) Reach it locally: 
    $ kubectl port-forward pod/POD_NAME 8080:CONTAINER_PORT -n NAMESPACE
EXPERT TIP For real apps, use a controller (Deployment/StatefulSet/Job), not an unmanaged Pod. Pods are pets; controllers make cattle.
HEADS-UP Pod names are immutable. If you change the YAML name, Kubernetes creates a new Pod. That’s normal—treat it as replace, not update.
IMPORTANT Avoid :latest. Pin images to a tag or digest, set resource requests/limits, and add probes if the app is long-running.
EDITOR'S NOTE I just said "set resource requests/limits" above and I can't stress this enough. Without them, Kubernetes scheduler is going to have a terrible time. The pod could use no resources or all the resources, could land on an over-capacity node, cluster autoscalers won't work effectively, and so on. There are a plethora of reasons - you should always at least set a request value for memory and cpu. limit is not as important - but you should still set it (pro tip: set memory request and limit values equal - always.

Kubernetes: How to delete a pod

Author: Cassius Adams •
  1. Delete a single Pod gracefully (default grace period): 
    $ kubectl delete pod POD_NAME -n NAMESPACE
  2. Delete multiple Pods by label: 
    $ kubectl delete pod -l app=web -n NAMESPACE
  3. Return control to your terminal immediately (don’t block): 
    $ kubectl delete pod POD_NAME --wait=false -n NAMESPACE
    Or wait until it’s fully gone (when scripting): 
    $ kubectl wait --for=delete pod/POD_NAME --timeout=60s -n NAMESPACE
  4. Prefer controller-aware restarts when appropriate (Managed Pods): 
    $ kubectl rollout restart deployment/DEPLOYMENT_NAME -n NAMESPACE
EXPERT TIP Deleting a Pod behind a Deployment/ReplicaSet/DaemonSet should trigger an immediate replacement. Use this as a lightweight “kick” once you’ve fixed the cause, or to clean up a debug container.
HEADS-UP For StatefulSets, identity (name) matters. Deleting web-0 re-creates web-0 with the same identity. Be mindful of PVC attachments and disruption windows.
IMPORTANT Don’t use --force --grace-period=0 unless you know what you’re bypassing. See Force delete a pod for the procedure.
EDITOR'S NOTE I usually keep a second terminal tailing warnings with kubectl get events -n NAMESPACE --field-selector type=Warning --watch while I delete. It reveals issues fast - especially if the pod can't terminate.

Kubernetes: How to delete all pods

Author: Cassius Adams •
  1. Delete every Pod in a specific namespace (gracefully): 
    $ kubectl delete pod --all -n NAMESPACE
    You can also preview what would be deleted first: 
    $ kubectl delete pod --all -n NAMESPACE --dry-run=client -o name
  2. Delete Pods across all namespaces (use with extreme caution): 
    $ kubectl delete pod --all -A
    Safer pattern (skip system namespaces): 
    $ for ns in $(kubectl get ns -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' \
  | grep -Ev '^(kube-system|kube-public|kube-node-lease)$'); do
    kubectl delete pod --all -n "$ns"
  done
  3. Prevent immediate respawn while investigating by shutting down the app (controller-managed workloads): 
    $ kubectl scale deployment --all --replicas=0 -n NAMESPACE
    When ready, scale back up or prefer a restart: 
    $ kubectl rollout restart deployment --all -n NAMESPACE
  4. Watch deletion and replacement progress live as they happen: 
    $ kubectl get pods -w -n NAMESPACE -o wide
EXPERT TIP If the goal is “restart everything,” prefer kubectl rollout restart deployment --all -n NAMESPACE instead of mass-deleting Pods. It’s safer and preserves controller intent.
HEADS-UP Deleting Pods in controller-managed namespaces will cause them to be immediately recreated. For Jobs/CronJobs, deleting Pods can confuse completion tracking, so consider deleting the Job or letting it finish.
IMPORTANT Avoid cluster-wide Pod deletion in production. Never target system namespaces (kube-system, kube-public, kube-node-lease) unless you’re absolutely certain. You should absolutely expect outages if you do.
EDITOR'S NOTE I almost never destroy pods en masses. If I do it's because I've fixed a systemic or cascading issue and want a clean slate. Even then, I roll by namespace, watch events in another terminal, and try to keep an eye on HorizontalPodAutoscaler (and PodDisruptionBudgets if present).

Kubernetes: How to delete evicted pods

Author: Cassius Adams •
  1. List evicted Pods in a namespace, for a quick visual: 
    $ kubectl get pods -n NAMESPACE | grep -i Evicted
    Cluster-wide: 
    $ kubectl get pods -A | grep -i Evicted
  2. Delete all evicted Pods in one namespace (Linux shell): 
    $ kubectl get pods -n NAMESPACE | awk '$4=="Evicted"{print $1}' \
  | xargs -r kubectl delete pod -n NAMESPACE
  3. Use JSONPath to select by reason (more precise, good when scripting): 
    $ kubectl get pods -n NAMESPACE --field-selector=status.phase=Failed \
  -o jsonpath='{range .items[?(@.status.reason=="Evicted")]}{.metadata.name}{"\n"}{end}' \
  | xargs -r -I{} kubectl delete pod {} -n NAMESPACE
  4. Cluster-wide cleanup (omitting system namespaces): 
    $ for ns in $(kubectl get ns -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' \
  | grep -Ev '^(kube-system|kube-public|kube-node-lease)$'); do
    kubectl get pods -n "$ns" | awk '$4=="Evicted"{print $1}' \
      | xargs -r kubectl delete pod -n "$ns"
  done
  5. Investigate why Pods were evicted (memory/disk/node pressure): 
    $ kubectl describe node NODE_NAME | sed -n '/Conditions:/,$p'
    $ kubectl top node
$ kubectl top pod -A --containers
EXPERT TIP Evictions are usually a symptom, not the problem. Look for memory/disk pressure on nodes, pod limits vs. usage, and bursty workloads without headroom (especially if your memory request and limit values are not equal).
HEADS-UP The quick AWK approach keys off the STATUS column. Table output can change between versions; use the JSONPath variant for durable scripts.
IMPORTANT Don’t blanket-delete failed Pods from critical namespaces without understanding the blast radius. If a controller is flapping, clean up once after you stabilize the cause.
EDITOR'S NOTE My routine is: skim evictions, spot the common node, check top/describe node, fix pressure, then clean up Pods. Cleaning first just hides the signal you need. If it's a resource issue on a node, I tend to spend a bit of time rebalancing the workloads for a more even nodal spread.

Kubernetes: How to enter a pod

Author: Cassius Adams •
  1. Open an interactive shell in a Pod (common shells): 
    $ kubectl exec -it POD_NAME -n NAMESPACE -- sh
    If the image has bash: 
    $ kubectl exec -it POD_NAME -n NAMESPACE -- /bin/bash
  2. Enter a specific container in a multi-container Pod: 
    $ kubectl exec -it POD_NAME -c CONTAINER_NAME -n NAMESPACE -- sh
  3. Run a one-off command without a shell (prints output and exits): 
    $ kubectl exec POD_NAME -n NAMESPACE -- ls -lah /
  4. If the image lacks a shell or tooling, use an ephemeral debug container: 
    $ kubectl debug -it POD_NAME -n NAMESPACE --image=busybox --target=CONTAINER_NAME
    (Same network namespace; doesn’t modify the app image.)
  5. Exit the pod/container cleanly: 
    $ exit
EXPERT TIP Use -- to separate kubectl flags from the command you want to run inside the container (prevents kubectl from interpreting your arguments).
HEADS-UP Many images don’t ship a shell. If sh/bash aren’t present, try a direct command (exec POD -- cat /etc/os-release) or switch to a debug container targeted at the app container.
IMPORTANT Interactive access is privileged. Use a bastion/jumpbox, avoid pasting secrets, and clean up any debug containers by recreating the Pod when finished.
EDITOR'S NOTE “Enter” usually means exec with a TTY. I only use attach when I need to interact with the main process directly—and even then, I’m careful. Debug containers are a better option for real troubleshooting.

While is is best practice to use -- to separate the kubectl command from the command to be executed in the container, I never use it if I target /bin/bash
kubectl exec -it POD_NAME -c CONTAINER_NAME -n NAMESPACE /bin/bash There is no "/bin/bash" parameter for kubectl thus it doesn't get confused.

Kubernetes: How to evict pod

Author: Cassius Adams •
EXPERT TIP “Evict” means request a graceful disruption via the Eviction API (respects PodDisruptionBudgets). It’s not the same as delete or --force.
  1. Find the pod + check its controller and labels (useful for PDB matching): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o wide
    Optional (see which controller owns it): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{.metadata.ownerReferences[*].kind}{"\t"}{.metadata.ownerReferences[*].name}{"\n"}'
  2. Check PodDisruptionBudgets (PDB) that may select this pod: 
    $ kubectl get pdb -A
    Focus on the namespace and labels that match your pod: 
    $ kubectl describe pdb PDB_NAME -n NAMESPACE
    (Look for Allowed disruptions > 0. If it’s 0, an eviction will be blocked.)
  3. Request an eviction (Eviction API). This is the portable, per-pod way: 
    $ cat <<'EOF' | kubectl create -f -
apiVersion: policy/v1
kind: Eviction
metadata:
  name: POD_NAME
  namespace: NAMESPACE
deleteOptions:
  gracePeriodSeconds: 30
EOF
    Watch progress: 
    $ kubectl get pod POD_NAME -n NAMESPACE -w
  4. If PDB blocks eviction (Allowed disruptions = 0), create budget to enable it without breaking SLOs:
    • Temporarily scale up replicas to increase allowed disruptions:
    $ kubectl scale deployment/DEPLOYMENT_NAME -n NAMESPACE --replicas=DESIRED
    • Or adjust the PDB (carefully) to permit one disruption:
    $ kubectl patch pdb PDB_NAME -n NAMESPACE --type=merge -p '{"spec":{"maxUnavailable":1}}'
    Then retry the eviction step.
  5. Node-level safe eviction (drain pattern). This evicts many pods while honoring PDBs: 
    $ kubectl cordon NODE_NAME
$ kubectl drain NODE_NAME --ignore-daemonsets --delete-emptydir-data --grace-period=30 --timeout=10m -n NAMESPACE
    When finished: 
    $ kubectl uncordon NODE_NAME
HEADS-UP Eviction respects PDBs and priorityClassName. High-priority pods or tight PDBs often yield cannot evict responses until you add capacity or relax budgets.
IMPORTANT Don’t “fix” blocked evictions by --force deleting. That bypasses safety rails and can violate availability guarantees. Adjust replicas/PDBs instead.
EDITOR'S NOTE If I’m evicting a single pod, I almost always check the PDB first. For node work, the cordon → drain → uncordon flow has saved me from pager pings more times than I can count.

Kubernetes: How to force delete a pod

Author: Cassius Adams •
  1. Confirm it’s truly stuck (Terminating, NodeLost, or kubelet unreachable): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o wide
    Check events and finalizers: 
    $ kubectl describe pod POD_NAME -n NAMESPACE | sed -n '/Finalizers:/,/^Events/p'
$ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{.metadata.finalizers}'
  2. Try a normal delete with a short grace period (preferred first): 
    $ kubectl delete pod POD_NAME --grace-period=20 --wait=false -n NAMESPACE
  3. Force remove the API object immediately (bypasses kubelet): 
    $ kubectl delete pod POD_NAME -n NAMESPACE --force --grace-period=0
    EXPERT TIP If a controller will recreate it, consider scaling replicas to 0 briefly to stop instant respawns while you investigate.
  4. If finalizers block deletion (advanced), clear them knowingly: 
    $ kubectl patch pod POD_NAME -n NAMESPACE --type=merge -p '{"metadata":{"finalizers":[]}}'
    Re-check events after patch: 
    $ kubectl get events -n NAMESPACE --field-selector involvedObject.name=POD_NAME --watch
  5. For controller-managed workloads, pause/scale first (avoid churn): 
    $ kubectl scale deployment/DEPLOYMENT_NAME --replicas=0 -n NAMESPACE
# ...perform force delete...
$ kubectl scale deployment/DEPLOYMENT_NAME --replicas=DESIRED -n NAMESPACE
HEADS-UP --force --grace-period=0 removes the pod from the API immediately; the node may clean up containers later. Don’t mistake this for a graceful shutdown.
IMPORTANT Finalizers exist to protect resources (volumes, service mesh, controllers). Removing them can orphan resources or violate invariants. Know the owner and consequences first.
EDITOR'S NOTE 90% of my “truly stuck” pods are either NodeLost or a storage finalizer hanging. I tail warnings in another terminal while I force-delete—fast signal when it finally clears or reappears.

Kubernetes: How to get container name

Author: Cassius Adams •
  1. List all app container names in a single pod (newline-separated): 
    $ kubectl get pod POD_NAME -n NAMESPACE \
  -o jsonpath='{range .spec.containers[*]}{.name}{"\n"}{end}'
  2. Include init and ephemeral containers (when present): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='\
{range .spec.initContainers[*]}init: {.name}{"\n"}{end}\
{range .spec.containers[*]}app: {.name}{"\n"}{end}\
{range .spec.ephemeralContainers[*]}ephemeral: {.name}{"\n"}{end}'
  3. (JQ fans) Same idea with jq for readability: 
    $ kubectl get pod POD_NAME -n NAMESPACE -o json \
  | jq -r '.spec.initContainers[]?.name as $n | "init: \($n)"'
$ kubectl get pod POD_NAME -n NAMESPACE -o json \
  | jq -r '.spec.containers[].name as $n | "app: \($n)"'
$ kubectl get pod POD_NAME -n NAMESPACE -o json \
  | jq -r '.spec.ephemeralContainers[]?.name as $n | "ephemeral: \($n)"'
  4. Print pod name + containers for all pods with a label (handy for scripts): 
    $ kubectl get pods -n NAMESPACE -l app=web -o jsonpath='\
{range .items[*]}{.metadata.name}{"\t"}{range .spec.containers[*]}{.name}{" "}{end}{"\n"}{end}'
  5. (Human scan) describe shows containers too: 
    $ kubectl describe pod POD_NAME -n NAMESPACE | sed -n '/Containers:/,/Conditions:/p'
EXPERT TIP JSONPath is your friend in scripts. Print just the names you need, then pipe into loops that exec/logs/cp for each container.
HEADS-UP Multi-container pods are common (sidecars, service mesh). Always pass -c CONTAINER_NAME to target the right one.
EDITOR'S NOTE For quick audits across a namespace I’ll run the JSONPath one-liner and eyeball for odd container names—great at spotting accidental sidecars or leftover debug containers.

Kubernetes: How to get logs from pod

Author: Cassius Adams •
  1. Tail a pod’s logs live (show latest 200 lines too): 
    $ kubectl logs POD_NAME -n NAMESPACE -f --tail=200
    Multi-container pod (target a specific one): 
    $ kubectl logs POD_NAME -c CONTAINER_NAME -n NAMESPACE -f --tail=200
  2. Scope by time, bytes, lines—great for noisy pods: 
    $ kubectl logs POD_NAME -n NAMESPACE --since=1h --tail=500
$ kubectl logs POD_NAME -n NAMESPACE --since-time="2025-08-16T10:00:00Z"
$ kubectl logs POD_NAME -n NAMESPACE --limit-bytes=500000
  3. Get logs from the previous container instance (after a crash/restart): 
    $ kubectl logs POD_NAME -n NAMESPACE --previous
$ kubectl logs POD_NAME -c CONTAINER_NAME -n NAMESPACE --previous
  4. Logs for many pods at once (label selector). Requires a recent kubectl: 
    $ kubectl logs -n NAMESPACE -l app=web --all-containers=true -f --tail=50 --max-log-requests=5
    Controller shortcut (kubectl will pick matching pods): 
    $ kubectl logs deployment/DEPLOYMENT_NAME -n NAMESPACE --all-containers=true --tail=200
  5. Add timestamps (useful when correlating with events/metrics): 
    $ kubectl logs POD_NAME -n NAMESPACE --timestamps --tail=200
EXPERT TIP Pair --previous with kubectl describe pod to inspect restart reasons and probe failures. It’s the fastest path to root cause on CrashLoopBackOff.
HEADS-UP Pod logs are ephemeral. If you need retention or cross-pod aggregation, forward logs to a central system (ELK, Loki, whatever your platform provides).
EDITOR'S NOTE For broad, live triage I’ll start with a label-selector stream and then narrow to specific containers. If the selector flow feels clumsy, switch to stern or your platform’s log UI.

Kubernetes: How to get pod ip

Author: Cassius Adams •
  1. Quick view (shows Pod IP, node, and more): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o wide
  2. Print only the Pod IP (JSONPath): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{.status.podIP}{"\n"}'
    Dual-stack clusters (all IPs): 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{range .status.podIPs[*]}{.ip}{"\n"}{end}'
  3. List names + IPs for many pods (label selector): 
    $ kubectl get pods -n NAMESPACE -l app=web -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'
    Or a wide table with node placement: 
    $ kubectl get pods -n NAMESPACE -l app=web \
  -o custom-columns=NAME:.metadata.name,IP:.status.podIP,NODE:.spec.nodeName --no-headers
  4. See which pods back a Service (endpoints): 
    $ kubectl get endpoints SERVICE_NAME -n NAMESPACE -o wide
$ kubectl get endpointslice -n NAMESPACE -l kubernetes.io/service-name=SERVICE_NAME -o wide
  5. (Edge cases) hostNetwork pods & pending pods: 
    $ kubectl get pod POD_NAME -n NAMESPACE -o jsonpath='{.spec.hostNetwork}{"\n"}{.status.phase}{"\n"}'
    (If hostNetwork=true, Pod IP may equal the node IP. Pending pods won’t have a Pod IP yet.)
EXPERT TIP Use the Service (DNS) whenever possible. Pod IPs are great for diagnostics but they change on reschedules.
HEADS-UP CNI plugins differ. Don’t hardcode assumptions about IP families or ranges; use podIPs for dual-stack awareness.
IMPORTANT Avoid wiring apps to Pod IPs directly. You’ll lose load-balancing and resilience that Services/Headless Services provide.
EDITOR'S NOTE My default is -o wide for humans and JSONPath for scripts. When debugging odd routing, I’ll also peek at EndpointSlices—they tell the truth about where traffic’s actually going.

Kubernetes: How to list containers

Author: Cassius Adams •
  1. Overview of enumerating containers across Pods and namespaces using kubectl, JSONPath, and label selectors is being drafted — check back on 2025-09-01.

Kubernetes: How to list containers in a pod

Author: Cassius Adams •
  1. Tutorial for printing container names/images within a specific Pod (including init/ephemeral containers) is being drafted — check back on 2025-09-01.

Kubernetes: How to list pods

Author: Cassius Adams •
  1. Practical recipes for listing Pods by namespace, labels, status, and age with wide/sorted/JSON outputs is being drafted — check back on 2025-09-01.

Kubernetes: How to pause a pod

Author: Cassius Adams •
  1. Explainer on “pausing” workloads (quiesce via scale-to-zero, PDBs, and maintenance windows) is being drafted — check back on 2025-09-01.

Kubernetes: How to remove a pod

Author: Cassius Adams •
  1. Runbook for deleting Pods cleanly (grace periods, waiting, controller-managed replacements, and safety checks) is being drafted — check back on 2025-09-01.

Kubernetes: How to restart a pod

Author: Cassius Adams •
  1. Clear guidance on restarting Pods safely (controller rollouts vs manual delete, readiness, and probes) is being drafted — check back on 2025-09-01.

Kubernetes: How to restart pod

Author: Cassius Adams •
  1. A concise restart checklist (rollout restart, disruption controls, and rollback strategy) is being drafted — check back on 2025-09-01.

Kubernetes: How to ssh into pod

Author: Cassius Adams •
  1. Best-practice note on why SSH isn’t used in Pods and how to use kubectl exec/debug instead is being drafted — check back on 2025-09-01.

Kubernetes: How to start a pod

Author: Cassius Adams •
  1. Starter guide on creating Pods from YAML and via kubectl run, with readiness and resource tips, is being drafted — check back on 2025-09-01.

Kubernetes: How to stop a pod

Author: Cassius Adams •
  1. How-to on graceful termination (delete vs scale, terminationGracePeriodSeconds, and waiting) is being drafted — check back on 2025-09-01.

Kubernetes: How to stop pod

Author: Cassius Adams •
  1. Quick reference for stopping Pods safely (graceful delete, wait, and controller behavior) is being drafted — check back on 2025-09-01.

Deployments

Deployments manage stateless workloads with rolling updates, rollbacks, and controlled restarts. Learn safe image updates, scaling, rollout monitoring, and diagnosing stuck or failing rollouts.

Kubernetes: How to trigger cronjob (kubectl)

Author: Cassius Adams •
  1. Tutorial on on-demand CronJob runs (create Job from CronJob, backfills, and labeling) is being drafted — check back on 2025-09-01.

Kubernetes: How to delete a deployment

Author: Cassius Adams •
  1. Guide to removing Deployments cleanly (propagation policy, ReplicaSets, and rollback considerations) is being drafted — check back on 2025-09-01.

Kubernetes: How to delete job

Author: Cassius Adams •
  1. Steps for deleting Jobs and their Pods safely (activeDeadlineSeconds/completions impacts) are being drafted — check back on 2025-09-01.

Kubernetes: How to deploy a pod

Author: Cassius Adams •
  1. Best practices for deploying Pods (why to prefer Deployments, YAML examples, and probes/resources) are being drafted — check back on 2025-09-01.

Kubernetes: How to deploy docker image

Author: Cassius Adams •
  1. Walkthrough for deploying a container image (create deployment, imagePullSecrets, and rollout checks) is being drafted — check back on 2025-09-01.

Kubernetes: How to disable cronjob

Author: Cassius Adams •
  1. Short guide to suspending CronJobs (spec.suspend), auditing schedules, and resuming later is being drafted — check back on 2025-09-01.

Kubernetes: How to edit deployment

Author: Cassius Adams •
  1. Editing Deployments safely (kubectl edit/patch/apply, drift with GitOps, and rollouts) is being drafted — check back on 2025-09-01.

Kubernetes: How to restart a deployment

Author: Cassius Adams •
  1. Procedures for kubectl rollout restart, monitoring status, and handling PDB/disruption budgets are being drafted — check back on 2025-09-01.

Kubernetes: How to restart a job

Author: Cassius Adams •
  1. Patterns to rerun Jobs (recreate Job, delete Pods, or trigger from CronJob) are being drafted — check back on 2025-09-01.

Kubernetes: How to restart statefulset

Author: Cassius Adams •
  1. Full walkthrough on restarting StatefulSets with ordered rolling updates and PVC safety is being drafted — check back on 2025-09-01.

Kubernetes: How to rerun a job

Author: Cassius Adams •
  1. How-to on recreating or cloning Jobs for another run, including parallelism and backoff tips, is being drafted — check back on 2025-09-01.

Kubernetes: How to run a job

Author: Cassius Adams •
  1. Quickstart for creating and running Jobs (completions, parallelism, TTL after finish) is being drafted — check back on 2025-09-01.

Kubernetes: How to stop a deployment

Author: Cassius Adams •
  1. Instructions for pausing traffic by scaling Deployments to zero and resuming gracefully are being drafted — check back on 2025-09-01.

Kubernetes: How to trigger cronjob

Author: Cassius Adams •
  1. Notes on ad-hoc triggering of CronJobs (one-off runs, parameterization, and history limits) are being drafted — check back on 2025-09-01.

Kubernetes: How to trigger job

Author: Cassius Adams •
  1. Reference for on-demand Job execution (from image/args/env) with observability hooks is being drafted — check back on 2025-09-01.

Kubernetes: How to update deployment

Author: Cassius Adams •
  1. Playbook for updating Deployments (set image/env, canary/blue-green, monitoring rollout/rollback) is being drafted — check back on 2025-09-01.

Services & Networking

Stable virtual IPs and DNS for Pods. Test inside the cluster, port-forward locally, or expose externally with NodePort/LoadBalancer.

Kubernetes: How to access service

Author: Cassius Adams •
  1. Guide to reaching Services from inside/outside the cluster (DNS, port-forward, NodePort/LB) is being drafted — check back on 2025-09-01.

Kubernetes: How to access clusterip service

Author: Cassius Adams •
  1. Practical ways to access ClusterIP Services (in-cluster curl, debug pods, and port-forward) are being drafted — check back on 2025-09-01.

Kubernetes: How to curl a service

Author: Cassius Adams •
  1. Examples for curling Services by DNS/port, headers, and tracing failures are being drafted — check back on 2025-09-01.

Kubernetes: How to expose a service

Author: Cassius Adams •
  1. Tutorial on exposing Pods via Service types (ClusterIP/NodePort/LoadBalancer) with examples is being drafted — check back on 2025-09-01.

Kubernetes: How to expose port

Author: Cassius Adams •
  1. How-to on mapping container ports to Services and creating exposure with kubectl expose is being drafted — check back on 2025-09-01.

Kubernetes: How to get external ip

Author: Cassius Adams •
  1. Steps for discovering external IPs on LoadBalancer/Ingress Services and waiting for provisioning are being drafted — check back on 2025-09-01.

Kubernetes: How to get service url

Author: Cassius Adams •
  1. Reference for constructing Service URLs (cluster DNS, Ingress hosts, and port schemes) is being drafted — check back on 2025-09-01.

Kubernetes: How to port forward

Author: Cassius Adams •
  1. Port-forwarding playbook for Pods/Services with troubleshooting tips is being drafted — check back on 2025-09-01.

Kubernetes: How to restart a service

Author: Cassius Adams •
  1. Explanation of “restarting a Service” (stateless VIP) and restarting backing Deployments instead is being drafted — check back on 2025-09-01.

Ingress

HTTP(S) routing to Services with host/path rules; TLS termination and traffic control policies.

Kubernetes: How to access ingress

Author: Cassius Adams •
  1. Guide to reaching Ingress endpoints (hostnames, TLS, curl with SNI, and status checks) is being drafted — check back on 2025-09-01.

Kubernetes: How to configure ingress

Author: Cassius Adams •
  1. Tutorial for creating Ingress rules (paths/hosts, annotations, TLS secrets, controller notes) is being drafted — check back on 2025-09-01.

Kubernetes: How to use ingress

Author: Cassius Adams •
  1. Overview of Ingress usage patterns (blue/green, canary with annotations, and health checks) is being drafted — check back on 2025-09-01.

Config & Secrets

Manage application configuration with ConfigMaps, Secrets, and service accounts (basics).

Kubernetes: How to view configmap (kubectl)

Author: Cassius Adams •
  1. Commands for inspecting ConfigMaps (describe, -o yaml/json, and key extraction) are being drafted — check back on 2025-09-01.

Kubernetes: How to view secrets (kubectl)

Author: Cassius Adams •
  1. Safe ways to view Secret metadata and decode values responsibly (RBAC/audit tips) are being drafted — check back on 2025-09-01.

Kubernetes: How to output ConfigMap as JSON

Author: Cassius Adams •
  1. Examples for exporting ConfigMaps with -o json and JSONPath filtering are being drafted — check back on 2025-09-01.

Kubernetes: How to create secret

Author: Cassius Adams •
  1. Walkthrough for creating Secrets (generic/tls/docker-registry) with best-practice flags is being drafted — check back on 2025-09-01.

Kubernetes: How to create service account

Author: Cassius Adams •
  1. Guide to creating ServiceAccounts and binding minimal RBAC roles is being drafted — check back on 2025-09-01.

Kubernetes: How to create tls secret

Author: Cassius Adams •
  1. Steps to create TLS Secrets from cert/key files with verification tips are being drafted — check back on 2025-09-01.

Kubernetes: How to edit configmap

Author: Cassius Adams •
  1. Procedures for editing ConfigMaps (kubectl edit/patch/apply) and triggering rollouts are being drafted — check back on 2025-09-01.

Kubernetes: How to edit secret

Author: Cassius Adams •
  1. Cautions and methods for editing Secrets (decode/edit/encode) with audit and RBAC in mind are being drafted — check back on 2025-09-01.

Kubernetes: How to encrypt secrets

Author: Cassius Adams •
  1. Overview of Secret encryption at rest, KMS providers, and Sealed Secrets/SOPS workflows is being drafted — check back on 2025-09-01.

Kubernetes: How to get service account token

Author: Cassius Adams •
  1. Instructions for requesting short-lived tokens (kubectl create token) and legacy Secret tokens are being drafted — check back on 2025-09-01.

Kubernetes: How to manage secrets

Author: Cassius Adams •
  1. Secret management practices (naming, rotation, RBAC, and external stores) are being drafted — check back on 2025-09-01.

Kubernetes: How to mount configmap

Author: Cassius Adams •
  1. Examples mounting ConfigMaps as files/dirs and injecting via env/envFrom are being drafted — check back on 2025-09-01.

Kubernetes: How to mount secret

Author: Cassius Adams •
  1. How-to on mounting Secrets as volumes and referencing values with secretKeyRef is being drafted — check back on 2025-09-01.

Kubernetes: How to update configmap

Author: Cassius Adams •
  1. Playbook for updating ConfigMaps and triggering rollouts safely (checksum patterns) is being drafted — check back on 2025-09-01.

Kubernetes: How to update secret

Author: Cassius Adams •
  1. Guide to updating Secrets securely (immutable fields, rollouts, and auditing) is being drafted — check back on 2025-09-01.

Kubernetes: How to use configmap

Author: Cassius Adams •
  1. Patterns for consuming ConfigMaps (env, volume mounts, and hot-reload strategies) are being drafted — check back on 2025-09-01.

Kubernetes: How to use secrets

Author: Cassius Adams •
  1. Using Secrets safely in env/volumes, imagePullSecrets, and rotation/expiry practices is being drafted — check back on 2025-09-01.

Kubernetes: How to use service account

Author: Cassius Adams •
  1. Tutorial on attaching ServiceAccounts to Pods and scoping permissions with Roles/RoleBindings is being drafted — check back on 2025-09-01.

Kubernetes: How to view configmap

Author: Cassius Adams •
  1. Cheatsheet for viewing ConfigMaps by name/label with selective key outputs is being drafted — check back on 2025-09-01.

Kubernetes: How to view secret

Author: Cassius Adams •
  1. Careful procedures for inspecting Secret metadata and decoding values when necessary are being drafted — check back on 2025-09-01.

Kubernetes: How to convert YAML to JSON

Author: Cassius Adams •
  1. Examples converting Kubernetes manifests to JSON via kubectl and jq are being drafted — check back on 2025-09-01.

Storage

Persistent volumes and claims, snapshots, and mounting secrets/config files securely.

Kubernetes: How to access persistent volume

Author: Cassius Adams •
  1. Notes on PV/PVC relationships, pods for access, and readOnly vs readWrite modes are being drafted — check back on 2025-09-01.

Kubernetes: How to backup pvc

Author: Cassius Adams •
  1. Walkthrough of PVC backups with VolumeSnapshots, clones, and rsync strategies is being drafted — check back on 2025-09-01.

Kubernetes: How to create persistent volume

Author: Cassius Adams •
  1. Guide to defining PVs and using StorageClasses/dynamic provisioning is being drafted — check back on 2025-09-01.

Kubernetes: How to delete persistent volume

Author: Cassius Adams •
  1. Steps for PV deletion with reclaimPolicy (Delete/Retain/Recycle) and safety checks are being drafted — check back on 2025-09-01.

Kubernetes: How to list pvc

Author: Cassius Adams •
  1. Cheatsheet for listing PVCs by storage class, capacity, and binding status is being drafted — check back on 2025-09-01.

Kubernetes: How to mount a file

Author: Cassius Adams •
  1. Examples for mounting single files via projected volumes, subPath, and ConfigMap/Secret keys are being drafted — check back on 2025-09-01.

Kubernetes: How to mount pvc

Author: Cassius Adams •
  1. Tutorial on attaching PVCs to Pods via volumes/volumeMounts with access modes is being drafted — check back on 2025-09-01.

Kubernetes: How to mount volume

Author: Cassius Adams •
  1. Overview of mounting volumes (emptyDir, hostPath, PVC, config/secret) with examples is being drafted — check back on 2025-09-01.

RBAC & Security

Identity and permissions: service accounts, tokens, and secure access patterns.

Nodes & Scheduling

Node lifecycle, labels, taints/tolerations, draining and capacity management.

Kubernetes: How to how many master nodes

Author: Cassius Adams •
  1. HA control plane sizing primer (1 vs 3+ nodes, quorum, and failure domains) is being drafted — check back on 2025-09-01.

Kubernetes: How to how many pods per node

Author: Cassius Adams •
  1. Guide to max Pods per node (kubelet --max-pods, CNI/IPAM limits, and tuning) is being drafted — check back on 2025-09-01.

Kubernetes: How to add node

Author: Cassius Adams •
  1. Procedures for joining worker nodes (kubeadm join/managed node pools) are being drafted — check back on 2025-09-01.

Kubernetes: How to drain a node

Author: Cassius Adams •
  1. Runbook for cordon/drain/uncordon with PDBs, DaemonSets, and disruptions is being drafted — check back on 2025-09-01.

Kubernetes: How to get node ip

Author: Cassius Adams •
  1. Tips for finding node Internal/External IPs via kubectl and JSONPath are being drafted — check back on 2025-09-01.

Kubernetes: How to join node

Author: Cassius Adams •
  1. Kubeadm join flow and managed cluster node-pool onboarding notes are being drafted — check back on 2025-09-01.

Kubernetes: How to label nodes

Author: Cassius Adams •
  1. How-to on adding/removing node labels and selecting them in scheduling is being drafted — check back on 2025-09-01.

Kubernetes: How to move pod to another node

Author: Cassius Adams •
  1. Approaches for relocating Pods (drain, taints/affinity, and disruption planning) are being drafted — check back on 2025-09-01.

Kubernetes: How to remove node from cluster

Author: Cassius Adams •
  1. Checklist for decommissioning nodes (cordon/drain, node delete, cloud cleanup) is being drafted — check back on 2025-09-01.

Kubernetes: How to remove taint

Author: Cassius Adams •
  1. Commands and patterns for removing taints (and verifying tolerations) are being drafted — check back on 2025-09-01.

Kubernetes: How to restart a node

Author: Cassius Adams •
  1. Runbook for rebooting nodes safely (cordon/drain, maintenance mode, post-checks) is being drafted — check back on 2025-09-01.

Kubernetes: How to taint a node

Author: Cassius Adams •
  1. Tutorial on applying taints (NoSchedule/NoExecute/PreferNoSchedule) and testing effects is being drafted — check back on 2025-09-01.

Autoscaling & Resources

Horizontal Pod Autoscaler and manual scaling to match demand and SLOs.

Kubernetes: How to autoscale

Author: Cassius Adams •
  1. Intro to HPA configuration, metrics targets, and verifying scale events is being drafted — check back on 2025-09-01.

Kubernetes: How to scale down pods

Author: Cassius Adams •
  1. Guide to scaling down Deployments/StatefulSets safely (PDBs and draining traffic) is being drafted — check back on 2025-09-01.

Kubernetes: How to scale pods

Author: Cassius Adams •
  1. How-to on manual scaling with kubectl scale and monitoring results is being drafted — check back on 2025-09-01.

Troubleshooting & Observability

Logs, events, versions, cluster diagnostics, and common checks.

Kubernetes: How to tail logs (kubectl)

Author: Cassius Adams •
  1. Recipes for tailing logs live (-f, --tail, multi-container selection, time ranges) are being drafted — check back on 2025-09-01.

Kubernetes: How to view logs (kubectl)

Author: Cassius Adams •
  1. Overview of fetching logs by Pod/label/namespace with useful filters is being drafted — check back on 2025-09-01.

Kubernetes: How to watch logs (kubectl)

Author: Cassius Adams •
  1. How-to for live log streaming across containers and previous restarts is being drafted — check back on 2025-09-01.

Kubernetes: How to backup etcd

Author: Cassius Adams •
  1. Playbook for etcd snapshots, storage, and restore validation (etcdctl) is being drafted — check back on 2025-09-01.

Kubernetes: How to check pod logs

Author: Cassius Adams •
  1. Triage guide for inspecting Pod logs with container selection and timestamps is being drafted — check back on 2025-09-01.

Kubernetes: How to check pod memory usage

Author: Cassius Adams •
  1. Using metrics to view Pod/container memory (kubectl top, metrics-server, scraping) is being drafted — check back on 2025-09-01.

Kubernetes: How to check version

Author: Cassius Adams •
  1. Commands for checking kubectl/server versions and feature-gate awareness are being drafted — check back on 2025-09-01.

Kubernetes: How to create a cluster

Author: Cassius Adams •
  1. Primer on creating clusters (managed vs kubeadm vs local) with pros/cons is being drafted — check back on 2025-09-01.

Kubernetes: How to deploy

Author: Cassius Adams •
  1. High-level deployment flow (apply manifests, watch rollouts, verify health) is being drafted — check back on 2025-09-01.

Kubernetes: How to find out why a pod restarted

Author: Cassius Adams •
  1. Checklist using events, lastState/terminated, and OOM/crash clues is being drafted — check back on 2025-09-01.

Kubernetes: How to force image pull

Author: Cassius Adams •
  1. Techniques for forcing new image pulls (policy, digest pins, Pod restarts) are being drafted — check back on 2025-09-01.

Kubernetes: How to get started

Author: Cassius Adams •
  1. Newcomer roadmap (install kubectl, connect to a cluster, first apply/get/describe) is being drafted — check back on 2025-09-01.

Kubernetes: How to list images

Author: Cassius Adams •
  1. Commands to list container images used in Pods across namespaces with JSONPath are being drafted — check back on 2025-09-01.

Kubernetes: How to login

Author: Cassius Adams •
  1. Overview of authenticating to clusters (kubeconfig contexts, cloud plugins, SSO) is being drafted — check back on 2025-09-01.

Kubernetes: How to pull image

Author: Cassius Adams •
  1. Notes on image pulls in Kubernetes (credentials, imagePullPolicy, pre-pull strategies) are being drafted — check back on 2025-09-01.

Kubernetes: How to pull local docker image

Author: Cassius Adams •
  1. Guide to using local images with Kind/Minikube registries and pull policies is being drafted — check back on 2025-09-01.

Kubernetes: How to setup

Author: Cassius Adams •
  1. Environment setup checklist (kubectl, kubeconfig, context, and autocompletion) is being drafted — check back on 2025-09-01.

Kubernetes: How to start

Author: Cassius Adams •
  1. First steps after connecting to a cluster (namespaces, get/describe/apply basics) are being drafted — check back on 2025-09-01.

Kubernetes: How to upgrade

Author: Cassius Adams •
  1. Overview of cluster and workload upgrades (versions, drain windows, rollbacks) is being drafted — check back on 2025-09-01.

Kubernetes: How to use

Author: Cassius Adams •
  1. Kubernetes essentials overview (resources, controllers, and common workflows) is being drafted — check back on 2025-09-01.

Kubernetes: How to use local docker image

Author: Cassius Adams •
  1. Tutorial for pushing local images to an in-cluster registry and referencing them in Pods is being drafted — check back on 2025-09-01.

Kubernetes: How to view logs

Author: Cassius Adams •
  1. Covers basic log retrieval, multi-container selection, and filtering/since options — check back on 2025-09-01.

Contexts & Kubeconfig

Switch clusters/namespaces and manage kubeconfig credentials safely.

Kubernetes: How to add context (kubectl)

Author: Cassius Adams •
  1. Commands for creating and switching kubeconfig contexts with namespaces are being drafted — check back on 2025-09-01.

Kubernetes: How to install (kubectl)

Author: Cassius Adams •
  1. Install guides for kubectl on macOS/Linux/Windows with checksum verification are being drafted — check back on 2025-09-01.

Kubernetes: How to install windows (kubectl)

Author: Cassius Adams •
  1. Windows-specific kubectl installation via winget/choco/scoop with PATH setup is being drafted — check back on 2025-09-01.

Kubernetes: How to change namespace

Author: Cassius Adams •
  1. How-to for switching the active namespace (current context vs per-command flags) is being drafted — check back on 2025-09-01.

Kubernetes: How to get cluster name

Author: Cassius Adams •
  1. Tips for discovering the current cluster/context and mapping to cloud resources are being drafted — check back on 2025-09-01.

Kubernetes: How to get kubeconfig

Author: Cassius Adams •
  1. Obtaining kubeconfig files from managed platforms and merging contexts is being drafted — check back on 2025-09-01.

Kubernetes: How to install

Author: Cassius Adams •
  1. High-level install paths (managed clusters, kubeadm, local dev) with prerequisites are being drafted — check back on 2025-09-01.

Kubernetes: How to install calico

Author: Cassius Adams •
  1. Network plugin install overview (Calico manifest apply, prerequisites, verification) is being drafted — check back on 2025-09-01.

Kubernetes: How to install crd

Author: Cassius Adams •
  1. Instructions for installing CustomResourceDefinitions and verifying readiness are being drafted — check back on 2025-09-01.

Kubernetes: How to install helm

Author: Cassius Adams •
  1. Helm installation and first-use (repos, charts, values) quickstart is being drafted — check back on 2025-09-01.

Kubernetes: How to set namespace

Author: Cassius Adams •
  1. Setting the default namespace on the current context and verifying it is being drafted — check back on 2025-09-01.

Kubernetes: How to switch namespace

Author: Cassius Adams •
  1. Switching namespaces per command versus updating kubeconfig context is being drafted — check back on 2025-09-01.

Namespaces

Organize workloads and policies with namespace scoping.

Kubernetes: How to create namespace

Author: Cassius Adams •
  1. Guide to creating namespaces with labels/annotations and default quotas is being drafted — check back on 2025-09-01.

Kubernetes: How to delete namespace

Author: Cassius Adams •
  1. Procedures for namespace deletion, finalizer cleanup, and waiting strategies are being drafted — check back on 2025-09-01.

Kubernetes: How to list namespaces

Author: Cassius Adams •
  1. Cheatsheet for listing namespaces and filtering by labels/status is being drafted — check back on 2025-09-01.