kubectl Usage Conventions

Recommended usage conventions for kubectl.

Using kubectl in Reusable Scripts

For a stable output in a script:

  • Request one of the machine-oriented output forms, such as -o name, -o json, -o yaml, -o go-template, or -o jsonpath.
  • Fully-qualify the version. For example, jobs.v1.batch/myjob. This will ensure that kubectl does not use its default version that can change over time.
  • Don't rely on context, preferences, or other implicit states.

Best Practices

kubectl run

For kubectl run to satisfy infrastructure as code:

  • Tag the image with a version-specific tag and don't move that tag to a new version. For example, use :v1234, v1.2.3, r03062016-1-4, rather than :latest (For more information, see Best Practices for Configuration).
  • Check in the script for an image that is heavily parameterized.
  • Switch to configuration files checked into source control for features that are needed, but not expressible via kubectl run flags.

You can use the --dry-run=client flag to preview the object that would be sent to your cluster, without really submitting it.

Note: All kubectl run generators are deprecated. See the Kubernetes v1.17 documentation for a list of generators and how they were used.

Generators

You can generate the following resources with a kubectl command, kubectl create --dry-run=client -o yaml:

  • clusterrole: Create a ClusterRole.
  • clusterrolebinding: Create a ClusterRoleBinding for a particular ClusterRole.
  • configmap: Create a ConfigMap from a local file, directory or literal value.
  • cronjob: Create a CronJob with the specified name.
  • deployment: Create a Deployment with the specified name.
  • job: Create a Job with the specified name.
  • namespace: Create a Namespace with the specified name.
  • poddisruptionbudget: Create a PodDisruptionBudget with the specified name.
  • priorityclass: Create a PriorityClass with the specified name.
  • quota: Create a Quota with the specified name.
  • role: Create a Role with single rule.
  • rolebinding: Create a RoleBinding for a particular Role or ClusterRole.
  • secret: Create a Secret using specified subcommand.
  • service: Create a Service using specified subcommand.
  • serviceaccount: Create a ServiceAccount with the specified name.

kubectl apply

  • You can use kubectl apply to create or update resources. For more information about using kubectl apply to update resources, see Kubectl Book.
Last modified January 12, 2021 at 8:03 AM PST: update resource terms to CamelCase (f095cf3ec)