Top 10 Krew Plugins for kubectl
Krew is the package manager for kubectl plugins, making it easy to extend kubectl’s functionality with community-contributed tools. With hundreds of plugins available, Krew transforms kubectl from a basic CLI tool into a powerful, extensible platform for Kubernetes management. Here are the top 10 Krew plugins that every Kubernetes practitioner should have in their toolkit.
Fast context switching between Kubernetes clusters.
The ctx plugin provides lightning-fast context switching, allowing you to move between different Kubernetes clusters with minimal keystrokes. It’s an essential tool for anyone managing multiple clusters.
Key Features:
- Instant context switching
- Interactive selection mode
- Tab completion support
- Fuzzy matching
- Context aliases
Installation:
kubectl krew install ctx
Usage:
# List all contexts
kubectl ctx
# Switch to specific context
kubectl ctx production-cluster
# Interactive selection
kubectl ctx
# Switch to previous context
kubectl ctx -
Configuration:
# Add to your shell profile for better UX
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
# Enable tab completion
source <(kubectl completion bash)
Quick namespace switching within the current context.
The ns plugin complements ctx by providing fast namespace switching within your current cluster context. It’s perfect for developers and operators who work across multiple namespaces.
Key Features:
- Quick namespace switching
- Interactive selection
- Tab completion
- Namespace aliases
- Current namespace display
Installation:
kubectl krew install ns
Usage:
# List all namespaces
kubectl ns
# Switch to specific namespace
kubectl ns production
# Interactive selection
kubectl ns
# Switch to previous namespace
kubectl ns -
Integration with kube-ps1:
# Add to your shell prompt to show current namespace
export PS1='[\u@\h \W $(kubectl_ps1)]\$ '
Cleans up verbose kubectl output for human-readable inspection.
The neat plugin removes unnecessary fields and metadata from kubectl output, making it much more readable and easier to work with during debugging and troubleshooting.
Key Features:
- Removes default fields and metadata
- Preserves important information
- YAML and JSON output support
- Customizable field filtering
- Maintains resource structure
Installation:
kubectl krew install neat
Usage:
# Clean up pod output
kubectl get pod my-pod -o yaml | kubectl neat
# Clean up deployment output
kubectl get deployment my-deployment -o yaml | kubectl neat
# Clean up service output
kubectl get service my-service -o yaml | kubectl neat
# Clean up configmap output
kubectl get configmap my-config -o yaml | kubectl neat
Custom Configuration:
# Create custom neat configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: neat-config
data:
config.yaml: |
remove:
- metadata.creationTimestamp
- metadata.generation
- metadata.resourceVersion
- metadata.uid
- status
View hierarchical ownership relationships between Kubernetes resources.
The tree plugin visualizes the ownership relationships between Kubernetes resources, making it easier to understand dependencies and troubleshoot issues in complex deployments.
Key Features:
- Hierarchical resource display
- Owner reference tracking
- Custom resource support
- Multiple output formats
- Dependency visualization
Installation:
kubectl krew install tree
Usage:
# Show pod ownership tree
kubectl tree pod my-pod
# Show deployment tree
kubectl tree deployment my-deployment
# Show all resources in namespace
kubectl tree all -n production
# Show specific resource type
kubectl tree service my-service
# Show with custom format
kubectl tree pod my-pod --graphviz
Advanced Usage:
# Show tree with specific fields
kubectl tree pod my-pod --show-labels
# Show tree with status information
kubectl tree deployment my-deployment --show-status
# Filter by labels
kubectl tree all -l app=frontend
Performs static analysis of your Kubernetes manifests.
The score plugin analyzes Kubernetes manifests for best practices, security issues, and potential problems before deployment. It’s an essential tool for maintaining high-quality configurations.
Key Features:
- Static analysis of manifests
- Best practice checking
- Security validation
- Performance recommendations
- Custom scoring rules
Installation:
kubectl krew install score
Usage:
# Analyze a single file
kubectl score deployment.yaml
# Analyze multiple files
kubectl score *.yaml
# Analyze with specific output format
kubectl score deployment.yaml --output-format json
# Analyze with custom rules
kubectl score deployment.yaml --policy-file custom-policy.yaml
# Analyze with verbose output
kubectl score deployment.yaml --verbose
Sample Output:
$ kubectl score deployment.yaml
[CRITICAL] Container has no resource limits
[WARNING] Container is not using a non-root user
[INFO] Consider adding liveness probe
[PASS] Container has security context
Custom Policy Example:
apiVersion: score.dev/v1alpha3
kind: Policy
metadata:
name: production-policy
spec:
rules:
- name: "require-resource-limits"
description: "All containers must have resource limits"
target:
apiVersion: apps/v1
kind: Deployment
checks:
- name: "container-resource-limits"
condition: "spec.template.spec.containers[*].resources.limits"
Shows which subjects can perform an action on a resource.
The who-can plugin helps you understand RBAC permissions by showing which users, groups, or service accounts can perform specific actions on Kubernetes resources. It’s invaluable for security audits and troubleshooting permission issues.
Key Features:
- RBAC permission analysis
- Subject identification
- Action-specific queries
- Verbose permission details
- Security auditing support
Installation:
kubectl krew install who-can
Usage:
# Check who can create pods
kubectl who-can create pods
# Check who can delete deployments
kubectl who-can delete deployments
# Check who can access secrets
kubectl who-can get secrets
# Check specific resource
kubectl who-can get secret my-secret
# Check with namespace
kubectl who-can create pods -n production
# Check with specific user
kubectl who-can create pods --as=user@example.com
Advanced Queries:
# Check multiple actions
kubectl who-can create,update,delete pods
# Check with specific API group
kubectl who-can create deployments.apps
# Check with custom resource
kubectl who-can create customresources.example.com
Stream logs across multiple pods with intelligent filtering.
The tail plugin provides advanced log streaming capabilities, allowing you to follow logs from multiple pods simultaneously with intelligent filtering and formatting.
Key Features:
- Multi-pod log streaming
- Intelligent pod selection
- Real-time filtering
- Color-coded output
- Custom formatting
Installation:
kubectl krew install tail
Usage:
# Follow logs from all pods with specific label
kubectl tail -l app=frontend
# Follow logs from specific namespace
kubectl tail -n production
# Follow logs with custom selector
kubectl tail --selector app=api,version=v2
# Follow logs with timestamps
kubectl tail --timestamps
# Follow logs with custom format
kubectl tail --format json
Advanced Filtering:
# Follow logs with regex filter
kubectl tail --regex "error|exception"
# Follow logs from specific containers
kubectl tail --container main
# Follow logs with custom since time
kubectl tail --since=1h
# Follow logs with line limits
kubectl tail --tail=100
Shows pod-to-service-to-node relationships.
The topology plugin visualizes the network topology of your Kubernetes cluster, showing how pods, services, and nodes are connected. It’s perfect for understanding network architecture and troubleshooting connectivity issues.
Key Features:
- Network topology visualization
- Pod-to-service mapping
- Node relationship display
- Custom output formats
- Interactive exploration
Installation:
kubectl krew install topology
Usage:
# Show topology for specific namespace
kubectl topology -n production
# Show topology for specific service
kubectl topology service my-service
# Show topology with custom format
kubectl topology --format json
# Show topology with specific labels
kubectl topology -l app=frontend
# Show topology with verbose output
kubectl topology --verbose
Output Example:
$ kubectl topology -n production
Namespace: production
├── Service: frontend-service
│ ├── Pod: frontend-pod-1 (Node: worker-1)
│ └── Pod: frontend-pod-2 (Node: worker-2)
├── Service: backend-service
│ ├── Pod: backend-pod-1 (Node: worker-1)
│ └── Pod: backend-pod-2 (Node: worker-3)
└── Service: database-service
└── Pod: database-pod-1 (Node: worker-3)
Decodes and shows Kubernetes Secrets in a readable format.
The view-secret plugin makes it easy to view and decode Kubernetes Secrets without manually base64 decoding each value. It’s essential for debugging and verifying secret configurations.
Key Features:
- Automatic base64 decoding
- Readable secret display
- Multiple output formats
- Secure handling
- Custom formatting
Installation:
kubectl krew install view-secret
Usage:
# View secret in readable format
kubectl view-secret my-secret
# View secret with specific key
kubectl view-secret my-secret username
# View secret in JSON format
kubectl view-secret my-secret --format json
# View secret with custom output
kubectl view-secret my-secret --output yaml
# View secret from different namespace
kubectl view-secret my-secret -n production
Security Considerations:
# View secret without logging to history
kubectl view-secret my-secret --no-log
# View secret with minimal output
kubectl view-secret my-secret --quiet
# View secret with specific keys only
kubectl view-secret my-secret --keys username,password
Lists all namespaced resources in a cluster.
The get-all plugin provides a comprehensive view of all resources in your cluster or namespace, making it easier to audit and understand your Kubernetes environment.
Key Features:
- Comprehensive resource listing
- Namespace-specific views
- Custom filtering options
- Multiple output formats
- Resource categorization
Installation:
kubectl krew install get-all
Usage:
# List all resources in current namespace
kubectl get-all
# List all resources in specific namespace
kubectl get-all -n production
# List all resources with custom format
kubectl get-all --output wide
# List all resources with specific labels
kubectl get-all -l app=frontend
# List all resources with custom columns
kubectl get-all --custom-columns=NAME:.metadata.name,KIND:.kind,AGE:.metadata.creationTimestamp
Advanced Usage:
# List all resources with status
kubectl get-all --show-status
# List all resources with events
kubectl get-all --show-events
# List all resources with custom sorting
kubectl get-all --sort-by=.metadata.creationTimestamp
# List all resources with specific API versions
kubectl get-all --api-version=v1
# Install Krew
(
set -x; cd "$(mktemp -d)" &&
OS="$(uname | tr '[:upper:]' '[:lower:]')" &&
ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" &&
KREW="krew-${OS}_${ARCH}" &&
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" &&
tar zxvf "${KREW}.tar.gz" &&
./"${KREW}" install krew
)
# Add Krew to PATH
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
# List installed plugins
kubectl krew list
# Search for plugins
kubectl krew search <plugin-name>
# Install a plugin
kubectl krew install <plugin-name>
# Update plugins
kubectl krew upgrade
# Remove a plugin
kubectl krew uninstall <plugin-name>
# Show plugin information
kubectl krew info <plugin-name>
# Add to your shell profile (.bashrc, .zshrc, etc.)
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
# Enable kubectl completion
source <(kubectl completion bash)
# Add custom aliases
alias k='kubectl'
alias kctx='kubectl ctx'
alias kns='kubectl ns'
- Choose plugins that solve specific problems
- Verify plugin maintenance and community support
- Test plugins in non-production environments first
- Review plugin source code before installation
- Use plugins from trusted sources
- Be cautious with plugins that require elevated permissions
- Limit the number of installed plugins
- Use plugins efficiently to avoid performance impact
- Monitor plugin resource usage
- Establish team standards for plugin usage
- Document preferred plugins and configurations
- Share plugin configurations across team members
- Regularly update plugins for security and features
- Remove unused plugins to reduce clutter
- Monitor plugin compatibility with kubectl updates
Krew plugins significantly enhance kubectl’s functionality, transforming it from a basic CLI tool into a powerful, extensible platform for Kubernetes management. The plugins outlined above provide essential capabilities for context management, resource analysis, security auditing, and productivity enhancement.
Start with the core plugins (ctx, ns, neat) and gradually expand your toolkit based on your specific needs and workflows. Remember that the best tool is the one that fits your workflow and helps you solve real problems efficiently.
For teams managing multiple clusters or complex environments, consider creating standardized plugin configurations and documentation to ensure consistency across your organization. The Krew ecosystem continues to grow, so stay updated with new plugins that might benefit your workflow.
For more information about Kubernetes CLI tools and best practices, visit the official Kubernetes documentation and the Krew plugin index.