12 commands for production incidents - structured by domain, with copy buttons and a decision tree. Printable, free, no signup.
kubectl get pods -A --field-selector=status.phase!=Running→ Instantly shows every pod that is not running.
kubectl get pod <name> -o wide→ Shows node, IP and restart count.
kubectl describe pod <name>→ The most important command - solves 80 % of cases.
kubectl logs <pod> --previous→ Returns the logs of the previous crash.
kubectl logs <pod> -f --tail=100→ Streams the latest logs in real time.
kubectl get events --sort-by=.lastTimestamp -A | tail -30→ Helps when describe falls short.
kubectl debug -it <pod> --image=busybox --target=<container>→ Ideal for distroless images or pods without a shell.
kubectl describe node <name>→ For pending pods, evictions or resource issues.
kubectl top pods -A --sort-by=memory→ Finds memory hogs and suspicious pods.
kubectl get all -n <ns>→ Shows every key resource in a namespace.
kubectl exec -it <pod> -- /bin/sh→ When the container has a shell.
kubectl auth can-i --list -n <ns>→ Helps with permissions and role issues.
→ describe + events → logs --previous → describe node + top pods → kubectl debug → auth can-i Replay real production incidents, internalise kubectl workflows, find root causes in minutes.
View workshop detailsReady for your cloud transformation?