Most Useful kubectl Plugins
Kubernetes provides a convenient utility
kubectl to interact with the cluster.
kubectl talks to kube-apiserver and allows you to create, update and delete objects/resources in the cluster.
How To Pronounce kubectl
When you start using
kubectl, the first thing that comes to mind is
how the heck do you pronounce this. There are different pronunciations used by different people, as long as everybody is referring to the same command line tool, it’s all good.
Here are the three different pronunciations that I have heard people using:
P.S: I use the last one 😄
What are kubectl Plugins
Kubernetes provides a way to extend the functionality of
kubectl using plugins. Plugins allow us to add additional functionality to the
kubectl command line tool.
kubectl plugins are executables whose names start with
kubectl-. These executables should be part of the
PATH so that
kubectl can discover them. kubectl automatically detects them and runs them for you.
Eg: If we have a plugin called
hello then you can invoke it by using the command:
here kubectl would look for an executable with the name
kubectl-hello in the
Install kubectl Plugins with Krew
kubectl plugins can be installed in numerous ways, the easiest way would be to install the official plugin manager called krew.
krew by following the instructions for your operating system here.
For Mac, it can be installed with the
brew package manager:
brew install krew
Installing official plugins
krew maintains an index of officially maintained plugins called krew plugin index. There are about 206 plugins maintained in the official krew index by the maintainers.
Let’s take a look at some of the most useful plugins
Install neat plugin with krew :
kubectl krew install neat
neat is my favorite plugin. While working with Kubernetes, you often would want to check the resource spec in the cluster, however, when you run the command, you get more fields than intended as part of the spec.
kubectl get pods nginx-7fd68f74d-ntpdc -oyaml
apiVersion: v1 kind: Pod metadata: creationTimestamp: "2022-10-14T16:18:08Z" generateName: nginx-7fd68f74d- labels: app: nginx pod-template-hash: 7fd68f74d name: nginx-7fd68f74d-ntpdc namespace: default ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: nginx-7fd68f74d uid: 4ff93f8e-a3c3-4c81-9556-e69eb47e9011 resourceVersion: "85985" uid: 714bf0d2-2456-4efc-a527-71f29943662c spec: containers: - image: quay.io/shardul/nginx:v1 imagePullPolicy: Always name: nginx resources: requests: cpu: "1" terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qskm4 readOnly: true dnsPolicy: ClusterFirst
the output is too verbose for troubleshooting. This is where
neat plugin comes to our rescue.
Let’s get the pod details, this time add
| kubectl neat at the end of the command :
kubectl get pods nginx-7fd68f74d-ntpdc -oyaml | kubectl neat
apiVersion: v1 kind: Pod metadata: labels: app: nginx pod-template-hash: 7fd68f74d name: nginx-7fd68f74d-ntpdc namespace: default spec: containers: - image: quay.io/shardul/nginx:v1 imagePullPolicy: Always name: nginx resources: requests: cpu: "1" volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-qskm4 readOnly: true
default values and
status fields and some metadata fields such as
Install view-secret plugin with krew:
kubectl krew install view-secret
view-secret plugin saves a lot of time when you want to view a secret in the cluster, especially if it’s a secret with multiple keys and values. Normally to view a secret you would do:
kubectl get secret my-secret -o yaml
apiVersion: v1 data: key1: c3VwZXJzZWNyZXQ= key2: dG9wc2VjcmV0 kind: Secret metadata: creationTimestamp: "2022-10-14T19:58:25Z" name: my-secret namespace: default resourceVersion: "88915" uid: 4b6fbf40-f27f-4744-ab61-2d7457a41ce6 type: Opaque
then copy the values such as
c3VwZXJzZWNyZXQ= and decode it with base64:
echo "c3VwZXJzZWNyZXQ=" | base64 -d supersecret
view-secret plugin, you can just do :
kubectl view-secret my-secret --all key1=supersecret key2=topsecret
Install access-matrix plugin with krew :
kubectl krew install access-matrix
access-matrix plugin is very useful to visualize your access in the cluster or to find out who can access a particular resource in the cluster.
Install blame plugin with krew :
kubectl krew install blame
blame plugin helps you to figure out who changed several fields of an object in the cluster -
helm. It internally uses the
.metadata.manageFields field of the object to get this information.
Read more about
If we edit a deployment
nginx manually and update the replias to 2. We can see those details using the
blame plugin that changes were done using
kubectl blame deploy nginx
spec: kubectl-client-side-apply (Update 8 hours ago) progressDeadlineSeconds: 600 kubectl-edit (Update 26 minutes ago) replicas: 2 kubectl-client-side-apply (Update 8 hours ago) revisionHistoryLimit: 10
Install df-pv plugin with krew :
kubectl krew install df-pv
If you are familiar with the
df command in Linux and Mac, then you would love the
df-pv plugin. It provides the same functionality as
df provides, except that it provides details for Persistent volumes in a human-readable format.
df-pv plugin comes in handy if you want to get an overall view of PVs in the cluster. It shows you details like
Installing plugins directly from repositories
Apart from the krew index,
plugins can be installed from private repositories via manual steps or using a custom plugin index.
In the end plugins are just executables.
Install clean plugin manually :
git clone [email protected]:shardulsrivastava/kubectl-plugin.git cd kubectl-plugin/plugins/clean mv kubectl-clean /usr/local/bin kubectl clean --help
clean plugin comes handy if you’re using EKS or GKE where you have orphaned pods lying around cluttering the cluster. It cleans them all up in one go.
To delete all the orphaned pods in your cluster
kubectl clean all
or you can clean up a particular namespace:
kubectl clean my-namespace
Install gke-outdated plugin manually :
git clone [email protected]:shardulsrivastava/kubectl-plugin.git cd kubectl-plugin/plugins/gke-outdated mv kubectl-gke_outdated print-table /usr/local/bin kubectl gke-outdated --help
gke-outdated plugin finds all the outdated GKE clusters in your GCP organization’s folder.
To check all the GKE clusters running outdated kubernetes versions inside folder Id
kubectl gke-outdated 907623304376 1.22
this will list all the GKE clusters inside of folder
907623304376 that are running a version less than