Mastering kubectl Basics for GKE

In the Google Cloud Associate Cloud Engineer (ACE) exam, understanding how to interact with Google Kubernetes Engine (GKE) is critical. While gcloud is used to manage the cluster infrastructure (the “container”), kubectl is the standard command-line tool used to manage the applications and resources inside that cluster.

The “Remote Control” Analogy

Imagine your GKE Cluster is a high-tech smart home. gcloud is the utility company that installs the house, sets up the electricity, and handles the billing. However, kubectl is the universal remote control you use once you are inside. You use it to turn on the lights (deploy pods), adjust the thermostat (scale replicas), and check if the fridge is running (inspect logs). You can’t use the utility company’s truck to dim your living room lights, and you can’t use your remote to pay your property taxes.

Detail Elaboration: The Kubectl Workflow

To use kubectl with GKE, you must first authenticate. This is a common exam point. You use the gcloud container clusters get-credentials [CLUSTER_NAME] command to populate your kubeconfig file with the necessary endpoint and auth data.

Core Command Patterns

  • kubectl get: Lists resources (pods, services, deployments). Use -o wide for more detail.
  • kubectl describe: Shows detailed state and event history of a specific resource. Essential for troubleshooting.
  • kubectl apply -f [FILE]: The declarative way to create or update resources using YAML files.
  • kubectl logs: Retrieves stdout/stderr from a container. Use -f to stream logs.
  • kubectl exec: Executes a command inside a running container (e.g., kubectl exec -it [POD_NAME] -- /bin/bash).

Core Concepts & GCP Best Practices

Reliability and Scalability

GCP recommends using Declarative Configuration (YAML files) over Imperative commands (like kubectl run). This ensures your infrastructure state is version-controlled and reproducible, leading to higher operational excellence. For scaling, while you can manually use kubectl scale, GCP best practice is to use the Horizontal Pod Autoscaler (HPA).

Security

Always follow the Principle of Least Privilege. Use Google Cloud IAM to control who can get cluster credentials, and Kubernetes RBAC to control what they can do with kubectl once authenticated.

Comparison: Interaction Methods

Feature Imperative (kubectl run/expose) Declarative (kubectl apply)
Use Case Quick tests, one-off tasks. Production environments, CI/CD.
Auditability Low (hard to track changes). High (stored in Git/YAML).
Complexity Simple, single-line commands. Requires understanding YAML structure.
Scalability Manual. Integrated with HPA/GitOps.

Scenario-Based Decision Matrix

If you need to authorize your local machine to talk to a GKE cluster… Then use gcloud container clusters get-credentials.

If a Pod is stuck in “Pending” state and you need to know why… Then use kubectl describe pod [NAME].

If you need to see the application-level errors inside a container… Then use kubectl logs [NAME].

If you want to change the number of running instances permanently… Then update the YAML and use kubectl apply.

Exam Tips: Golden Nuggets

  • The “gcloud” vs “kubectl” Trap: If the question asks about creating a cluster, resizing a node pool, or enabling auto-repair, the answer is gcloud. If it asks about deploying a container, viewing pod logs, or creating a secret, the answer is kubectl.
  • Context is King: If kubectl isn’t connecting, ensure you have run get-credentials. The ACE exam loves to test this prerequisite step.
  • Namespaces: Remember that kubectl get pods only shows pods in the default namespace. Use -A or --all-namespaces to see everything.
  • YAML over CLI: For production-related questions, prefer answers that involve kubectl apply -f rather than kubectl run.

kubectl Architecture & Flow

Admin kubectl API Server (GKE Control Plane) Node 1 Node 2
Key GCP Services

GKE: Managed Kubernetes.

Cloud Build: Often used to automate kubectl apply in CI/CD pipelines.

Container Registry/Artifact Registry: Where kubectl pulls images from.

Common Pitfalls

Wrong Project: Forgetting to set gcloud config set project before getting credentials.

Stale Credentials: Using a kubeconfig for a deleted cluster.

RBAC vs IAM: Confusing Google Cloud permissions with Kubernetes internal permissions.

Quick Patterns

Deploy: kubectl apply -f deployment.yaml

Check Health: kubectl get pods -l app=my-app

Update: kubectl set image deployment/my-deploy container=image:v2

Kubectl is Open Source Auth via OAuth2/GCP IAM Port-forward for local testing

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top