Kubernetes Glossary
Introduction
Explore this curated list of definitions for commonly used Kubernetes terms, designed to demystify this powerful container orchestration platform.
Whether you're a beginner or a seasoned Kubernetes user, this glossary will enhance your knowledge and help you navigate the intricate Kubernetes ecosystem with ease.
Kubernetes Terms
A
Add-ons: Resources that empower Kubernetes with additional functions.
Admission Controller: A code snippet that captures and processes Kubernetes API server requests before the object is saved.
Affinity: Affinity in Kubernetes refers to a collection of guidelines that offer recommendations to the scheduler regarding the placement of pods.
Aggregation Layer: The aggregation layer in Kubernetes enables the installation of additional APIs with a style similar to Kubernetes in your cluster.
Annotation: A key-value pair utilized for adding unspecified metadata to objects without identification.
API Group:A group of related Kubernetes API paths.
API server: Additionally referred to as kube-apiserver, the API server is a Kubernetes control plane component that provides access to the Kubernetes API. It serves as the control plane's primary interface.
API-initiated eviction: API-triggered eviction involves utilizing the Eviction API to generate an Eviction
object that initiates the graceful termination of pods.
App Container: Application containers, also known as app containers, are the ones in a pod that are launched after any init containers have finished.
Application Architect: An individual who oversees the high-level design of an application.
Application Developer: An individual who authors an application that operates within a Kubernetes cluster.
Applications: The stratum where multiple containerized applications operate.
Approver: An individual who can evaluate and authorize contributions to Kubernetes code.
C
cAdvisor: cAdvisor (Container Advisor) offers container users insights into the resource utilization and performance attributes of their active containers.
Certificate: An encrypted file utilized for authenticating access to the Kubernetes cluster.
cgroup (control group): A collection of Linux processes with optional resource isolation, accounting, and limits.
CIDR: CIDR (Classless Inter-Domain Routing) is a notation for describing IP address blocks, commonly used in networking configurations.
CLA (Contributor License Agreement): The conditions by which a contributor licenses their contributions to an open-source project.
Cloud Controller Manager: A Kubernetes control plane component that incorporates cloud-specific control logic, the cloud controller manager enables the integration of your cluster with your cloud provider's API. It separates the components that interact with the cloud platform from those that only interact with the cluster.
Cloud Native Computing Foundation (CNCF): The Cloud Native Computing Foundation (CNCF) cultivates sustainable ecosystems and nurtures a community for projects that manage containers within a microservices architecture. Kubernetes is a CNCF project.
Cloud Provider: Also referred to as CSP (Cloud Service Provider), a company or organization that provides a cloud computing platform.
Cluster: A group of machines known as nodes that operate containerized applications, with every cluster having at least one worker node.
Cluster Architect: An individual who architects infrastructure that includes one or more Kubernetes clusters.
Cluster Infrastructure: The infrastructure layer is responsible for providing and maintaining VMs, networking, security groups, and other components.
Cluster Operations:The tasks associated with overseeing a Kubernetes cluster: handling daily operations and coordinating upgrades.
Cluster Operator: An individual responsible for configuring, managing, and monitoring clusters.
Code Contributor: An individual who creates and contributes code to the Kubernetes open-source code repository.
ConfigMap: A ConfigMap is an API object that serves to store non-confidential data in key-value pairs. Pods can utilize ConfigMaps in various ways, such as environment variables, command-line arguments, or as configuration files in a volume.
Container: A container image is a lightweight and portable executable that includes software and all of its dependencies.
Container Environment Variables: Environment variables in a container are name=value pairs that offer helpful information to containers operating within a pod.
Container Lifecycle Hooks: Lifecycle hooks reveal events in the Container management lifecycle, enabling users to execute code in response to these events.
Container network interface (CNI): CNI (Container Network Interface) plugins are a form of network plugin that complies with the appc/CNI specification.
Container Runtime: A crucial component that enables Kubernetes to efficiently manage containers is the container runtime. It is responsible for controlling the execution and lifecycle of containers within the Kubernetes environment.
Container runtime interface (CRI): The container runtime interface (CRI) is an API that enables container runtimes to interface with the kubelet on a node.
Container Storage Interface (CSI): The Container Storage Interface (CSI) establishes a standardized interface for presenting storage systems to containers.
containerd: A container runtime that prioritizes simplicity, sturdiness, and portability.
Contributor: An individual who contributes code, documentation, or their time to support the Kubernetes project or community.
Control Plane: The container orchestration layer that provides APIs and interfaces for defining, deploying, and managing container lifecycles.
Controller: In Kubernetes, controllers are control loops that monitor the state of your cluster and make adjustments as needed to align the current state with the desired state.
CRI-O: A tool that enables the use of OCI container runtimes in conjunction with the Kubernetes Container Runtime Interface (CRI).
CronJob: Handles a Job that operates according to a recurring schedule.
CustomResourceDefinition: Custom code that specifies a resource to include in your Kubernetes API server without constructing an entire custom server.
D
DaemonSet: Ensures that at least one instance of a Pod is running across a specified set of nodes in a cluster.
Data Plane: This layer furnishes resources like CPU, memory, network, and storage to enable containers to operate and communicate within a network.
Deployment: An API object that manages a replicated application, usually by running Pods without local state.
Device Plugin: Device plugins operate on worker Nodes and allow Pods to access resources, such as local hardware, that require specific initialization or setup steps from the vendor.
Disruption: Disruptions are incidents that result in one or more Pods becoming unavailable, thereby impacting workload resources, such as Deployments, that depend on the affected Pods.
Docker: Docker, specifically Docker Engine, is a software technology that offers containerization, a form of operating-system-level virtualization.
Dockershim: The dockershim is a component found in Kubernetes versions 1.23 and earlier, facilitating communication between the kubelet and Docker Engine.
Downward API: Kubernetes' method for making Pod and container field values accessible to code operating within a container.
Dynamic Volume Provisioning: Enables users to request the automatic generation of storage Volumes.
E
Endpoints: Endpoints maintain a record of the IP addresses associated with Pods that match specific selectors.
EndpointSlice: A method for aggregating network endpoints with Kubernetes resources.
Ephemeral Container: A type of Container that can be transiently executed within a Pod.
etcd: A consistent and highly available key-value store that serves as the Kubernetes cluster's data repository for all information.
Event: An Event in Kubernetes is an object that depicts changes in state or significant incidents within the system.
Eviction: Eviction refers to the action of terminating one or more Pods on Nodes.
Extensions: Extensions are software components that integrate closely with Kubernetes to support the incorporation of new hardware types.
F
Feature gate: Feature gates are a collection of keys (opaque string values) that allow you to manage the activation of specific Kubernetes features within your cluster.
Finalizer: Finalizers are namespace-specific keys that instruct Kubernetes to postpone the complete deletion of resources until certain conditions are satisfied. Finalizers notify controllers to clear up resources that were owned by the deleted object.
FlexVolume: FlexVolume is a deprecated interface for developing external volume plugins, which has been superseded by the Container Storage Interface, which addresses several limitations of FlexVolume.
G
Garbage Collection: Garbage collection refers to the assortment of methods Kubernetes employs to tidy up cluster resources.
Gateway API: A collection of API types for representing service networking within Kubernetes.
Group Version Resource: Also known as GVR, it serves as a method for representing a unique Kubernetes API resource.
H
Helm Chart: A collection of Kubernetes resources that have been pre-configured and can be managed using the Helm tool.
Horizontal Pod Autoscaler: Also known as HPA, it is an API resource that automatically adjusts the number of Pod replicas based on target CPU utilization or custom metric criteria.
HostAliases: A HostAliases is a pairing of an IP address and hostname that is inserted into a Pod's hosts file.
I
Image: An archived instance of a Container containing the necessary software to execute an application.
Immutable Infrastructure: Immutable Infrastructure describes computer infrastructure, including virtual machines, containers, and network appliances, that remains unaltered once it is deployed.
Ingress: An API object that oversees external access to the services within a cluster, usually via HTTP.
Init Container: One or more initialization Containers that must finish running before any application Containers can start.
Istio: A universal platform, not specific to Kubernetes, that offers a consistent approach to integrating microservices, controlling traffic flow, enforcing policies, and consolidating telemetry data.
J
Job: A limited or batch job that executes until completion.
JSON Web Token (JWT): A method of expressing entitlements to be exchanged between two entities.
K
kOps (Kubernetes Operations): kOps
not only facilitates the creation, deletion, upgrading, and maintenance of high-availability, production-ready Kubernetes clusters, but also sets up the required cloud infrastructure.
kube-controller-manager: A control plane component that operates controller processes.
kube-proxy: kube-proxy is a network proxy that functions on every node in your cluster, executing a portion of the Kubernetes Service principle.
kube-scheduler: A control plane component that monitors for newly created Pods without an assigned node and chooses a node for them to operate on.
Kubeadm: A tool for swiftly installing and securing Kubernetes clusters.
Kubectl: Also known as kubectl, it is a command-line tool that enables communication with a Kubernetes cluster's control plane via the Kubernetes API.
Kubelet: An agent that operates on every node in the cluster, ensuring that containers within a Pod are running.
Kubernetes API: The application that offers Kubernetes functionality via a RESTful interface and preserves the cluster's state.
L
Label: Annotates objects with distinguishing characteristics that are significant and germane to users.
LimitRange: Imposes restrictions to control resource consumption by Containers or Pods within a namespace.
Logging: Logs are a record of events logged by the cluster or application.
M
Managed Service: Software provided and maintained by a third-party provider.
Manifest: A definition of a Kubernetes API object in JSON or YAML file format.
Master: An outdated term used interchangeably with nodes that host the control plane.
Member: An actively engaged contributor within the Kubernetes (k8s) community.
Minikube: A tool for operating Kubernetes on a local system.
Mirror Pod: A pod entity utilized by a kubelet to depict a static pod.
Mixed Version Proxy (MVP): A capability allowing a kube-apiserver to forward a resource request to another peer API server.
N
Name: A client-supplied identifier in a resource URL that references an object, such as /api/v1/pods/some-name
.
Namespace: A Kubernetes abstraction used to isolate collections of resources within a single cluster.
Network Policy: A definition of communication rules for groups of Pods with each other and with other network endpoints.
Node: A node is a laborer machine in Kubernetes.
Node-pressure eviction: Also known as kubelet eviction, node-pressure eviction is the active process of terminating pods by the kubelet to recover resources on nodes.
O
Object: An element within the Kubernetes system. These entities are utilized by the Kubernetes API to depict the state of your cluster.
Operator pattern: The operator pattern is a design system that connects a Controller with one or more custom resources.
P
Persistent Volume: An API object that signifies a storage component in the cluster. It is a versatile and replaceable resource that endures beyond the lifespan of any specific Pod.
Persistent Volume Claim: A claim for storage resources defined in a PersistentVolume, allowing it to be attached as a volume in a container.
Platform Developer: An individual who tailors the Kubernetes platform to align with the requirements of their project.
Pod: The most basic and fundamental Kubernetes entity. A Pod embodies a group of active containers within your cluster.
Pod Disruption: Pod disruption refers to the termination of Pods on Nodes, either through voluntary or involuntary means.
Pod Disruption Budget: Also known as PDB, a Pod Disruption Budget enables the owner of an application to establish an object for a replicated application, ensuring that a minimum number or percentage of Pods with a specified label will not be intentionally evicted at any given time.
Pod Lifecycle: The series of stages that a Pod goes through during its existence.
Pod Priority: The Pod Priority feature reflects the level of significance of a Pod compared to other Pods.
Pod Security Policy: Facilitates detailed authorization for creating and updating Pods.
Preemption: In Kubernetes, the preemption mechanism allows a pending Pod to search for a compatible Node by removing lower-priority Pods already residing on that Node.
PriorityClass: A PriorityClass is a designated category that specifies the scheduling priority to be assigned to a Pod within that category.
Probe: The kubelet periodically verifies the state and health of a container running in a pod by checking it, which in turn defines the container's status and notifies its lifecycle.
Proxy: In the realm of computing, a proxy serves as a middleman server that facilitates communication with a remote service.
Q
QoS Class: The QoS Class (Quality of Service Class) in Kubernetes enables the categorization of Pods within the cluster into various classes, which aids in making informed decisions regarding scheduling and eviction.
Quantity: A whole-number representation of small or large quantities using SI prefixes.
R
RBAC (Role-Based Access Control): The management of authorization decisions is handled by this system, providing administrators with the ability to dynamically configure access policies via the Kubernetes API.
Replica: A replica refers to a copy or duplicate of a Pod or a group of Pods, which serves to ensure high availability, scalability, and fault tolerance by maintaining multiple identical instances of a Pod.
ReplicaSet: A ReplicaSet aims to keep a specific number of replica Pods operational at any given time.
ReplicationController: A workload resource that manages a replicated application, maintaining a particular number of Pod instances in operation.
Resource Quotas: Imposes constraints that restrict the total resource consumption per Namespace.
Reviewer: An individual who assesses the quality and correctness of code within a specific project area.
S
Secret: Holds confidential information, including passwords, OAuth tokens, and SSH keys.
Security Context: The securityContext field establishes privilege and access control settings for a Pod or container.
Selector: Enables users to refine a resource list by utilizing labels.
Service: A technique for making a network application, running within one or more Pods in your cluster, accessible.
Service Catalog: A previous extension API that facilitated applications within Kubernetes clusters to seamlessly utilize external managed software services, like a cloud provider's datastore service.
ServiceAccount: Offers an identity for processes operating within a Pod.
Shuffle-sharding: A method for allocating requests to queues that offers enhanced isolation compared to the simple hashing modulo technique.
Sidecar Container: One or more containers that are commonly initiated prior to the execution of any application containers.
SIG (special interest group): Members of the community who jointly oversee a continuous element or aspect of the extensive Kubernetes open-source project.
Spec: Specifies the configuration and desired state for each object, such as Pods or Services.
StatefulSet: Oversees the deployment and scaling of a Pod set, ensuring the proper sequence and uniqueness of these Pods.
Static Pod: A Pod directly managed by the kubelet daemon on a particular node.
Storage Class: A StorageClass enables administrators to describe various accessible storage type.
sysctl: sysctl
is a partially standardized interface used to read or modify the attributes of the active Unix kernel.
T
Taint: A fundamental object composed of three essential properties: key, value, and effect, which serves to prevent the scheduling of Pods on nodes or node groups.
Toleration: A fundamental object with three essential properties: key, value, and effect. Tolerations allow the scheduling of pods on nodes or node groups that possess corresponding taints.
U
UID: A unique identifier string generated by Kubernetes to distinguish objects.
user namespace: A kernel feature that simulates root privileges, utilized for "rootless containers".
V
Volume: A directory storing data, accessible to the containers within a Pod.
Volume Plugin: A Volume Plugin facilitates the integration of storage within a Pod.
W
WG (working group): Enables the planning and execution of a brief, focused, or independent project within a committee, SIG, or cross-SIG collaboration.
Workload: A workload refers to an application operating on Kubernetes.
Guide to Install Kubernetes
Ready to dive into using Kubernetes? Ensure you have it installed correctly by following these detailed installation guides tailored to different distros.
With these installation guides, you'll be up and running with Kubernetes in no time!