Key Takeaways
- âś“Docker vs kubectl quick reference table for 7 key actions (list, logs, exec, etc.)
- âś“Multi-stage builds reduce image size from 800MB to 15-30MB using Alpine
TL;DR: This cheatsheet gathers essential Docker and Kubernetes commands for managing containers, pods, services, and deployments. Keep it handy during your Kubernetes Docker training sessions or in production. Each command includes the exact syntax and a concrete example.
This skill is at the core of the Kubernetes Fundamentals training.
Quick reference: Docker vs kubectl
| Action | Docker | kubectl |
|---|---|---|
| List containers/pods | docker ps -a | kubectl get pods -A |
| View logs | docker logs | kubectl logs |
| Interactive shell | docker exec -it | kubectl exec -it |
| Delete | docker rm | kubectl delete pod |
| Inspect | docker inspect | kubectl describe pod |
| Build an image | docker build -t app:v1 . | N/A (buildah, kaniko) |
| Push to registry | docker push app:v1 | N/A |
Key takeaway: 82% of container users run Kubernetes in production (CNCF Annual Survey 2025).
Essential Docker commands
Image management
# Build an image with tag
docker build -t myapp:v1.0 .
# Build with specific file
docker build -f Dockerfile.prod -t myapp:prod .
# List local images
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
# Remove unused images
docker image prune -a --force
# Tag for a registry
docker tag myapp:v1 registry.example.com/myapp:v1
Image optimization
Alpine images are about 3MB compared to 70MB for base Ubuntu (Medium Docker Optimization).
# Multi-stage build: go from 800MB to 15-30MB
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:20-alpine
COPY --from=builder /app/node_modules ./node_modules
COPY . .
CMD ["node", "server.js"]
| Base image | Size | Use case |
|---|---|---|
alpine | ~3MB | Production, microservices |
ubuntu | ~70MB | Development, debugging |
scratch | 0MB | Compiled Go/Rust binaries |
distroless | ~20MB | Maximum security |
For deeper understanding of fundamental differences, consult Kubernetes vs Docker: understanding essential differences.
Container management
# Launch a container with environment variables
docker run -d --name api -e DB_HOST=postgres -p 8080:80 myapp:v1
# View containers with stats
docker stats --no-stream
# Copy files
docker cp api:/app/logs ./logs-backup
# Stop all containers
docker stop $(docker ps -q)
Fundamental kubectl commands
Context and configuration
# View current context
kubectl config current-context
# List all contexts
kubectl config get-contexts
# Change context
kubectl config use-context production-cluster
# Set default namespace
kubectl config set-context --current --namespace=app-prod
Pod management
# List pods with IP and node
kubectl get pods -o wide
# Filter by label
kubectl get pods -l app=frontend,env=prod
# View a pod's YAML
kubectl get pod nginx-7fb9 -o yaml
# Create from file
kubectl apply -f deployment.yaml
# Delete with grace (30s default)
kubectl delete pod nginx-7fb9 --grace-period=10
Key takeaway: 96% of organizations use or evaluate Kubernetes (The Decipherist). Mastering kubectl has become essential.
To get started step by step, follow the Getting started with Docker and Kubernetes: quick start guide.
Debugging and troubleshooting
Quick diagnosis
# Pod in CrashLoopBackOff?
kubectl describe pod <name> | grep -A10 "State:"
kubectl logs <name> --previous
# View recent events
kubectl get events --sort-by='.lastTimestamp' | tail -20
# Events for specific namespace
kubectl get events -n app-prod --field-selector type=Warning
Advanced logs
# Multi-container logs
kubectl logs <pod> -c <container> -f
# Logs from a timestamp
kubectl logs <pod> --since=1h
# Logs from all pods in a deployment
kubectl logs -l app=api --all-containers=true
# Export logs
kubectl logs <pod> --timestamps > debug.log
Connecting to pods
# Interactive shell
kubectl exec -it <pod> -- /bin/sh
# Single command
kubectl exec <pod> -- cat /etc/config/app.yaml
# Port-forward for local debug
kubectl port-forward pod/<name> 8080:80
# Service port-forward
kubectl port-forward svc/api 8080:80
To resolve common errors, consult Docker and Kubernetes Troubleshooting: resolve frequent errors.
Networking and services
Services
# Expose a deployment
kubectl expose deployment api --port=80 --target-port=8080
# List services with endpoints
kubectl get svc,ep -o wide
# Create a NodePort service
kubectl expose deployment api --type=NodePort --port=80
# Test internal DNS
kubectl run test --rm -it --image=busybox -- nslookup api.default.svc.cluster.local
Network debugging
# Check connectivity between pods
kubectl run test --rm -it --image=nicolaka/netshoot -- curl http://api:80/health
# View network policies
kubectl get networkpolicies -A
# Describe an ingress
kubectl describe ingress api-ingress
| Service Type | Access | External Port |
|---|---|---|
| ClusterIP | Internal cluster | No |
| NodePort | Node IP:30000-32767 | Yes |
| LoadBalancer | Cloud public IP | Yes |
| ExternalName | External DNS | No |
The Kubernetes Training Thematic Map presents all the network skills to acquire.
Resource management
Deployments
# View rollout history
kubectl rollout history deployment/api
# Roll back to previous version
kubectl rollout undo deployment/api
# Roll back to specific revision
kubectl rollout undo deployment/api --to-revision=2
# Update the image
kubectl set image deployment/api api=myapp:v2
# Scale manually
kubectl scale deployment api --replicas=5
ConfigMaps and Secrets
# Create a ConfigMap from file
kubectl create configmap app-config --from-file=config.yaml
# Create a Secret
kubectl create secret generic db-creds \
--from-literal=username=admin \
--from-literal=password=secret123
# View a decoded secret
kubectl get secret db-creds -o jsonpath='{.data.password}' | base64 -d
Resources and quotas
# View resource usage
kubectl top pods
kubectl top nodes
# Describe namespace limits
kubectl describe resourcequota -n app-prod
# View LimitRanges
kubectl get limitrange -n app-prod -o yaml
For a complete orchestrator comparison, read Kubernetes vs Docker Swarm, ECS and Nomad Comparison.
Common errors and solutions
| Error | Probable cause | Diagnostic command |
|---|---|---|
ImagePullBackOff | Image not found or missing auth | kubectl describe pod |
CrashLoopBackOff | App crashes at startup | kubectl logs |
Pending | Insufficient resources | kubectl describe pod |
OOMKilled | Memory exceeded | kubectl top pod |
CreateContainerConfigError | Missing ConfigMap/Secret | kubectl get cm,secret |
# Complete pod diagnosis
kubectl get pod <name> -o yaml | grep -A20 "status:"
# Check available resources
kubectl describe nodes | grep -A5 "Allocated resources"
# Force delete a stuck pod
kubectl delete pod <name> --force --grace-period=0
Key takeaway: As TealHQ points out, "Don't let your knowledge remain theoretical - set up a real Kubernetes environment to solidify your skills."
To migrate your existing workloads, follow the Migrate to Kubernetes from Docker Compose, VMs or monoliths guide.
Recommended aliases
Add these aliases to your .bashrc or .zshrc:
alias k='kubectl'
alias kgp='kubectl get pods'
alias kgs='kubectl get svc'
alias kgd='kubectl get deployments'
alias kd='kubectl describe'
alias kl='kubectl logs -f'
alias ke='kubectl exec -it'
alias kaf='kubectl apply -f'
alias kdel='kubectl delete'
# Shortcut to change namespace
alias kns='kubectl config set-context --current --namespace'
For deepening these skills as a Kubernetes system administrator, regular practice remains essential.
Take action
This cheatsheet covers daily commands, but mastering Kubernetes in production requires structured training. Explore the Complete Kubernetes Training Guide to identify your path.
Recommended SFEIR Institute training:
- Kubernetes Fundamentals: 1-day discovery to get started quickly
- LFS458 Kubernetes Administration: 4 days of CKA preparation for administrators
- LFD459 Kubernetes for Developers: 3 days of CKAD preparation for developers
Contact our advisors to identify the training suited to your level.