☸️ Kubernetes Cheat Sheet (2025 Edition) – From Beginner to Advanced
Kubernetes is powerful. But with so many moving parts — pods, services, YAMLs, CRDs, controllers — it’s easy to feel lost.
This cheat sheet is your go-to guide to everything Kubernetes — covering basic commands, architecture, YAML templates, security, Helm, GitOps, observability, and more.
🧠 1. What is Kubernetes?
Kubernetes is an open-source container orchestration system used to deploy, scale, and manage containerized applications automatically.
- Created by Google
- Maintained by CNCF
- Runs everywhere — cloud, edge, or on-prem
🧱 2. Kubernetes Architecture
| Component | Role |
|---|---|
| Control Plane | Schedules & controls the cluster |
| Node | Worker machine (VM or physical) |
| Pod | Smallest unit, wraps 1+ containers |
| Deployment | Ensures desired state (e.g., 3 pods) |
| Service | Exposes pods (ClusterIP, NodePort, LoadBalancer) |
| Ingress | Routes external traffic (domain-based rules) |
| ConfigMap | Non-sensitive config |
| Secret | Sensitive credentials (API keys, passwords) |
| Namespace | Logical grouping (multi-tenant or per environment) |
🔧 3. kubectl Cheat Sheet (Top Commands)
🔍 Basics
kubectl get nodes # Show cluster nodes
kubectl get pods # Show all pods
kubectl get svc # Show services
kubectl get deployments # Show deployments
kubectl get namespaces # List namespaces
📦 Pod Management
kubectl logs <pod> # View logs
kubectl exec -it <pod> -- bash # Shell inside container
kubectl describe pod <pod> # Details of a pod
kubectl delete pod <pod> # Delete pod
📂 Apply/Manage YAMLs
kubectl apply -f file.yaml # Create/update resource
kubectl delete -f file.yaml # Delete from config
kubectl create -f file.yaml # Create resource
kubectl diff -f file.yaml # Show changes before applying
🧪 Debugging & Test
kubectl explain pod # Show schema
kubectl top pod # Show CPU/RAM usage
kubectl port-forward svc/myapp 8080:80
✍️ 4. Essential YAML Templates
✅ Pod
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
✅ Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myimage:v1
✅ Service
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: LoadBalancer
selector:
app: myapp
ports:
- port: 80
targetPort: 8080
📦 5. Resource Types Cheat Sheet
| Type | Description |
|---|---|
| Pod | Runs 1+ containers |
| Deployment | Rolling updates, replica management |
| StatefulSet | For apps like databases, persistent identity |
| DaemonSet | Runs 1 pod per node (e.g., logs agent) |
| Job | One-time tasks |
| CronJob | Scheduled jobs (like cron) |
| ConfigMap | Environment configs |
| Secret | Encrypted data |
| Service | Expose app |
| Ingress | HTTP routing with host/path rules |
| PersistentVolumeClaim (PVC) | Request storage from cluster |
| HorizontalPodAutoscaler | Scale pods by CPU/memory |
🔐 6. Security Cheat Sheet
| Feature | Use |
|---|---|
| RBAC | Control access (Role + RoleBinding) |
| Namespaces | Isolate resources logically |
| Network Policies | Restrict traffic between pods |
| Pod Security | Enforce seccomp, runAsNonRoot |
| Secrets | Store passwords, tokens |
| Admission Controllers | Enforce rules before deploy |
RBAC Example:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: dev
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
🛠️ 7. Helm Cheat Sheet (K8s Package Manager)
📦 Install Helm
brew install helm
🧰 Helm Usage
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install myapp bitnami/nginx
helm upgrade myapp bitnami/nginx --set service.type=LoadBalancer
helm uninstall myapp
Benefits:
- Templated YAMLs
- Values override
- Reusable charts
🔁 8. GitOps & ArgoCD
| Tool | Purpose |
|---|---|
| ArgoCD | Pull-based GitOps deployments |
| Flux | Lightweight GitOps tool |
| Kustomize | Overlay-based YAML customizer |
GitOps Flow:
- Git repo holds app + infra YAMLs
- ArgoCD syncs with Git
- Changes are auto-deployed to the cluster
📊 9. Observability & Monitoring
| Type | Tool |
|---|---|
| Metrics | Prometheus |
| Dashboards | Grafana |
| Logs | Loki, Fluentd, EFK Stack |
| Tracing | Jaeger, OpenTelemetry |
| Alerting | Alertmanager, PagerDuty |
🤖 10. Advanced Topics
| Topic | Description |
|---|---|
| Operators | Custom controllers for complex apps (e.g., DBs) |
| Custom Resource Definitions (CRDs) | Extend K8s API |
| Pod Disruption Budgets | Ensure availability during node upgrade |
| Multi-cluster deployments | Manage apps across regions/clouds |
| Service Mesh (Istio, Linkerd) | Traffic shaping, mTLS, telemetry |
| Admission Webhooks | Validate/Mutate requests dynamically |
🎯 Bonus: Kubernetes Interview Highlights
| Topic | Sample Question |
|---|---|
| Pod Lifecycle | What are pod phases? |
| Rolling Updates | How does Kubernetes update apps without downtime? |
| Liveness vs Readiness | What’s the difference? |
| HPA | How does auto-scaling work in Kubernetes? |
| Network Policies | How do you restrict pod traffic? |
Cheat Sheet PDF
🧭 Final Learning Path
1️⃣ Start with: kubectl, Pods, Services
2️⃣ Deploy apps: Deployments, Ingress
3️⃣ Add CI/CD: GitHub Actions + YAML
4️⃣ Secure it: Secrets, RBAC
5️⃣ Scale it: HPA, Helm, ArgoCD
6️⃣ Observe it: Prometheus, Grafana
7️⃣ Extend it: CRDs, Operators
🏁 Conclusion
Kubernetes is vast, but not impossible.
Use this cheat sheet as your guide — whether you’re:
- Preparing for an interview
- Managing production apps
- Learning Kubernetes from scratch
“If Docker runs containers, Kubernetes runs production.”
Category: