kubectl, you’re just guessing in production.
For AWS DevOps engineers, knowing how to inspect clusters, debug pods, scale deployments, secure secrets, and monitor resources — all through kubectl — separates real operators from those who break things on Friday nights.
This guide cuts through generic cheat sheets. You’ll get 10 proven kubectl commands, explained line by line, with real-world AWS context, troubleshooting tips, and best practices for 2025 and beyond.
Whether you’re handling an Amazon EKS cluster, building CI/CD pipelines, or firefighting stuck pods at 3 AM, this hands-on walkthrough will sharpen your skills and help you manage Kubernetes with confidence.
Ready to master kubectl like a pro? Let’s get started.
Kubernetes Management Categories & Core Commands
Before you run your first kubectl command, it’s critical to understand how Kubernetes tasks break down in real life.
Think of these as pillars — each one serves a purpose in keeping clusters healthy, secure, and under control.
1. Cluster Management
Definition:
Cluster Management covers commands to inspect, verify, and manage the entire cluster’s state.
This includes nodes, services, API server status, and overall connectivity.
Why it matters:
You can’t debug pods if your cluster control plane is down or nodes are unschedulable.
Key commands:
kubectl cluster-info # Show cluster endpoints (API server, DNS)
kubectl config # Manage kubeconfig files and contexts
kubectl version # Check client/server version mismatch
kubectl get nodes # List all nodes and their status
kubectl get pods # See all pods in default or all namespaces
kubectl get services # View running services (ClusterIP, LoadBalancer)
2. Pod Management
Definition:
Pod Management handles lifecycle tasks for your actual workloads: starting, inspecting, logging, or killing pods.
Why it matters:
Key commands:
kubectl create pod # Imperatively create a test pod (not typical for prod)
kubectl get pods # List running pods
kubectl describe pod # Inspect pod conditions & events
kubectl logs # View container logs
kubectl exec # Open a shell or run a command inside a container
kubectl delete pod # Terminate a pod (will be replaced if managed by a Deployment)
3. Resource Monitoring
Definition:
Resource Monitoring helps you track usage of CPU, memory, and quotas. It ensures that workloads don’t overwhelm your cluster.
Why it matters:
Without monitoring, you can’t catch resource hogs or enforce limits — this leads to noisy neighbor problems or node crashes.
Key commands:
kubectl top nodes # Show CPU/memory usage by node
kubectl top pods # Show resource usage by pod
kubectl get quota # Check resource quotas applied to a namespace
kubectl describe # Get detailed specs for any resource (pods, nodes, deployments)
4. Service Management
Definition:
Service Management commands handle how your applications communicate internally or expose themselves externally.
Why it matters:
Services connect pods together, handle DNS, and expose workloads to the world via LoadBalancers or Ingress.
Key commands:
kubectl create service # Create a service (ClusterIP, NodePort, LoadBalancer)
kubectl get services # List existing services
kubectl expose # Expose a deployment as a service
kubectl describe service # Inspect endpoints, ports, selectors
kubectl delete service # Remove a service
kubectl port-forward # Forward local port to a pod for debugging
5. Configuration & Secrets
Definition:
These commands manage ConfigMaps and Secrets: ways to inject environment variables, config files, and sensitive data securely.
Why it matters:
Hardcoding configs in images is bad practice — use ConfigMaps & Secrets for flexibility and security.
Key commands:
kubectl create configmap # Create a new ConfigMap
kubectl get configmaps # List ConfigMaps in namespace
kubectl create secret # Create a Secret for sensitive data
kubectl get secrets # List Secrets in namespace
kubectl describe configmap# Inspect ConfigMap contents
kubectl describe secret # Inspect Secret details (base64 encoded)
6. Deployment Management
Definition:
Deployment Management covers controllers that handle rolling updates, scaling, rollback, and versioning.
Why it matters:
This is your way to declaratively manage desired state — so pods are automatically recreated and scaled properly.
Key commands:
kubectl create deployment # Imperatively spin up a Deployment
kubectl get deployments # List Deployments
kubectl scale # Manually scale replicas
kubectl rollout status # Check rollout progress
kubectl rollout history # View rollout revisions
kubectl delete deployment # Remove a Deployment resource
7. Namespace Management
Definition:
Namespaces logically isolate resources in the same cluster — think dev vs staging vs prod.
Why it matters:
They prevent accidental cross-environment impact and help manage RBAC policies cleanly.
Key commands:
kubectl create namespace # Make a new namespace
kubectl get namespaces # List all namespaces
kubectl describe namespace # Inspect namespace labels/annotations
kubectl delete namespace # Remove a namespace (careful!)
kubectl apply -n <namespace> # Apply resources to a specific namespace
kubectl switch -n <namespace> # Change current namespace in your context
Each category serves a unique piece of your Kubernetes puzzle:
- Cluster health
- Workload lifecycle
- Config & secrets
- Networking
- Isolation & governance
- Safe automation at scale
- Why This Guide Exists
- Declarative vs Imperative: Get This Right First
- Cluster Info & Contexts: Always Know Where You Are
- Namespaces: Safe Workload Isolation
- Pods: Create, Debug, Exec — The Right Way
kubectl cp: Moving Files In & Out- Labels & Selectors: Operate Intelligently
- Deployments: Rollouts, Rollbacks, YAML & Idempotency
- Resource Monitoring:
top, Quotas, Limits - ConfigMaps & Secrets: Secure Config Management
- Services: Exposing & Debugging Workloads
- RBAC & Auth: Don’t Skip It
- Advanced Debugging: Events, Taints, Drains
- EKS Specifics: IAM, IRSA, Secure Pipelines
- Plugins, Aliases & Tools: Be Efficient
- Official References
- Conclusion
1. Why This Guide Exists
kubectl is the knife in your DevOps toolkit — indispensable, sharp, and dangerous if misused.
This isn’t a copy-paste cheat sheet — it’s the practical wisdom that keeps production clusters safe, teams aligned, and on-call nights peaceful.
2 . Declarative vs Imperative
“Imperative commands fix things now. Declarative configs keep them fixed forever.”
1. Imperative: kubectl create pod, kubectl delete pod.
- Fast for troubleshooting.
- Risky for production if you forget GitOps.
2.Declarative:
kubectl apply -f deployment.yaml.- Desired state in version control.
- Safer, repeatable, auditable.
💡 Why It Matters:
Imperative is for now. Declarative is for always.
- Don’t rely on
kubectl runfor production. - Always store YAML in Git.
- Automate deployments through pipelines.
# Apply a manifest (declarative)
kubectl apply -f deployment.yaml
# Dry-run first: does it make sense before you break prod?
kubectl apply -f deployment.yaml --dry-run=client
# Show the diff: what exactly will change?
kubectl diff -f deployment.yaml
📚 Kubernetes Docs: Imperative vs Declarative
3. Cluster Info & Contexts
# Get API server info & cluster endpoints
kubectl cluster-info
# Check your nodes' status
kubectl get nodes
# List all pods across namespaces — don't miss kube-system pods
kubectl get pods --all-namespaces
# List all contexts your kubeconfig knows
kubectl config get-contexts
# Switch to a different cluster context
kubectl config use-context my-prod-cluster
# Always double-check your current context!
kubectl config current-context
# For EKS, update kubeconfig safely
aws eks update-kubeconfig --name my-eks-cluster
📚 kubectl config
4. Namespaces
# List all namespaces
kubectl get namespaces
# Create a new namespace for isolation
kubectl create namespace dev
# Delete a namespace (careful!)
kubectl delete namespace dev
# List pods only in a specific namespace
kubectl get pods -n dev
# Set a default namespace for your context
kubectl config set-context --current --namespace=dev
📚 Namespaces
5. Pods: Create, Debug, Exec
# Imperatively create a test pod
kubectl run nginx --image=nginx
# Get pod logs
kubectl logs nginx
# If you have multiple containers, pick the right one
kubectl logs nginx -c sidecar
# Check logs for the last crashed container
kubectl logs --previous nginx
# Inspect pod details & recent events
kubectl describe pod nginx
# Exec into the pod shell (for debug, not patching!)
kubectl exec -it nginx -- bash
📚 Pod Lifecycle
6.kubectl cp: Move Files
kubectl cp lets you copy files in or out — but use it carefully and know when it’s the right tool for the job.# Copy a log file FROM the pod to your local machine
kubectl cp nginx:/var/log/nginx/access.log ./access.log
# Copy a local config file INTO the pod (careful!)
kubectl cp ./myconfig.yaml nginx:/etc/nginx/myconfig.yaml
💡 Why?
For emergency debug, log extraction or hotfixes. Don’t make kubectl cp your deployment strategy!
📚 kubectl cp
7. Labels & Selectors
# Get all pods with a specific label
kubectl get pods -l app=myapp
# Bulk delete pods with a specific label
kubectl delete pods -l app=myapp
💡 Why?
Labels are your query language. Without them, you’ll waste hours hunting pod names.
📚 Labels & Selectors
8. Deployments: Rollouts & YAML
# Example Deployment YAML: store this in Git!
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25
# Check rollout status
kubectl rollout status deployment/nginx-deployment
# See rollout history
kubectl rollout history deployment/nginx-deployment
# Roll back to previous ReplicaSet version
kubectl rollout undo deployment/nginx-deployment
# Restart pods with the same spec
kubectl rollout restart deployment/nginx-deployment
📚 Deployments
9. Monitoring: top, Quotas, Limits
# Get resource usage by node
kubectl top nodes
# Get resource usage by pod
kubectl top pods
# Show active resource quotas
kubectl get resourcequota
# Inspect LimitRanges that restrict CPU/memory per pod
kubectl get limitrange
📚 Resource Management
10. ConfigMaps & Secrets
# Create ConfigMap from literal
kubectl create configmap my-config --from-literal=mode=prod
# View ConfigMaps
kubectl get configmaps
kubectl describe configmap my-config
# Create Secret (never store raw creds in YAML!)
kubectl create secret generic db-pass --from-literal=password=supersecret
# View Secrets
kubectl get secrets
kubectl describe secret db-pass
📚 ConfigMaps
📚 Secrets
11. Services & Networking
# Expose a deployment externally
kubectl expose deployment nginx-deployment --port=80 --type=LoadBalancer
# Debug internal pods locally using port-forward
kubectl port-forward pod/nginx 8080:80
📚 Services
12. RBAC & Auth
kubectl tools to verify who can do what, enforce least privilege, and stop accidental outages or data leaks.# Verify your permissions
kubectl auth can-i create pods --namespace=prod
# List all Roles in all namespaces
kubectl get roles --all-namespaces
# Describe a RoleBinding in detail
kubectl describe rolebinding my-binding
📚 RBAC
13. Advanced Debugging
kubectl tricks help you fix fast. Learn to read Events, interpret logs, cordon and drain nodes for safe maintenance, and manage taints to control scheduling.# Show cluster Events sorted by time — useful for debugging CrashLoopBackOff
kubectl get events --sort-by='.metadata.creationTimestamp'
# Cordon: mark node unschedulable for new pods
kubectl cordon node-1
# Drain: evict pods for maintenance
kubectl drain node-1 --ignore-daemonsets --force
# Inspect taints on a node
kubectl describe node node-1
📚 Node Management
14. EKS-Specific & IAM
kubectl steps alongside AWS-specific best practices like IRSA, secure kubeconfigs, and tight IAM roles for your pods.-
Use
aws eks update-kubeconfig— never share static kubeconfigs. - Use IRSA: map IAM Roles to Service Accounts for least privilege.
- Automate
kubectlsafely in CI/CD — tie to GitOps.
📚 Amazon EKS Best Practices Guide
15. Plugins, Aliases & Tools
kubectl commands over and over. This part shows you handy plugins, useful aliases, and extra tools to make working with Kubernetes faster and more reliable.# Quick alias for faster typing alias k=kubectl# Install krew plugin manager kubectl krew install neat# Use neat output to clean JSON/YAML output kubectl neat get pods# Explain resource fields kubectl explain pod.spec
- 📚 kubectl explain
- 📚 Krew
16. Official References
17. Conclusion
Mastering kubectl isn’t just about memorizing commands — it’s about understanding how to run, debug, scale, and secure Kubernetes workloads with confidence, especially in production-ready AWS environments like EKS.
By putting these proven kubectl techniques into practice — from safe context switching to advanced rollouts, secure secrets, resource monitoring, and IAM best practices — you’re not just troubleshooting, you’re operating Kubernetes the way top AWS DevOps teams do in 2025 and beyond.
Bookmark this guide, share it with your team, and revisit it when you’re in the trenches fixing pods at 2AM. The more you build muscle memory with these commands — and the mindset behind them — the better you’ll run clusters that don’t run you.
If you found this helpful, stay tuned for more real-world AWS DevOps playbooks, practical troubleshooting workflows, and advanced Kubernetes deep dives.
Subscribe, share, and keep shipping with confidence.
For more topics visit : Dev.to , Red Signals and Medium
Complete kubectl Commands Table
| Category | Command | Purpose / Usage |
|---|---|---|
| Cluster Management | kubectl cluster-info |
Display cluster endpoints and control plane info. |
kubectl config get-contexts |
List all contexts in your kubeconfig. | |
kubectl config use-context |
Switch to another cluster context. | |
kubectl config current-context |
Show the current active context. | |
kubectl version |
Check client and server versions for compatibility. | |
kubectl get nodes |
List nodes in the cluster with status. | |
kubectl get pods |
List all pods in the current namespace. | |
| Contexts & Namespaces | kubectl get namespaces |
List all namespaces in the cluster. |
kubectl create namespace |
Create a new namespace for workload isolation. | |
kubectl delete namespace |
Delete an existing namespace. | |
kubectl config set-context --current --namespace=dev |
Set default namespace for current context. | |
| Pods Management | kubectl run |
Imperatively create a pod for quick tests. |
kubectl logs |
View logs of a pod’s main container. | |
kubectl logs -c |
View logs for a specific container in a pod. | |
kubectl logs --previous |
See logs for a crashed container’s last instance. | |
kubectl describe pod |
Detailed pod info, events, conditions. | |
kubectl exec -it |
Exec into a running container for debugging. | |
kubectl delete pod |
Force delete a pod. | |
| kubectl cp | kubectl cp <src> <dest> |
Copy files to/from a pod. |
| Labels & Selectors | kubectl get pods -l <label> |
List pods matching a label selector. |
kubectl delete pods -l <label> |
Delete all pods matching a label. | |
| Deployments | kubectl create deployment |
Imperatively create a deployment. |
kubectl get deployments |
List all deployments in namespace. | |
kubectl rollout status |
Check rollout progress. | |
kubectl rollout history |
See rollout revision history. | |
kubectl rollout undo |
Roll back to a previous rollout version. | |
kubectl rollout restart |
Restart deployment pods with same spec. | |
kubectl scale |
Manually scale replicas for a deployment. | |
kubectl delete deployment |
Delete a deployment resource. | |
| Resource Monitoring | kubectl top nodes |
Show CPU/memory usage by node. |
kubectl top pods |
Show resource usage by pod. | |
kubectl get resourcequota |
List resource quotas in the namespace. | |
kubectl get limitrange |
Show LimitRanges restricting CPU/memory. | |
| Config & Secrets | kubectl create configmap |
Create a new ConfigMap from literal or file. |
kubectl get configmaps |
List ConfigMaps. | |
kubectl describe configmap |
View ConfigMap details. | |
kubectl create secret generic |
Create a generic Secret. | |
kubectl get secrets |
List Secrets. | |
kubectl describe secret |
View Secret details (base64 encoded). | |
| Services | kubectl create service |
Create a service (ClusterIP, NodePort, LoadBalancer). |
kubectl get services |
List services in namespace. | |
kubectl expose |
Expose a deployment as a new service. | |
kubectl describe service |
Inspect service endpoints, ports, selectors. | |
kubectl delete service |
Delete a service resource. | |
kubectl port-forward |
Forward local port to pod for testing/debugging. | |
| RBAC & Security | kubectl auth can-i |
Check if your user can perform an action. |
kubectl get roles |
List Roles in namespace. | |
kubectl describe rolebinding |
Inspect a RoleBinding. | |
| Advanced Debugging | kubectl get events --sort-by |
Show cluster Events sorted by time. |
kubectl cordon |
Mark node unschedulable for new pods. | |
kubectl drain |
Safely evict pods from a node for maintenance. | |
kubectl describe node |
Inspect node conditions, taints, labels. | |
| EKS Specific | aws eks update-kubeconfig |
Update local kubeconfig with EKS cluster info. |
| Plugins, Aliases & Tools | alias k=kubectl |
Shortcut for faster typing. |
kubectl krew install <plugin> |
Install a kubectl plugin with Krew. |
|
kubectl neat |
Clean up output for easier reading. | |
kubectl explain |
Show detailed API schema for a resource. |
Read these Articles too :
1. Cloud Engineer Roadmap 2025: Complete Beginner to Expert Guide
2. Inside Kubernetes: How ClusterIP Services Route Traffic to Pods
0 Comments