4.1 kubectl Basics

The kubectl utility is a command line tool that interfaces with the API Server to run commands against the cluster. The tool is typically run on the master node of the cluster. It effectively grants full administrative rights to the cluster and all of the nodes in the cluster.

The kubectl utility is documented fully at:


In this section, we describe basic usage of the tool to get you started creating and managing pods and services within your environment.

Get Information About the Nodes in a Cluster

To get a listing of all of the nodes in a cluster and the status of each node, use the kubectl get command. This command can be used to obtain listings of any kind of resource that Kubernetes supports. In this case, the nodes resource:

# kubectl get nodes
NAME                STATUS    ROLES   AGE       VERSION
master.example.com   Ready     master  1h       v1.9.1+2.0.2.el7
test2.example.com   Ready     <none>  1h        v1.9.1+2.0.2.el7
test3.example.com   Ready     <none>  1h        v1.9.1+2.0.2.el7

You can get more detailed information about any resource using the kubectl describe command. If you specify the name of the resource, the output is limited to information about that resource alone, otherwise full details of all resources are also printed to screen:

# kubectl describe nodes test3.example.com
Name:               test3.example.com
Roles:              <none>
Labels:             beta.kubernetes.io/arch=amd64
Annotations:        flannel.alpha.coreos.com/backend-data={"VtepMAC":"02:e6:df:13:b1:eb"}

Run an Application in a Pod

To create a pod with a single running Docker container, you can use the kubectl run command. For example:

# kubectl run hello-world --image=nginxdemos/hello --port=80
deployment "hello-world" created

Substitute hello-world with a name for your deployment. Your pods are named using the deployment name as a prefix. Substitute nginxdemos/hello with a Docker image that can be pulled by the Docker engine. Substitute the port 80 with whatever port is used to provide network access to your application.


Deployment, pod and service names conform to a requirement to match a DNS-1123 label. These must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. The regular expression used to validate names is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'. If you use a name, for your deployment, that does not validate, an error is returned.

There are many additional optional parameters that can be used when you run a new application within Kubernetes. For instance, at run time, you can specify how many replica pods should be started, or you might apply a label to the deployment to make it easier to identify pod components. To see a full list of options available to you, run kubectl run -h.

Check that your new application deployment has created one or more pods, using kubectl get pods:

# kubectl get pods
NAME                           READY     STATUS    RESTARTS   AGE
hello-world-596d8d6989-hbn7d   1/1       Running   0          1m

Use kubectl describe to show a more detailed view of your pods, including which containers are running and what image they are based on, as well as which node is currently hosting the pod:

# kubectl describe pods

Name:           hello-world-596d8d6989-hbn7d
Namespace:      default
Node:           test3.example.com/
Start Time:     Thu, 15 Feb 2018 06:11:25 -0800
Labels:         pod-template-hash=1528482545
Annotations:    <none>
Status:         Running
Controlled By:  ReplicaSet/hello-world-596d8d6989
    Container ID:   docker://1abd358283922aeff2c389ea216bd2d93d32362974aa59a65eed0dc71b3e2b45
    Image:          nginxdemos/hello
    Image ID:       docker-pullable://nginxdemos/hello@sha256:f5a0b2a5fe9af497c4a7c186ef6412bb91ff19d39d6ac24a4997eaed2b0bb334
    Port:           80/TCP
    State:          Running
      Started:      Thu, 15 Feb 2018 06:11:27 -0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-v8pbp (ro)
  Type           Status
  Initialized    True 
  Ready          True 
  PodScheduled   True 
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-v8pbp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s

Scale a Pod Deployment

To change the number of instances of the same pod that you are running, you can use the kubectl scale deployment command. For example:

# kubectl scale deployment hello-world --replicas=3
deployment "hello-world" scaled

You can check that the number of pod instances has been scaled appropriately:

# kubectl get pods
NAME                           READY     STATUS    RESTARTS   AGE
hello-world-596d8d6989-g74kj   1/1       Running   0          18s
hello-world-596d8d6989-hbn7d   1/1       Running   0          26m
hello-world-596d8d6989-dzmtd   1/1       Running   0          18s

Expose a Service Object For Your Application

Typically, while many applications may only need to communicate internally within a pod, or even across pods, you may need to expose your application externally so that clients outside of the Kubernetes cluster can interface with the application. This is done by creating a service definition for the deployment.

To expose a deployment using a service object, you must define the service type that should be used. If you are not using a cloud-based load balancing service, you can set the service type to NodePort. The NodePort service exposes the application running within the cluster on a dedicated port on the public IP address on all of the nodes within the cluster. Use the kubectl expose deployment to create a new service.

# kubectl expose deployment hello-world --type=NodePort --name=hello-service
service "hello-service" exposed

Use kubectl get services to list the different services that the cluster is running, and to obtain the port information required to access the service:

# kubectl get services hello-service
NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
hello-service   NodePort   <none>        80:30911/TCP   53s

In this example output, you can see that traffic to port 80 inside the cluster is mapped to the NodePort 30911. The external IP that can be used to access the service is listed as <nodes>, meaning that if you connect to the external IP address for any of the nodes within the cluster on the port 30911, you are able access the service.

For the sake of the example in this guide, you can open a web browser to point at any of the nodes in the cluster, such as http://test3.example.com:30911/, and it should display the NGINX demonstration application.

Delete a Service or Deployment

Objects can be deleted easily within Kubernetes so that your environment can be cleaned. Use the kubectl delete command to remove an object.

To delete a service, specify the services object and the name of the service that you wish to remove:

# kubectl delete services hello-service

To delete an entire deployment, and all of the pod replicas running for that deployment, specify the deployment object and the name that you used to create the deployment:

# kubectl delete deployment hello-world

Work With Namespaces

Namespaces can be used to further separate resource usage and to provide limited environments for particular use cases. By default, Kubernetes configures a namespace for Kubernetes system components and a standard namespace to be used for all other deployments for which no namespace is defined.

To view existing namespaces, use the kubectl get namespaces and kubectl describe namespaces commands.

kubectl only displays resources in the default namespace, unless you set the namespace specifically for a request. Therefore, if you need to view the pods specific to the Kubernetes system, you would use the --namespace option to set the namespace to kube-system for the request. For example:

# kubectl get pods --namespace=kube-system
NAME                                         READY     STATUS    RESTARTS   AGE
etcd-master.example.com                      1/1       Running   0          2d
kube-apiserver-master.example.com            1/1       Running   0          2d
kube-controller-manager-master.example.com   1/1       Running   0          2d
kube-dns-978711586-lhlvs                     3/3       Running   0          2d
kube-flannel-ds-5cs4b                        2/2       Running   1          2d
kube-flannel-ds-ms3ms                        2/2       Running   0          2d
kube-flannel-ds-wjtjg                        2/2       Running   2          2d
kube-proxy-6qw0f                             1/1       Running   0          2d
kube-proxy-v18xk                             1/1       Running   0          2d
kube-proxy-zqg5b                             1/1       Running   0          2d
kube-scheduler-master.example.com            1/1       Running   0          2d
kubernetes-dashboard-76b75dffc7-xxnpv        1/1       Running   0          1d