kubectl
What is kubectl?
kubectl is a command line tool that enables communications between the Kubernetes API and the control plane. kubectl allows application deployment, cluster resource management, and resource monitoring. Overall, all CRUD operations (Create, Read, Update, and Delete) on Kubernetes resources are carried out with kubectl’s help. The tool is compatible with all major operating systems, such as Linux, Windows, and Mac OS.
Why is kubectl important?
kubectl is one of the most crucial tools for managing the complete Kubernetes infrastructure, where applications may be distributed across different clusters. The tool facilitates communication between users, Kubernetes resources, and external components by sending HTTP requests to the Kubernetes API server.
In situations where the Kubernetes API server is publicly accessible, or when additional security measures are required, it is possible to configure kubectl to use HTTPS to communicate with the Kubernetes API server. To do this, you need to configure the Kubernetes API server to serve HTTPS traffic and configure kubectl to use the appropriate SSL certificates and keys.
In addition to communications, It also runs end-to-end resource management operations, including container deployment, viewing log files, knowing the state of resources, and more.
Syntax
The syntax for running the kubectl command is as follows:
kubectl [command] [TYPE] [NAME] [flags]
- command refers to the operation to be performed on the cluster. A few examples include create, delete, and describe.
- TYPE refers to the resource type on which the operation needs to be performed. The resource type is not sensitive to upper or lower-case characters used when writing the command. Thus, regardless of capitalization, the same resource type will be recognized by kubectl.
- NAME refers to the name of the resource. Unlike TYPE, resource names are case-sensitive. Thus, capital and lowercase letters will give a different output.
- flags is an optional part of the syntax and is used to mention the port number of the Kubernetes API server.
Note: A kubectl command can be applied to one or more resources and resource types.
Example
kubectl get pod pod1
After running this command, the cluster should return pod1. In the example, get is the command, pod is the TYPE, and pod1 is the NAME. No flags have been specified so the default value will be used.
List of major kubectl operations
| Operation | Syntax | Description |
| get | kubectl get po -o wide | Lists detailed information for all pods. |
| create | kubectl create -f filename | Creates a cluster resource from a file or other input. |
| expose | kubectl expose deployment deployname –port=81 –type=NodePort –target-port=80 –name=service-name | Exposes a resource, such as a pod, service or deployment, as a new Kubernetes service. |
| run | kubectl run deployname –image=nginx:latests] | Runs a particular image in a cluster. |
| set | kubectl set image deploy deployname containername=containername:1.0 | Changes the image of a deployment with the name specified in deployname to image 1.0 |
| edit | kubectl edit po po-nginx-btv4j | Updates a pod using the default editor. |
| explain | kubectl auth [flags] [options] | Views documents or reference materials related to the specified subject. |
| autoscale | kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [–min=MINPODS] –max=MAXPODS [–cpu-percent=CPU] [flags] | Automatically scale the set of pods that are managed by a replication controller. |
| delete | kubectl delete po podname | Deletes resources by name or label.. |
| rollout | kubectl rollout status/history deployment/deployname | Check the rollout status or history of a particular deployment |
Besides the aforementioned 10 operations, numerous others exist, including completion, convert, config, diff, drain, and more.
What are kubectl plugins?
Kubectl performs basic operations on Kubernetes clusters. To ensure the tool exhibits complex behavior and executes intricate functions, kubectl plugins can be written and installed in the infrastructure. These can be pre-existing plugins or custom-made ones, depending on the needs of the application and the functions it must execute. A few of the plugins are listed below:
Kubescape
The Kubescape plugin focuses on Kubernetes cluster security by offering risk analysis, security compliance, and misconfiguration scanning. The easy-to-use CLI makes it simple to take advantage of flexible output formats and initiate automated scanning capabilities.
Stern
The Kubernetes Stern plugin is a command-line tool that allows users to tail multiple container logs in a Kubernetes cluster. It provides a way to easily view and follow the logs of multiple containers across multiple pods, without having to manually open individual log files or SSH into each container.
Kubepug
Kubernetes releases newer versions periodically, and engineers find it difficult to learn which APIs are removed, what upgrades have been made, and more. Kubepug enables Kubernetes engineers to know these details before migrating the infrastructure to a newer version.
Ingress-nginx
Ingress-nginx simplifies ingress operations on clusters and easily allows external services to access Kubernetes clusters. Thus traffic routing and resource management become simpler.
Besides these, there are other plugins for various functions. You can use Krew to review and install them
How to install kubectl
kubectl can be installed on Windows, Linux, and Mac Os. Please make sure to follow the installation instructions for your particular operating system.
Here are the steps for a typical kubectl Linux installation:
- Update the package list of your Linux distribution’s package manager by running the following command:
sudo apt-get update
- Install the kubectl package by running the following command:
sudo apt-get install -y kubectl
- Verify that kubectl is installed correctly by running the following command:
kubectl version
This displays the version of kubectl running on your system and completes the installation.
Summary
Overall, kubectl is a tool that helps manage Kubernetes clusters by communicating between the API server and the control plane. The tool performs several basic operations, while also enabling engineers to perform more complex operations using extensions in the form of plugins that are commonly available or can be written to specification.
Actionable, contextual, end-to-end
{Kubernetes-native security}
From code to cluster, helm to node, we’ve got your Kubernetes covered:
Cut the CVE noise by significantly reducing CVE-related work by over 90%
Automatic Kubernetes compliance for CIS, NSA, Mitre, SOC2, PCI, and more
Manage Kubernetes role-based-access control (RBAC) visually
Share
