What is kubectl?

kubectl is a command line tool that enables communications between the Kubernetes API and the control plane. kubectl allows application deployment, cluster resource management, and resource monitoring. Overall, all CRUD operations (Create, Read, Update, and Delete) on Kubernetes resources are carried out with kubectl’s help. The tool is compatible with all major operating systems, such as Linux, Windows, and Mac OS. 

Why is kubectl important?

kubectl is one of the most crucial tools for managing the complete Kubernetes infrastructure, where applications may be distributed across different clusters. The tool facilitates communication between users, Kubernetes resources, and external components by sending HTTP requests to the Kubernetes API server. 

In situations where the Kubernetes API server is publicly accessible, or when additional security measures are required, it is possible to configure kubectl to use HTTPS to communicate with the Kubernetes API server. To do this, you need to configure the Kubernetes API server to serve HTTPS traffic and configure kubectl to use the appropriate SSL certificates and keys.

In addition to communications, It also runs end-to-end resource management operations, including container deployment, viewing log files, knowing the state of resources, and more. 


The syntax for running the kubectl command is as follows:

kubectl [command] [TYPE] [NAME] [flags]

  • command refers to the operation to be performed on the cluster. A few examples include create, delete, and describe.
  • TYPE refers to the resource type on which the operation needs to be performed. The resource type is not sensitive to upper or lower-case characters used when writing the command. Thus, regardless of capitalization, the same resource type will be recognized by kubectl.
  • NAME refers to the name of the resource. Unlike TYPE, resource names are case-sensitive. Thus, capital and lowercase letters will give a different output.
  • flags is an optional part of the syntax and is used to mention the port number of the Kubernetes API server. 

Note: A kubectl command can be applied to one or more resources and resource types. 


kubectl get pod pod1

After running this command, the cluster should return pod1. In the example, get is the command, pod is the TYPE, and pod1 is the NAME. No flags have been specified so the default value will be used.

List of major kubectl operations

getkubectl get po -o wideLists detailed information for all pods.
createkubectl create -f filenameCreates a cluster resource from a file or other input.
exposekubectl expose deployment deployname –port=81 –type=NodePort –target-port=80 –name=service-nameExposes a resource, such as a pod, service or deployment, as a new Kubernetes service.
runkubectl run deployname –image=nginx:latests]Runs a particular image in a cluster.
setkubectl set image deploy deployname containername=containername:1.0Changes the image of a deployment with the name specified in deployname to image 1.0
editkubectl edit po po-nginx-btv4jUpdates a pod using the default editor.
explainkubectl auth [flags] [options]Views documents or reference materials related to the specified subject.
autoscalekubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [–min=MINPODS] –max=MAXPODS [–cpu-percent=CPU] [flags]Automatically scale the set of pods that are managed by a replication controller.
deletekubectl delete po podnameDeletes resources by name or label..
rolloutkubectl rollout status/history deployment/deploynameCheck the rollout status or history of a particular deployment

Besides the aforementioned 10 operations, numerous others exist, including completion, convert, config, diff, drain, and more. 

What are kubectl plugins? 

Kubectl performs basic operations on Kubernetes clusters. To ensure the tool exhibits complex behavior and executes intricate functions, kubectl plugins can be written and installed in the infrastructure. These can be pre-existing plugins or custom-made ones, depending on the needs of the application and the functions it must execute. A few of the plugins are listed below:


The Kubescape plugin focuses on Kubernetes cluster security by offering risk analysis, security compliance, and misconfiguration scanning. The easy-to-use CLI makes it simple to take advantage of flexible output formats and initiate automated scanning capabilities.


The Kubernetes Stern plugin is a command-line tool that allows users to tail multiple container logs in a Kubernetes cluster. It provides a way to easily view and follow the logs of multiple containers across multiple pods, without having to manually open individual log files or SSH into each container.


Kubernetes releases newer versions periodically, and engineers find it difficult to learn which APIs are removed, what upgrades have been made, and more. Kubepug enables Kubernetes engineers to know these details before migrating the infrastructure to a newer version. 


Ingress-nginx simplifies ingress operations on clusters and easily allows external services to access Kubernetes clusters. Thus traffic routing and resource management become simpler.

Besides these, there are other plugins for various functions. You can use Krew to review and install them 

How to install kubectl

kubectl can be installed on Windows, Linux, and Mac Os. Please make sure to follow the installation instructions for your particular operating system. 

Here are the steps for a typical kubectl  Linux installation:

  1. Update the package list of your Linux distribution’s package manager by running the following command:

sudo apt-get update

  1. Install the kubectl package by running the following command:

sudo apt-get install -y kubectl

  1. Verify that kubectl is installed correctly by running the following command:

kubectl version

This displays the version of kubectl running on your system and completes the installation.


Overall, kubectl is a tool that helps manage Kubernetes clusters by communicating between the API server and the control plane. The tool performs several basic operations, while also enabling engineers to perform more complex operations using extensions in the form of plugins that are commonly available or can be written to specification. 

Actionable, contextual, end-to-end
{Kubernetes-native security}

From code to cluster, helm to node, we’ve got your Kubernetes covered:

Cut the CVE noise by significantly reducing CVE-related work by over 90%

Automatic Kubernetes compliance for CIS, NSA, Mitre, SOC2, PCI, and more

Manage Kubernetes role-based-access control (RBAC) visually

Stay up to date

Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest