← topics

>_ kubectl Advanced

20 commands

Create a Role that allows getting and listing pods in the current namespace

kubectl create role POD_READER --verb=get,list --resource=pods

Create a ClusterRole that allows reading secrets across all namespaces

kubectl create clusterrole SECRET_READER --verb=get,list --resource=secrets

Bind a Role to a user so that user gains those permissions in the current namespace

kubectl create rolebinding ALICE_READER --role=pod-reader --user=alice

Bind a ClusterRole to a user, granting those permissions across the entire cluster

kubectl create clusterrolebinding ADMIN_BINDING --clusterrole=cluster-admin --user=admin

Apply a NetworkPolicy manifest from a file to restrict pod-to-pod traffic

kubectl apply -f network-policy.yaml

List all CustomResourceDefinitions installed in the cluster

kubectl get crds

Create a service account in a specific namespace

kubectl create serviceaccount APP_SA -n prod

List all RoleBindings across every namespace in the cluster

kubectl get rolebindings --all-namespaces

Check whether user bob can delete deployments in the staging namespace

kubectl auth can-i delete deployments --as=bob -n staging

Check whether the current user has all permissions on all resources cluster-wide

kubectl auth can-i '*' '*' --all-namespaces

Create a Role in the prod namespace that allows full ConfigMap management

kubectl create role CONFIGMAP_MANAGER --verb=get,list,create,update,delete --resource=configmaps -n prod

Grant a service account view access by binding a ClusterRole via a RoleBinding

kubectl create rolebinding APP_SA_BINDING --clusterrole=view --serviceaccount=default:app-sa

Install a CustomResourceDefinition into the cluster from a YAML manifest

kubectl apply -f crd.yaml

List all instances of a custom resource by its kind name

kubectl get CUSTOM_RESOURCE_KIND

Display the full spec and events for a NetworkPolicy in the prod namespace

kubectl describe networkpolicy POLICY_NAME -n prod

Apply RBAC roles and bindings from a file, updating any that have changed

kubectl auth reconcile -f rbac.yaml

Show the API documentation for the NetworkPolicy spec field

kubectl explain networkpolicy.spec

Check whether the current user can list secrets in the kube-system namespace

kubectl auth can-i list secrets -n kube-system

List all NetworkPolicy resources across every namespace in the cluster

kubectl get networkpolicies --all-namespaces

List all ClusterRoles defined in the cluster

kubectl get clusterroles

Ready to test yourself?

Practice these commands →