Kubernetes (k8s) cheatsheet

7 min read

    I recently started studying for the CKAD certification, here's my cheat sheet.

    Using minikube

    Minikube allows you to run a local instance of k8s. This is great for experimenting without the costs involved with cloud. Alternatively, you can use cloud providers like AWS, GCP or Azure. In the past, I have also used Digital Ocean's Managed Kubernetes.

    # Start minikube
    minikube start
    # SSH into cluster
    minikube ssh
    # Connect to LoadBalancer services
    minikube tunnel

    Use kubectl faster

    I suggest you also install bash completion and the k alias.

    Spot the patterns

    k get

    What you should do when you enter the exam?

    Put these in your bashrc

    # Find the number of questions (n) then
    mkdir {1..n}
    # Format question_number%weight status
    echo -e {1..n}"%\\n"
    alias k=kubectl # will already be pre-configured with autocompletion
    alias bashconfig="vim ~/.bashrc" # most important since you can edit your .bashrc quick
    alias ..="cd .."
    set -o vi # Vim keybindings in bash (or use fc command)
    # Short for "dry output"
    # k create deploy nginx --image=nginx $do
    export do="--dry-run=client -o yaml"   
    # Note: I faced this issue in zsh: https://unix.stackexchange.com/questions/19530/expanding-variables-in-zsh
    export now="--force --grace-period 0"   # k delete pod x $now
    # Switch namespaces fast
    alias kn='kubectl config set-context --current --namespace '
    kn default # set to default namespace
    kn jupiter # set to jupiter namespace
    alias what_ns="k config view -o jsonpath='{.contexts[0].context.namespace}'"

    The following settings will already be configured in your real exam environment in ~/.vimrc. But it can never hurt to be able to type these down:

    set tabstop=2
    set expandtab
    set shiftwidth=2

    Press . to repeat < or > indent action.

    Use tmux

    You can use tmux to split your terminal.


    Docker. Podman. Containderd. CRI-O.

    Staple commands

    # See resources
    k api-resources
    k api-resourced --namespaced
    # Show pods
    k get po
    k get pod
    # Show services
    k get svc
    k get service
    # Show together
    k get pod,svc
    # Generate job
    k create job sleepy --image=busybox --dry-run=client -o yaml
    # Create CronJob
    # https://crontab.guru/every-5-minutes
    # "*/5 * * * *"
    # Update image
    kubectl set image deployments/kubernetes-bootcamp kubernetes-bootcamp=jocatalin/kubernetes-bootcamp:v2
    kubectl set image pod/nginx nginx=nginx:1.7.1
    # History
    k rollout history deployments deployment-name
    # Events
    k get events
    # create pod
    k run my-pod --image=nginx
    # Help
    k exec --help
    k exec -h
    # Create a secret
    k create secret generic test --from-literal=entree=meatloaf --dry-run=client -o yaml
    # aliases
    alias k=kubectl
    alias kd='kubectl describe'
    # Usage
    k create secret generic lfsecret --from-literal=password=LFTr@1n $do
    # Use yq to get node
    k create secret generic lfsecret --from-literal=password=LFTr@1n $do | yq .data.password
    # Explain
    k explain cronjob.spec --recursive
    k explain cronjib.spec --recursive | grep -i failed -C20
    # Find other ways to do the same command
    kubectl set resources deployment/nginx-deployment -c=nginx --limits=cpu=200m,memory=512Mi
    # Print out all the environment variables in a pod - useful when using secrets
    k exec -i pod-name -- env
    # Run a temporary pod to curl a pod
    k run tmp --image=nginx:alpine -i --rm --restart=Never -- curl
    k run tmp --restart=Never --rm -i --image=nginx:alpine -- curl # From killer.sh
    ## Run interactive
    kubectl run -i --tty busybox --image=busybox --restart=Never -- sh
    ## Get Node IP
    k get nodes -o wide
    k get endpoints
    # Write to stdout - useful for busybox containers
    wget -O - localhost:8080
    k -n neptune get rs -o wide
    k config view | grep namespace -C 10 # context 10 lines
    k config view -o jsonpath='{.contexts[0].context.namespace}'
    man 5 crontab # get cron job expression examples
    # See liveness probe syntax and keep color from grep
    # If there's one thing you take from this blog post - it should be this
    k explain pod.spec --recursive | grep liveness -C 10 --color=always | less -r
    k explain pod.meta
    k explain pod.spec.containers.volumeMounts
    k explain pod.spec.volumes.secret
    k explain pod.spec.containers.envFrom.secretRef
    docker build -t my-image-name:latest . # build the container
    docker images # see image
    docker run my-image-name:latest # run the image
    docker push # push to the repo
    kubectl create deployment <Deploy-Name> --image=<repo>/<app-name>:<version>
    kubectl create deployment time-date --image=
    # Running commands in a container
    kubectl exec -i​t <Pod-Name> -- /bin/bash
    export repo= # use variables to be faster
    curl $repo/v2/_catalog
    # Edit to allow HTTP repo in podman, set insecure to true or --tls-verify=false
    # https://projectatomic.io/blog/2018/05/podman-tls/ 
    sudo vim /etc/containers/registries.conf
    sudo systemctl restart crio # optional
    sudo systemctl status crio # optional
    # Get pod names - useful if u want to loop through and do something
    k get pods -o name
    # bash for loop
    for item in 1 2 3
      echo $item
    # scale a deployment
    k scale deployment <deployment-name> --replicas=5
    # Other useful bash commands
    tail # good for looking at logs
    # list annotations
    kubectl annotate pod nginx1 --list

    Working with labels

    Working with labels is just like work with sets in Mathematics.

    # working with labels - it's like working with sets
    # All pods with a label run - value not checked
    k get pods -l 'run'
    # All pods without a label run - value not checked
    k get pods -l '!run'
    # All pods with label environment=test or environment=qa
    k get pods -l 'environment in (test, qa)'
    # All pods with label environment=test or environment=qa and run=app
    k get pods -l 'environment in (test, qa), run in (app)'
    # All pods not in environment=test
    k get pods -l 'environment notin (test)'
    # Get pods with label columns
    k get pods -L environment
    # tip
    seq 2 5 # 2 3 4 5
    seq 3 # 1 2 3
    # Delete all pods
    kubectl delete po --all
    # Find data faster
    k get pod nginx -o json | vim # now you can navigate around the JSON quick 
    # and figure out the JSON path
    # Get the YAML for a new ResourceQuota called 'myrq' with hard limits of 1 CPU, 1G memory and 2 pods without creating it
    kubectl create quota myrq --hard=cpu=1,memory=1G,pods=2 --dry-run=client -o yaml

    Remember to copy files over as requested in the question Remember to delete pods that are no longer needed Make sure you name the containers properly when asked in a question

    You should be familar with https://helm.sh/docs/intro/quickstart/

    TIP: Use <C-R> to invoke reverse search in bash

    Tip: You need to learn how to use vim buffers Tip: Tmux is good for having mutliple terminals - one for docs and one for vim


    then :set-window-option mode-keys vi

    fullscreen: ctrl-b then z


    Waning: you should check the curriculum as it changes often and the answers here may be out of date.

    What score is needed to pass the exam?

    For the CKAD Exam, a score of 66% or above must be earned to pass.

    What you have?

    For your convenience, all environments, in other words, the base system and the cluster nodes, have the following additional command-line tools pre-installed and pre-configured:

    • kubectl with k alias and Bash autocompletion
    • yq and jq for YAML/JSON processing
    • tmux for terminal multiplexing
    • curl and wget for testing web services
    • man and man pages for further documentation



    CKAD Allowed domains and their subdomains

    Helpful tips from previous students