kubectl debugging commands

TLDR: My debugging order is describe pod → logs -p → get events → exec. Most issues are in the events or previous logs.

A pod was stuck in CrashLoopBackOff and kubectl logs showed nothing - the container was restarting too fast to catch output. Took me embarrassingly long to discover the -p flag for previous container logs. That one flag would have saved me an hour of head-scratching.

My debugging workflow Link to heading

When something’s broken, I check in this order:

1. kubectl describe pod/my-pod - Shows events, restart count, and why it failed
2. kubectl logs my-pod -p - Previous container logs (the -p is crucial)
3. kubectl get events --sort-by='.lastTimestamp' - Cluster-wide events
4. kubectl exec -it my-pod -- sh - Only if I need to poke around inside

The most common issues I find: OOMKilled (check events), image pull failures (check events), config errors (check logs), and permission issues (check logs).

exec into containers Link to heading

Get a shell inside a running container:

kubectl exec -it my-pod -- bash

If bash isn’t available, try sh:

kubectl exec -it my-pod -- sh

For multi-container pods, specify which one:

kubectl exec -it my-pod -c my-container -- bash

Run a single command without a shell:

kubectl exec my-pod -- ls /app
kubectl exec my-pod -- cat /etc/config/settings.yaml

port-forward Link to heading

Access a pod’s port locally:

kubectl port-forward deployment/my-app 8080:8080

Forward to a service:

kubectl port-forward svc/my-service 8080:80

events Link to heading

See what’s happening in the cluster:

kubectl get events --sort-by='.lastTimestamp'

Filter by reason:

kubectl get events --field-selector reason=FailedScheduling
kubectl get events --field-selector reason=BackOff

Watch in real time:

kubectl get events --watch

Common event reasons: Killing, FailedScheduling, FailedMount, Unhealthy, BackOff, Pulled, Created, Started.

Note: OOMKilled doesn’t appear as an event reason - it’s a container termination reason. Check it with kubectl describe pod or kubectl get pod -o jsonpath='{.status.containerStatuses[*].lastState}'.

See also: viewing pod logs and monitoring with watch and top.

Tips Link to heading

• Use -- to separate kubectl args from the command in exec
• Alpine-based images usually only have sh, not bash
• Events are cleaned up after about an hour, so check them soon after something goes wrong

Further reading Link to heading

• kubectl cheat sheet - official quick reference