Container Commands to kubectl

This reference maps container workflows to their Kubernetes equivalents. Some concepts translate directly. Others split across multiple Kubernetes primitives — a single docker run touches Deployments, Services, ConfigMaps, and Secrets in Kubernetes.

Running containers

Container	Kubernetes
podman run -d --name app image:tag	Create a Deployment manifest, apply with kubectl apply -f
podman run -it --rm image:tag sh	kubectl run tmp --rm -it --image=image:tag -- sh
docker compose up -d	kubectl apply -k overlays/dev/ or flux reconcile kustomization <name>
docker compose up --build	Build image, push to registry, then kubectl rollout restart deployment/<name>
podman start <container>	kubectl scale deployment/<name> --replicas=1 (if scaled to 0)
podman stop <container>	kubectl scale deployment/<name> --replicas=0
podman restart <container>	kubectl rollout restart deployment/<name> -n <ns>
docker compose restart	kubectl rollout restart deployment/<name> -n <ns> (per deployment)
docker compose restart <service>	kubectl rollout restart deployment/<service> -n <ns>
docker compose down	kubectl delete -k overlays/dev/ or remove from Flux kustomization
docker compose pull	Kubernetes pulls images on pod creation; force with kubectl rollout restart

Logs

Container	Kubernetes
podman logs <container>	kubectl logs deployment/<name> -n <ns>
podman logs -f <container>	kubectl logs -f deployment/<name> -n <ns>
podman logs --tail 100 <container>	kubectl logs --tail=100 deployment/<name> -n <ns>
docker compose logs	kubectl logs -l app=<label> -n <ns> --all-containers
docker compose logs -f <service>	kubectl logs -f deployment/<service> -n <ns>

k9s: select a pod, press l for logs. Press 0 for all lines from the start, 1–9 for the last N hundred lines.

Shell access

Container	Kubernetes
podman exec -it <container> sh	kubectl exec -it deployment/<name> -n <ns> -- sh
podman exec -it <container> bash	kubectl exec -it deployment/<name> -n <ns> -- bash
docker compose exec <service> sh	kubectl exec -it deployment/<service> -n <ns> -- sh

k9s: select a pod, press s for shell.

For multi-container pods, specify the container:

kubectl exec -it pod/<name> -c <container> -n <ns> -- sh

Listing and inspecting

Container	Kubernetes
podman ps	kubectl get pods -n <ns>
podman ps -a	kubectl get pods -n <ns> --show-all
docker compose ps	kubectl get pods -n <ns> -l app=<label>
podman inspect <container>	kubectl describe pod/<name> -n <ns>
podman inspect --format '{{.State.Status}}'	kubectl get pod/<name> -o jsonpath='{.status.phase}'
podman images	Images are not cluster-scoped; check your registry
podman port <container>	kubectl get svc -n <ns>
docker compose top	kubectl top pods -n <ns> (requires metrics-server)

k9s: press d to describe, y for full YAML.

Environment variables and config

Container	Kubernetes
podman run -e KEY=value	Set in Deployment manifest under env:
podman run --env-file .env	Create a ConfigMap or Secret, reference with envFrom:
docker compose environment: block	ConfigMap for plain values, Secret for sensitive values
Edit .env and docker compose restart	kubectl edit configmap/<name> then kubectl rollout restart deployment/<name>

# Create a ConfigMap from an env file
kubectl create configmap app-config --from-env-file=.env -n <ns>

# Create a Secret from literals
kubectl create secret generic app-secrets --from-literal=DB_PASS=hunter2 -n <ns>

In this project, secrets use SOPS encryption. Edit with mise run edit <file>.

Volumes and storage

Container	Kubernetes
podman run -v /host:/container	hostPath volume in pod spec (avoid in production)
podman run -v name:/container	PersistentVolumeClaim mounted in pod spec
podman volume create	Create a PersistentVolumeClaim manifest
podman volume ls	kubectl get pvc -n <ns>
podman volume rm	kubectl delete pvc/<name> -n <ns>
docker compose volumes: block	PVC manifests in the kustomization overlay
podman cp file container:/path	kubectl cp file pod/<name>:/path -n <ns>

k9s: press Shift+B to jump to PVCs.

Networking

Container	Kubernetes
podman run -p 8080:80	Service with port: 8080, targetPort: 80
docker compose ports: block	Service manifest per deployment
podman network create	Namespaces provide network isolation; NetworkPolicies add fine-grained rules
podman network ls	kubectl get networkpolicies -A
Container-to-container by service name	<service>.<namespace>.svc.cluster.local DNS
localhost between compose services	Containers in the same pod share localhost; across pods use Service DNS
Reverse proxy (nginx/caddy in compose)	IngressRoute (Traefik) or Ingress resource

Viewing routes

The compose equivalent of checking which ports map where is inspecting IngressRoutes:

# List all routes
kubectl get ingressroutes -A

# Show hostnames
kubectl get ingressroutes -A -o jsonpath='{range .items[*]}{.metadata.namespace}/{.metadata.name}: {.spec.routes[*].match}{"\n"}{end}'

k9s: press Shift+L to jump to IngressRoutes, select one and press y to see the hostname match rule.

Scaling

Container	Kubernetes
docker compose up --scale web=3	kubectl scale deployment/<name> --replicas=3 -n <ns>
Single instance (compose default)	replicas: 1 in Deployment manifest

k9s: navigate to :deploy, select a deployment, press s to scale.

Building and deploying

Container	Kubernetes
podman build -t app:latest .	Build locally, push to registry, update Deployment image
docker compose build	No direct equivalent — build is separate from deploy
docker compose up --build	Build, push, then kubectl rollout restart or update the image tag

For local-only images (like the docs site), set imagePullPolicy: Never in the Deployment and load the image into the cluster’s container runtime directly:

podman build -t cluster-docs:latest --target production docs/
sudo k0s ctr images rm docker.io/library/cluster-docs:latest localhost/cluster-docs:latest
podman save cluster-docs:latest | sudo k0s ctr images import -
sudo k0s ctr images tag localhost/cluster-docs:latest docker.io/library/cluster-docs:latest
kubectl rollout restart deployment/docs -n docs

containerd does not overwrite tags. You must k0s ctr images rm the old tag before importing. Without this step, containerd keeps the stale image digest and every new pod launches the old image — even though the import reports success.

Retag after import. Podman exports as localhost/cluster-docs:latest, but Kubernetes resolves a bare image: cluster-docs:latest to docker.io/library/cluster-docs:latest. The ctr images tag step creates the alias the kubelet actually looks for.

Health checks

Container	Kubernetes
HEALTHCHECK CMD curl -f http://localhost/	livenessProbe and readinessProbe in pod spec
docker compose healthcheck: block	Probes support httpGet, exec, and tcpSocket
podman inspect health status	kubectl describe pod/<name> shows probe results

Cleanup

Container	Kubernetes
podman rm <container>	kubectl delete pod/<name> -n <ns> (Deployment recreates it)
podman rm -f <container>	kubectl delete pod/<name> --grace-period=0 --force
docker compose down -v	kubectl delete -k overlays/dev/ and kubectl delete pvc -l app=<label>
podman system prune	No equivalent — Kubernetes garbage-collects terminated pods automatically
podman image prune	Managed by the container runtime’s garbage collection settings

Flux GitOps equivalents

In this project Flux manages deployments declaratively. The compose workflow of editing a file and running docker compose up maps to editing a manifest and pushing to git:

Compose workflow	Flux workflow
Edit docker-compose.yaml, run docker compose up	Edit manifest, git push, Flux reconciles automatically
docker compose pull && docker compose up	Update image tag in manifest, push, Flux applies
docker compose down	Remove manifests from git, push, Flux deletes resources
Force re-deploy	flux reconcile kustomization <name>
Check status	flux get kustomizations -A and flux get helmreleases -A

k9s: press Shift+K for Flux Kustomizations, Shift+H for HelmReleases.