Kubernetes exception? Don’t worry, 100 commands are here to rescue you

Follow the [Cloud Native Treasure Box] official account to quickly master cloud native

This article is a guide on using Kubectl for Kubernetes diagnostics. The author lists 100 Kubectl commands that are useful for diagnosing issues in Kubernetes clusters. These issues include but are not limited to:

• Cluster information
• Pod diagnostics
• Service diagnostics
• Deployment diagnostics
• Network diagnostics
• Persistent Volumes and Persistent Volume Claims Diagnostics
• Resource usage
• Security and authorization
• Node troubleshooting
• Other diagnostic commands: The article also mentions many other commands, such as resource expansion and auto-expansion, job and scheduled job diagnostics, Pod affinity and anti-affinity rules, RBAC and security, service account diagnostics, node draining and unscheduling Empty, resource cleanup, etc.

Cluster information:

1. Show Kubernetes version:kubectl version
2. Display cluster information:kubectl cluster-info
3. List all nodes in the cluster:kubectl get nodes
4. View details of a specific node:kubectl describe node <node-name>
5. List all namespaces:kubectl get namespaces
6. List all pods in all namespaces:kubectl get pods --all-namespaces

Pod diagnostics:

1. List pods in a specific namespace:kubectl get pods -n <namespace>
2. View details of a Pod:kubectl describe pod <pod-name> -n <namespace>
3. View Pod logs:kubectl logs <pod-name> -n <namespace>
4. Tail Pod log:kubectl logs -f <pod-name> -n <namespace>
5. Execute the command in the pod:kubectl exec -it <pod-name> -n <namespace> -- <command>

Pod health check:

1. Check Pod readiness:kubectl get pods <pod-name> -n <namespace> -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
2. Check Pod events:kubectl get events -n <namespace> --field-selector involvedObject.name=<pod-name>

Service diagnosis:

1. List all services in the namespace:kubectl get svc -n <namespace>
2. View details of a service:kubectl describe svc <service-name> -n <namespace>

Deployment diagnostics:

1. List all Deployments in the namespace:kubectl get deployments -n <namespace>
2. View a Deployment details:kubectl describe deployment <deployment-name> -n <namespace>
3. View rolling release status:kubectl rollout status deployment/<deployment-name> -n <namespace>
4. View rolling release history:kubectl rollout history deployment/<deployment-name> -n <namespace>

StatefulSet diagnostics:

1. List all StatefulSets in the namespace:kubectl get statefulsets -n <namespace>
2. View the details of a StatefulSet:kubectl describe statefulset <statefulset-name> -n <namespace>

ConfigMap and Secret diagnostics:

1. List ConfigMap in namespace:kubectl get configmaps -n <namespace>
2. View details of a ConfigMap:kubectl describe configmap <configmap-name> -n <namespace>
3. List Secrets in a namespace:kubectl get secrets -n <namespace>
4. View the details of a Secret:kubectl describe secret <secret-name> -n <namespace>

Namespace diagnostics:

1. View details of a namespace:kubectl describe namespace <namespace-name>

Resource usage:

1. Check a pod's resource usage:kubectl top pod <pod-name> -n <namespace>
2. Check node resource usage:kubectl top nodes

Network diagnostics:

1. Display the IP addresses of Pods in the namespace:kubectl get pods -n <namespace> -o custom-columns=POD:metadata.name,IP:status.podIP --no-headers
2. List all network policies in the namespace:kubectl get networkpolicies -n <namespace>
3. View details of a network policy:kubectl describe networkpolicy <network-policy-name> -n <namespace>

Persistent Volume (PV) and Persistent Volume Claim (PVC) diagnostics:

1. List PVs:kubectl get pv
2. View details of a PV:kubectl describe pv <pv-name>
3. List PVCs in a namespace:kubectl get pvc -n <namespace>
4. View PVC details:kubectl describe pvc <pvc-name> -n <namespace>

Node diagnostics:

1. Get a list of Pods running on a specific node:kubectl get pods --field-selector spec.nodeName=<node-name> -n <namespace>

Resource quotas and limits:

1. List resource quotas in a namespace:kubectl get resourcequotas -n <namespace>
2. View a resource quota details:kubectl describe resourcequota <resource-quota-name> -n <namespace>

Custom resource definition (CRD) diagnostics:

1. List custom resources in a namespace:kubectl get <custom-resource-name> -n <namespace>
2. View custom resource details:kubectl describe <custom-resource-name> <custom-resource-instance-name> -n <namespace>

When using a trivial command, read the command<namespace>, <pod-name>, <service-name>, <deployment-name>, <statefulset-name>, <configmap-name>, <secret-name>, <namespace-name>, <pv-name>, <pvc-name>, <node-name>, <network-policy-name>, <resource-quota-name>, <custom-resource-name>, Specification for Japanese exchange.

<custom-resource-instance-name>These commands should help you diagnose your Kubernetes cluster and the applications running in it.

Resource scaling and automatic scaling

1. Deployment scaling:kubectl scale deployment <deployment-name> --replicas=<replica-count> -n <namespace>
2. Set the automatic scaling of the Deployment:kubectl autoscale deployment <deployment-name> --min=<min-pods> --max=<max-pods> --cpu-percent=<cpu-percent> -n <namespace>
3. Check the retractor status:kubectl get hpa -n <namespace>

Job and CronJob diagnostics:

1. List all jobs in a namespace:kubectl get jobs -n <namespace>
2. View details of a job:kubectl describe job <job-name> -n <namespace>
3. List all cron jobs in the namespace:kubectl get cronjobs -n <namespace>
4. View details of a cron job:kubectl describe cronjob <cronjob-name> -n <namespace>

Capacity Diagnosis:

1. List persistent volumes (PVs) sorted by capacity:kubectl get pv --sort-by=.spec.capacity.storage
2. View PV recycling strategies:kubectl get pv <pv-name> -o=jsonpath='{.spec.persistentVolumeReclaimPolicy}'
3. List all storage classes:kubectl get storageclasses

Ingress and service mesh diagnostics:

1. List all Ingresses in the namespace:kubectl get ingress -n <namespace>
2. View the details of an Ingress:kubectl describe ingress <ingress-name> -n <namespace>
3. List all VirtualServices (Istio) in the namespace:kubectl get virtualservices -n <namespace>
4. View details of a VirtualService (Istio):kubectl describe virtualservice <virtualservice-name> -n <namespace>

Troubleshooting Pod Networking:

1. Run a network diagnostic pod (such as busybox) to debug:kubectl run -it --rm --restart=Never --image=busybox net-debug-pod -- /bin/sh
2. Test connectivity from a Pod to a specific endpoint:kubectl exec -it <pod-name> -n <namespace> -- curl <endpoint-url>
3. Trace the network path from one Pod to another:kubectl exec -it <source-pod-name> -n <namespace> -- traceroute <destination-pod-ip>
4. Check the Pod's DNS resolution:kubectl exec -it <pod-name> -n <namespace> -- nslookup <domain-name>

Configuration and resource verification:

1. Validate a Kubernetes YAML file without applying it:kubectl apply --dry-run=client -f <yaml-file>
2. Verify the pod's security context and capabilities:kubectl auth can-i list pods --as=system:serviceaccount:<namespace>:<serviceaccount-name>

RBAC and security:

1. List roles and role bindings in a namespace:kubectl get roles,rolebindings -n <namespace>
2. View character or character binding details:kubectl describe role <role-name> -n <namespace>

Service account diagnostics:

1. List the service accounts in the namespace:kubectl get serviceaccounts -n <namespace>
2. View a service account details:kubectl describe serviceaccount <serviceaccount-name> -n <namespace>

Clear nodes and unblock:

1. Clear the node for maintenance:kubectl drain <node-name> --ignore-daemonsets
2. Unblock a node:kubectl uncordon <node-name>

Resource cleanup:

1. Forcefully delete a pod (not recommended):kubectl delete pod <pod-name> -n <namespace> --grace-period=0 --force

Pod affinity and anti-affinity:

1. List pod affinity rules for a pod:kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.affinity}'
2. List pod anti-affinity rules for a pod:kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.affinity.podAntiAffinity}'

Pod Security Policy (PSP):

1. List all Pod security policies (if enabled):kubectl get psp

event:

1. View recent cluster events:kubectl get events --sort-by=.metadata.creationTimestamp
2. Filter events by a specific namespace:kubectl get events -n <namespace>

Node troubleshooting:

1. Check the node status:kubectl describe node <node-name> | grep Conditions -A5
2. List node capacity and allocable resources:kubectl describe node <node-name> | grep -E "Capacity|Allocatable"

Ephemeral containers (Kubernetes 1.18+):

1. Run a temporary debug container:kubectl debug -it <pod-name> -n <namespace> --image=<debug-image> -- /bin/sh

Resource metrics (requires metrics server):

1. Get the CPU and memory usage of a Pod:kubectl top pod -n <namespace>

kuelet diagnostics:

1. View the kubelet log on the node:kubectl logs -n kube-system kubelet-<node-name>

Advanced debugging using Telepresence:

1. Debugging pods using Telepresence:telepresence --namespace <namespace> --swap-deployment <pod-name>

Kubeconfig and context:

1. List available contexts:kubectl config get-contexts
2. Switch to a different context:kubectl config use-context <context-name>

Pod security standard (PodSecurity admission controller):

1. List PodSecurityPolicy (PSP) violations:kubectl get psp -A | grep -vE 'NAME|REVIEWED'

Pod Disruption Budget (PDB) diagnostics:

1. List all PDBs in the namespace:kubectl get pdb -n <namespace>
2. View details of a PDB:kubectl describe pdb <pdb-name> -n <namespace>

Resource lock diagnostics (if using resource locks):

1. List resource locks in a namespace:kubectl get resourcelocks -n <namespace>

Service endpoints and DNS:

1. List service endpoints for a service:kubectl get endpoints <service-name> -n <namespace>
2. Check the DNS configuration in the Pod:kubectl exec -it <pod-name> -n <namespace> -- cat /etc/resolv.conf

Custom indicators (Prometheus, Grafana):

1. Query Prometheus indicators: Usedkubectl port-forward to access Prometheus and Grafana services to query custom indicators.

Pod priority and preemption:

1. List priorities:kubectl get priorityclasses

Pod overhead (Kubernetes 1.18+):

1. List the overhead in a pod:kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.overhead}'

Storage volume snapshot diagnostics (if using storage volume snapshots):

1. List storage volume snapshots:kubectl get volumesnapshot -n <namespace>
2. View storage volume snapshot details:kubectl describe volumesnapshot <snapshot-name> -n <namespace>

Resource deserialization diagnostics:

1. Deserialize and print Kubernetes resources:kubectl get <resource-type> <resource-name> -n <namespace> -o=json

Node taint:

1. List node taints:kubectl describe node <node-name> | grep Taints

Change and verify webhook configuration:

1. List variant webhook configurations:kubectl get mutatingwebhookconfigurations
2. List the authentication webhook configuration:kubectl get validatingwebhookconfigurations

Pod network policy:

1. List pod network policies in a namespace:kubectl get networkpolicies -n <namespace>

Node conditions (Kubernetes 1.17+):

1. Custom query output:kubectl get nodes -o custom-columns=NODE:.metadata.name,READY:.status.conditions[?(@.type=="Ready")].status -l 'node-role.kubernetes.io/worker='

Audit log:

1. Retrieve audit logs (if enabled): Check the Kubernetes audit log configuration to learn the location of the audit logs.

Node operating system details:

1. Get the operating system information of the node:kubectl get node <node-name> -o jsonpath='{.status.nodeInfo.osImage}'

These commands should cover various diagnostic scenarios in Kubernetes. Make sure to replace placeholders like <namespace>, <pod-name>, <deployment-name>, etc. with actual values ​​for your cluster and use case.