kubectl Cheats for Incident Response

20 kubectl one-liners for incident response. Each with a real use case and what it catches.

Describe and get

kubectl describe pod $p -n prod surfaces events that get pod $p hides.

Use describe first when investigating CrashLoop or pending pods.

Logs

kubectl logs -f deployment/api -n prod --previous shows last container's logs.

--since=1h scopes to recent.

Exec carefully

kubectl exec -it pod/$p -n prod -- /bin/sh enters the pod.

Use sparingly; production exec leaves no audit trail without extra setup.