Command cheatsheet - Session 1

A cheat sheet focusing on advanced command-line filtering. While `kubectl` has powerful built-in formatting (like JSONPath), real-world platform engineering often requires piping output to standard Linux tools like `grep`, `sort`, `uniq`, and `tr` to extract actionable data quickly.

Here are the most critical filtering patterns found in the official documentation, categorized by operational domain.

1. Container Image Auditing

Identifying which container images are running in your cluster is critical for security audits and version checking. This pipeline recursively parses both standard containers and initContainers.

List all container images running in the cluster (with counts):

kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec['initContainers', 'containers'][*].image}" | \
tr -s '[[:space:]]' '\n' | \
sort | \
uniq -c

• Explanation:
  • The jsonpath query extracts the image field from both initContainers and containers lists,.
  • tr replaces spaces with newlines to put each image on its own line.
  • sort | uniq -c aggregates the list and counts occurrences, helping you spot version drift.

2. Networking & Connectivity

When debugging service discovery or firewall issues, you often need raw IP addresses rather than human-readable tables.

Extract Pod IPs matching a specific label:

kubectl get pods -l app=hostnames \
-o go-template='{{range .items}}{{.status.podIP}}{{"\n"}}{{end}}'

• Use Case: Rapidly gathering endpoints to test connectivity (e.g., feeding these IPs into curl or wget).

Extract the API Server URL from kubeconfig:

kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " "

• Use Case: This command isolates the API server URL, which is useful when scripting direct curl requests to the API server without using kubectl proxy.

3. Security & Configuration

Locating specific configurations or sensitive mounts often requires filtering against the full YAML output or specific fields.

Find Pods mounting the Docker socket (Security Risk):

kubectl get pods --all-namespaces \
-o=jsonpath='{range .items[*]}{"\n"}{.metadata.namespace}{":\t"}{.metadata.name}{":\t"}{range .spec.volumes[*]}{.hostPath.path}{", "}{end}{end}' \
| sort \
| grep '/var/run/docker.sock'

• Explanation: This command iterates through all Pods, prints their namespace and name, and checks spec.volumes for hostPath mounts. grep then filters for the Docker socket, which indicates a Pod with root-level access to the node,.

Decode a Secret value instantly:

kubectl get secret <secret-name> -o jsonpath='{.data.<key>}' | base64 --decode

• Use Case: Secrets are base64 encoded by default. This one-liner decodes a specific key (e.g., password or token) directly to your terminal,.

4. Logs & Troubleshooting

Standard kubectl logs output can be overwhelming. Combining it with grep is the standard pattern for finding specific errors.

Filter container logs for specific environment variables:

kubectl logs <pod-name> -c <container-name> | grep <VAR_NAME>

• Use Case: Verifying that a configuration injection (like a database address) was correctly populated in the application environment at startup.

Identify Non-Ready Nodes:

kubectl get nodes | grep NotReady

• Use Case: Quickly filtering the node list to identify infrastructure failures during cluster troubleshooting.

5. Advanced formatting without Grep

While grep is useful, kubectl has built-in filtering that is often more robust because it operates on the API structure rather than text.

Custom Columns (Clean Reporting): Instead of awk to print specific columns, use -o custom-columns:

kubectl get pods -o custom-columns=NAME:.metadata.name,IMAGE:.spec.containers.image

• Why use this: It handles spacing automatically and includes headers, which is superior to awk '{print $1, $5}' when dealing with Kubernetes output that may have varying column widths.

Field Selectors (Server-Side Filtering): Instead of grep to filter a list, use --field-selector:

kubectl get pods --field-selector status.phase=Running

• Why use this: This filters the data at the API server level, reducing network traffic and client-side processing load, whereas grep filters after the data has been downloaded,.