Mark III Systems Blog

Kubernetes Quick Tip – Using “Krew”, the Package Manager for kubectl Plugins by Tim Medlin



If you're a frequent user of the Kubernetes  command line tool "kubectl", you might be asking yourself the question: "What is Krew, and what does it do?"

Krew is the plugin manager for the kubectl command line tool. It's a simple tool that helps you find, install and manage kubectl plugins in a consistent way.

Kubectl plugins are extremely easy to install and are a great way  to simplify Kubernetes command line tasks by extending the capabilities of the kubectl command.

In just a few short steps below, you’ll find simple instructions for installing the Krew tool along with several examples of how to use a few of my favorite kubectl plugins.

Installing/Configuring Krew

  1. Installing Krew:

Krew can easily be installed in a matter of minutes on Linux, MacOS, or Windows by following the simple instructions for your particular OS here:

Since I am running Bash shell in Linux, I simply ran the install script in the link above and then added the line: export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"  to my ~/.bashrc file.

After restarting my shell, I can confirm that Krew is installed correctly by running the command kubectl krew:

$> kubectl krew

krew is the kubectl plugin manager.

You can invoke krew through kubectl: "kubectl krew [command]..."


kubectl krew [command]

Available Commands:

help        Help about any command

index       Manage custom plugin indexes

info        Show information about an available plugin

install     Install kubectl plugins

list           List installed kubectl plugins

search      Discover kubectl plugins

uninstall   Uninstall plugins

update      Update the local copy of the plugin index

upgrade     Upgrade installed plugins to newer versions

version     Show krew version and diagnostics


-h, --help      help for krew

-v, --v Level   number for the log level verbosity

Use "kubectl krew [command] --help" for more information about a command.

  1. Download the plugin list:

Update the local copy of the Krew plugin index by running the command kubectl krew update:

$> kubectl krew update

Updated the local copy of plugin index.

  1. Discover plugins available on Krew:

To discover Krew plugins, you can either browse the current list of over 130 plugins in your browser at or display the list of available plugins by running the command  kubectl krew search:

$> kubectl krew search

NAME                                DESCRIPTION                                                                        INSTALLED

access-matrix                   Show an RBAC access matrix for server resources        no

advise-psp                        Suggests PodSecurityPolicies for cluster                         no

auth-proxy                       Authentication proxy to a pod or service                        no



Kubectl Plugin Examples

As mentioned above, there are over 130 kubectl plugins available through Krew, so let’s take a look at how to install and use a few of my favorite kubectl plugins:

1. pod-dive

The kubectl “pod-dive” plugin returns data associated with the pod no matter where it is running, such as its origin workload, namespace, the node where it is running and its node pod siblings, as well basic health status of it all.

First, let’s install the “pod-dive” plugin with the command kubectl krew install pod-dive:

$> kubectl krew install pod-dive

Updated the local copy of plugin index.

Installing plugin: pod-dive

Installed plugin: pod-dive

Usage: kubectl pod-dive [pod name] [flags]


Now let’s look at an example of the output returned when using the pod-drive plugin. Usage: kubectl pod-dive [pod name]

  • $> kubectl pod-dive kafka-operator-kafka-0
  • [node]      gke-staging-default-pool-acca72c6-klsn [ready]
  • [namespace]  ├─┬ kafka
  • [type]       │ └─┬ statefulset
  • [workload]   │   └─┬ kafka-operator-kafka [3 replicas]
  • [pod]        │     └─┬ kafka-operator-kafka-0 [pending]
  • [containers] │       ├── kafka [1 restart]
  •              │       ├── tls-sidecar [0 restarts]
  •              │       ├── vault-renewer [2 restarts]
  •              │       ├── vault-authenticator [init, 0 restarts]
  •              │       └── kafka-init [init, 0 restarts]
  •             ...
  • [siblings]   ├── cassandra-0
  •              ├── debug-b58f6f7f8-hbfw5
  •              ├── ignite-memory-web-agent-cc75c9987-nfh6p
  •              ├── jaeger-agent-daemonset-gmhm7
  •              ├── jaeger-query-7dc45cfc9f-mzfg6
  •              ├── kafka-operator-zookeeper-0
  •              ├── calico-node-dgvht
  •              ├── calico-typha-65bfd5544b-kjjjh
  •              ├── fluentd-gcp-scaler-6bc97c54b4-xftsm
  •              ├── fluentd-gcp-v3.1.1-b9zhf
  •              ├── ip-masq-agent-jtjxz
  •              ├── kube-dns-autoscaler-bb58c6784-j9n4h
  •              ├── kube-proxy-gke-staging-default-pool-acca72c6-klsn
  •              ├── metrics-server-v0.3.1-7b4d7f457-v6mfp
  •              ├── prometheus-to-sd-47n9b
  •              ├── vpa-recommender-8667dc8d75-9j4vl
  •              ├── fluent-bit-rj8cn
  •              ├── prometheus-operator-grafana-7f478cc944-g7rvw
  •              ├── prometheus-operator-kube-state-metrics-79486d7f6d-9r9q5
  •              ├── prometheus-operator-operator-777f86b5f7-njr9n
  •              └── prometheus-operator-prometheus-node-exporter-8w8tv
  •     kafka imagepullbackoff
  •     vault-renewer error (code 7)

2. get-all

If you use kubectl on a regular basis, then you’re probably well aware of this fact: For a complete overview of all resources in a Kubernetes cluster, the command "kubectl get all --all-namespaces" is not enough, because it simply does not show everything. Lucky for us, the "get-all" plugin lists really all resources the cluster has to offer.

First, let’s install the “pod-dive” plugin with the command kubectl krew install get-all:

$> kubectl krew install get-all

Updated the local copy of plugin index.

Installing plugin: get-all

Installed plugin: get-all

Usage: kubectl pod-dive [pod name] [flags]


Now let’s look at an example of the output returned when using the pod-drive plugin with the command kubectl get-all:

**Since the “kubectl get-all” command I ran on my cluster below returned 460 lines/resources, I’ve clipped the output at the bottom of the  table below with […].  So, let’s just say that the “get-all” plugin REALLY does get all resources in the cluster!

Detailed usage documentation of the” get-all” plugin and its optional arguments can be found here:

  • $> kubectl get-all
configmap/cluster-info kube-public 233d
configmap/calico-config kube-system 233d
configmap/coredns kube-system 233d
configmap/dns-autoscaler kube-system 233d
configmap/extension-apiserver-authentication kube-system 233d
configmap/ingress-controller-leader-nginx kube-system 228d
configmap/kube-proxy kube-system 233d
configmap/kubeadm-config kube-system 233d
configmap/kubelet-config-1.17 kube-system 233d
configmap/kubernetes-dashboard-settings kube-system 233d
configmap/metallb kube-system 228d
configmap/nodelocaldns kube-system 233d
endpoints/kubernetes default 233d
endpoints/cnvrg-prometheus-operator-kubelet kube-system 162d
endpoints/coredns kube-system 233d
endpoints/dashboard-metrics-scraper kube-system 233d
endpoints/kube-controller-manager kube-system 233d
endpoints/kube-scheduler kube-system 233d
endpoints/tiller-deploy kube-system 233d
pod/calico-kube-controllers-5dd47bb974-89mpd kube-system 177d
pod/calico-node-7cp8x kube-system 233d
pod/calico-node-b5cz5 kube-system 233d
pod/calico-node-hqprl kube-system 233d
pod/calico-node-j5l64 kube-system 233d
pod/coredns-76798d84dd-2qv2k kube-system 233d
pod/coredns-76798d84dd-fj55s kube-system 233d
pod/dns-autoscaler-85f898cd5c-twwsl kube-system 233d
pod/kube-apiserver-do-m1 kube-system 233d
pod/kube-apiserver-do-m2 kube-system 233d
pod/kube-apiserver-do-m3 kube-system 233d
pod/kube-controller-manager-do-m1 kube-system 233d
pod/kube-controller-manager-do-m2 kube-system 233d
pod/kube-controller-manager-do-m3 kube-system 233d
pod/kube-proxy-6cdn4 kube-system 233d
pod/kube-proxy-cj8qn kube-system 233d
pod/kube-proxy-hkx2s kube-system 233d
pod/kube-proxy-p27nz kube-system 233d
pod/kube-scheduler-do-m1 kube-system 233d
pod/kube-scheduler-do-m2 kube-system 233d
pod/kube-scheduler-do-m3 kube-system 233d
pod/kubernetes-metrics-scraper-747b4fd5cd-m9nwt kube-system 177d
pod/nginx-proxy-m3stack-gpu02 kube-system 154d
pod/nodelocaldns-7ktt8 kube-system 233d
pod/nodelocaldns-c9rf7 kube-system 233d
pod/nodelocaldns-hbrhx kube-system 233d
pod/nodelocaldns-pn5cj kube-system 233d
pod/nvidia-device-plugin-daemonset-886k8 kube-system 228d


Be sure to browse through the large and growing list of kubectl plugins managed by Krew here:

I’m sure you’ll find quite a few plugins that will help save you time and help to eliminate the occasional hand cramp from typing out so many kubectl commands!

(Speaking of hand cramps, if you’re a Linux or MacOS user, be sure to enable kubectl auto-completion and create a k for kubectl command alias while you’re at it :) )

Krew Reference URLs: