// cheat sheet

Kubernetes Cheat Sheet

Day-to-day Kubernetes for backend and DevOps engineers — Pods, Deployments, Services, Ingress, ConfigMaps, Secrets, Helm, and the kubectl commands that get you out of incidents fast.

Quick Reference

›kubectl get pods -n <ns> -w
›kubectl logs -f -l app=orders --max-log-requests=10
›kubectl describe pod <pod> — top of any debug
›kubectl rollout restart deploy/orders
›helm upgrade --install orders ./chart -f values.prod.yaml

Learning Path

Recommended order

1.Beginner
2.Intermediate
3.Advanced

Prerequisites

•Docker basics
•YAML comfort
•Understanding of HTTP services

Skills you will learn

✓Workload deployment
✓Service exposure
✓Config & secret management
✓Helm chart usage

Estimated time

1 day to scan; weeks to internalize.

Architecture Overview

Architecture

Kubernetes Deployment Architecture

Ingress routes external traffic to a Service that load-balances across replica Pods. Pods read config from ConfigMaps and persist via managed databases.

Pods

kubectl get pods -A
kubectl describe pod orders-7c9-xyz
kubectl logs -f orders-7c9-xyz -c orders
kubectl exec -it orders-7c9-xyz -- sh
kubectl delete pod orders-7c9-xyz   # forces re-schedule

Deployments

apiVersion: apps/v1
kind: Deployment
metadata: { name: orders }
spec:
  replicas: 3
  selector: { matchLabels: { app: orders } }
  template:
    metadata: { labels: { app: orders } }
    spec:
      containers:
      - name: orders
        image: ghcr.io/acme/orders:1.4.0
        ports: [{ containerPort: 8080 }]
        readinessProbe: { httpGet: { path: /actuator/health/readiness, port: 8080 } }
        resources:
          requests: { cpu: 200m, memory: 512Mi }
          limits:   { cpu: 1,    memory: 1Gi }

# kubectl
kubectl apply -f orders.yaml
kubectl rollout status deploy/orders
kubectl rollout undo   deploy/orders

Services

apiVersion: v1
kind: Service
metadata: { name: orders }
spec:
  selector: { app: orders }
  ports: [{ port: 80, targetPort: 8080 }]
  type: ClusterIP    # or LoadBalancer / NodePort

kubectl port-forward svc/orders 8080:80

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: orders
  annotations: { cert-manager.io/cluster-issuer: letsencrypt }
spec:
  tls: [{ hosts: [api.acme.com], secretName: api-tls }]
  rules:
  - host: api.acme.com
    http:
      paths:
      - path: /orders
        pathType: Prefix
        backend: { service: { name: orders, port: { number: 80 } } }

ConfigMaps & Secrets

kubectl create configmap orders-conf \
  --from-literal=FEATURE_FLAG_NEW=true

kubectl create secret generic db-creds \
  --from-literal=DB_PASSWORD=s3cret

# Mount in a Pod spec
envFrom:
- configMapRef: { name: orders-conf }
- secretRef:    { name: db-creds }

Helm

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

helm upgrade --install orders ./chart \
  -n payments --create-namespace \
  -f values.prod.yaml

helm diff upgrade orders ./chart -f values.prod.yaml
helm list -A
helm rollback orders 1

kubectl power commands

kubectl config get-contexts
kubectl config use-context prod-eu
kubectl get all -n payments
kubectl top pods -n payments
kubectl explain deployment.spec.strategy
kubectl debug node/ip-10-0-1-23 -it --image=busybox

Common Mistakes

!Editing live workloads with `kubectl edit` instead of through Git.
!Omitting resource requests — the scheduler can't pack pods safely.
!Hardcoding secrets in manifests instead of Sealed Secrets / External Secrets.
!Skipping PodDisruptionBudgets and PodAntiAffinity for HA workloads.

Production Tips

★Use GitOps (ArgoCD/Flux) — manifests in Git, cluster reconciles automatically.
★Always set both readiness AND liveness probes with distinct semantics.
★Set TopologySpreadConstraints across zones for true HA.
★Enable NetworkPolicies — default-deny ingress per namespace.

Frequently Asked Questions

How should I use this cheat sheet?

Skim once end-to-end, then keep it open in a pinned tab. Copy a snippet, adapt it to your project, and refer back when memory fails.

Is this cheat sheet up to date?

It's maintained against the latest stable releases in 2026 and revised when commands or APIs change meaningfully.