CNCF CKAD Useful kubectl commands – Pods

kubectl edit po <pod-name>

A common task in the CKAD exam is to update the configuration of an existing Pod. Use the kubectl edit which opens a yaml manifest file in the default vi editor (learn & practice this if you do not know it).

The kubectl edit command will open the current pod manifest file in the VI editor – you can use VI commands to update following manifest file properties and simply save the updated file using vi ( :wq!).

Pod manifest field changes are straight-forward, simply edit these fields as required and save file (:qw!) to automatically deploy the following changes.

  • spec.containers[*].image                            # changing the container image
  • spec.initContainers[*].image                     # changing the init container image
  • spec.activeDeadlineSeconds                       # update entry as seconds
  • spec.tolerations                                             # only additions to existing tolerations
  • spec.terminationGracePeriodSeconds    # allow it to be set to 1 if it was previously negative
=> kubectl edit po my-pod
pod/my-pod edited

Note: Errors from invalid changes will result in the editor being re-presented containing the change file.  The first file #header lines will describe the error in detail and possible remediation actions.

USEFUL LINKS: – kubectl edit

kubectl replace --force -f /tmp/<change-file-name>.yaml

Following on from the kubectl edit section, your valid manifest changes to other fields, for example adding a spec.containers[*].resources.requests.cpu entry, and saving, will result in the editor re-presenting the changes with a representative warning message in #Header (example shown below).

# Please edit the object below. Lines beginning with a '#' will be ignored,
# ... pods "my-pod" was not valid:
# * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`,`spec.initContainers[*].image...

… “/tmp/kubectl-edit-3373407627.yaml” 115L, 3444B

This output is expected and ok. The temporary change file in this example is /tmp/kubectl-edit-2634371665.yaml as shown in vi editor footer message. Exit the editor.

=> kubectl edit po my-pod
error: pods "my-pod" is invalid
A copy of your changes has been stored to "/tmp/kubectl-edit-3373407627.yaml"
error: Edit cancelled, no valid changes were saved.

Once your happy with the edited manifest changes, simply apply the change file using the following kubectl replace command. Ensure you apply the nominated change file. The kubectl replace command will delete the old pod and created a new one. (Careful not to apply a previous change file if you regularly use command history to reduce typing).

=> kubectl replace --force -f <change-file-name>
e.g. kubectl replace --force -f /tmp/kubectl-edit-3373407627.yaml
pod "redis" deleted
pod/redis replaced

The replaced pod configuration now contains your updated manifest change (spec.containers[*].resources.requests.cpu added in this example).

USEFUL LINKS: – kubectl replace

kubectl get po <pod-name> -o jsonpath = '{.spec.containers[*].image}'

The kubectl get command can be used to filter pod metadata output using the -o jsonpath option. Notice the quotes & json path format.

=> kubectl get po sidecar-pod -o jsonpath='{.spec.containers[*].image}'

nginx redis

This output indicates this pod has two containers deploying the latest nginx and redis images respectively.

USEFUL LINKS: – kubectl get

kubectl taint no my-node <key=value>:[NoSchedule | PreferNoSchedule | NoExecute]

Taints apply to nodes, and Tolerations to pods, (note use by themselves does not guarantee your pod goes to desired node, see also Node Affinity).

While we can use kubectl taint to nodes to prevent pod scheduling, we can Not apply the corresponding pod toleration using kubectl imperative commands (we need to apply pod tolerations declaratively, but can use kubectl edit & kubectl replace, (described above). Refer Well Known Labels, Annotations & Taints for further examples of taints and tolerations.

Both Taints and corresponding negating Tolerations are based on use of same properties with matching values (‘kove’ = key, operator, value, effect [NoSchedule,PreferNoSchedule,NoExecute]).

key = bug-spray
operator = equals
value = mortein
effect = NoSchedule

 Taint the node my-node
=> kubectl taint no my-node bug-spray=mortein:NoSchedule
node/my-node tainted

Taints can be removed with the same command suffixed with a dash.

=> kubectl taint no my-node bug-spray=mortein:NoSchedule-
node/my-node untainted 

USEFUL LINKS: – kubectl taint

kubectl delete po <pod-name> --force --grace-period=0

In the exam context the delay associated with a plain kubectl delete can take a very long time to return the cursor. Instead, try

=> kubectl delete po mynginx --force --grace-period=0 
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "webapp" force deleted

Or equivalent if you setup the exports described in the Hints and Tips page.

=> kubectl delete po mynginx $now

USEFUL LINKS: – kubectl delete

kubectl get po -o wide --show-labels

Using get pods with -o wide option is quick way of listing pod location (node / IP), and to show labels.

=> kubectl get po -o wide --show-labels
nginx 1/1 Running 0 17m controlplane <none> <none> run=nginx
newpods-v6p6h 1/1 Running 1 (60s ago) 17m controlplane <none> <none> tier=busybox

USEFUL LINKS: – kubectl get

kubectl get po -l <label-name>=<label-value> -A

Can filter pods by label using -l name=value, name2=value2,… (or –selector). Here we use -A for all namespaces.

=> kubectl get po -l run=nginx -A

default nginx 1/1 Running 0 21m

USEFUL LINKS: – kubectl get
kubectl get po -l run=nginx -o json

Sometimes useful to retrieve pod meta in json format JSON (to work out json paths).

=> kubectl get po -l run=nginx -o json

k get po -l run=nginx -o json
"apiVersion": "v1",
"items": [
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2023-07-23T07:18:06Z",
"labels": {
"run": "nginx"
"name": "nginx",

USEFUL LINKS: – kubectl get