고정 헤더 영역
상세 컨텐츠
본문
반응형
Kubernetes(K8S) 학습에 필요한 용어 목록
출처 : https://kubernetes.io/docs/reference/glossary/?all=true
학습용으로 내용 복사하였습니다.
- Annotation
A key-value pair that is used to attach arbitrary non-identifying metadata to objects.
[-]The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. Clients such as tools and libraries can retrieve this metadata.
- Application Architect
A person responsible for the high-level design of an application.
[-]An architect ensures that an app’s implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
- Application Developer
A person who writes an application that runs in a Kubernetes cluster.
[-]An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.
- Approver
A person who can review and approve Kubernetes code contributions.
[-]While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
- CLA (Contributor License Agreement)
Terms under which a contributor grants a license to an open source project for their contributions.
[-]CLAs help resolve legal disputes involving contributed material and intellectual property (IP).
- CNI (Container network interface)
Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
[-]- For information on Kubernetes and CNI refer to this.
- For information on Kubernetes and CNI, see “Network plugins”.
- Certificate
A cryptographically secure file used to validate access to the Kubernetes cluster.
[-]Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.
- Cloud Controller Manager
Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.
[-]Kubernetes v1.6 contains a new binary called cloud-controller-manager. cloud-controller-manager is a daemon that embeds cloud-specific control loops. These cloud-specific control loops were originally in the kube-controller-manager. Since cloud providers develop and release at a different pace compared to the Kubernetes project, abstracting the provider-specific code to the cloud-controller-manager binary allows cloud vendors to evolve independently from the core Kubernetes code.
- Cloud Provider
Cloud provider is a company that offers cloud computing platform that can run Kubernetes clusters.
[-]Cloud providers or sometime called Cloud Service Provider (CSPs) provides cloud computing platforms. They may offer services such as Infrastructure as a Service (IaaS) or Platform as a Service (PaaS). Cloud providers host the Kubernetes cluster and also provide services that interact with the cluster, such as Load Balancers, Storage Classes etc.
- Cluster
A set of machines, called nodes, that run containerized applications managed by Kubernetes.
[-]A cluster has several worker nodes and at least one master node.
- Cluster Architect
A person who designs infrastructure that involves one or more Kubernetes clusters.
[-]Cluster architects are concerned with best practices for distributed systems, for example: high availability and security.
- Cluster Operator
A person who configures, controls, and monitors clusters.
[-]Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.
NOTE: Cluster operators are different from the Operator pattern that extends the Kubernetes API.
- Code Contributor
A person who develops and contributes code to the Kubernetes open source codebase.
[-]They are also an active community member who participates in one or more Special Interest Groups (SIGs).
- ConfigMap
An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volume.
[-]Allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable. When storing confidential data use a Secret.
- Container
A lightweight and portable executable image that contains software and all of its dependencies.
[-]Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.
- Container Environment Variables
Container environment variables are name/value pairs that provide useful information into containers running in a Pod.
[-]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the [Containers] Containers. For example, file system, information about the container itself and other cluster resources such as service endpoints, etc.
- Container Storage Interface (CSI)
The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.
[-]CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.
- Contributor
Someone who donates code, documentation, or their time to help the Kubernetes project or community.
[-]Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG) participation, or organizing community events.
- Controller
A control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state.
[-]Examples of controllers that ship with Kubernetes today are the replication controller, endpoints controller, namespace controller, and serviceaccounts controller.
- CustomResourceDefinition
Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
[-]Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can’t meet your needs.
- Developer (disambiguation)
May refer to: Application Developer, Code Contributor, or Platform Developer.
[-]This overloaded term may have different meanings depending on the context
- Downstream (disambiguation)
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
[-]- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
- Dynamic Volume Provisioning
Allows users to request automatic creation of storage Volumes.
[-]Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.
- Flexvolume
Flexvolume is an interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface which addresses several problems with Flexvolumes.
[-]Flexvolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with Flexvolumes.
- Helm Chart
A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
[-]Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
- Horizontal Pod Autoscaler
An API resource that automatically scales the number of pod replicas based on targeted CPU utilization or custom metric targets.
[-]HPA is typically used with Replication Controllers, Deployments, or Replica Sets. It cannot be applied to objects that cannot be scaled, for example DaemonSets.
- Image
Stored instance of a container that holds a set of software needed to run an application.
[-]A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.
- Ingress
An API object that manages external access to the services in a cluster, typically HTTP.
[-]Ingress can provide load balancing, SSL termination and name-based virtual hosting.
- Init Container
One or more initialization containers that must run to completion before any app containers run.
[-]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
- Istio
An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
[-]Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio’s control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
- Kops
A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters. NOTE: Officially supports AWS only, with GCE and VMware vSphere in alpha.
[-]kops provisions your cluster with:
- Fully automated installation
- DNS-based cluster identification
- Self-healing: everything runs in Auto-Scaling Groups
- Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
- High availability (HA) support
- The ability to directly provision, or generate terraform manifests
You can also build your own cluster using Kubeadm as a building block. kops builds on the kubeadm work.
- Kubeadm
A tool for quickly installing Kubernetes and setting up a secure cluster.
[-]You can use kubeadm to install both the control plane and the worker node components.
- Kubectl
A command line tool for communicating with a Kubernetes API server.
[-]You can use kubectl to create, inspect, update, and delete Kubernetes objects.
- Kubelet
An agent that runs on each node in the cluster. It makes sure that containers are running in a pod.
[-]The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn’t manage containers which were not created by Kubernetes.
- Kubernetes API
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[-]Kubernetes resources and “records of intent” are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like kubectl. The core Kubernetes API is flexible and can also be extended to support custom resources.
- Managed Service
A software offering maintained by a third-party provider.
[-]Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
- Member
A continuously active contributor in the K8s community.
[-]Members can have issues and PRs assigned to them and participate in special interest groups (SIGs)through GitHub teams. Pre-submit tests are automatically run for members’ PRs. A member is expected to remain an active contributor to the community.
- Minikube
A tool for running Kubernetes locally.
[-]Minikube runs a single-node cluster inside a VM on your computer.
- Name
A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name.
[-]Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.
- Network Policy
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
[-]Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. NetworkPolicy resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.
- Persistent Volume
An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.
[-]PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.
- Persistent Volume Claim
Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container.
[-]Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are in the PersistentVolume specification.
- Platform Developer
A person who customizes the Kubernetes platform to fit the needs of their project.
[-]A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributors and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.
- Pod
The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.
[-]A Pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a Deployment.
- Pod Security Policy
Enables fine-grained authorization of Pod creation and updates.
[-]A cluster-level resource that controls security sensitive aspects of the Pod specification. The PodSecurityPolicy objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
- PodPreset
An API object that injects information such as secrets, volume mounts, and environment variables into pods at creation time.
[-]This object chooses the pods to inject information into using standard selectors. This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.
- RBAC (Role-Based Access Control)
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
[-]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
- ReplicaSet
ReplicaSet is the next-generation Replication Controller.
[-]ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
- Replication Controller
Kubernetes service that ensures a specific number of instances of a pod are always running.
[-]Will automatically add or remove running instances of a pod, based on a set value for that pod. Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.
- Reviewer
A person who reviews code for quality and correctness on some part of the project.
[-]Reviewers are knowledgeable about both the codebase and software engineering principles. Reviewer status is scoped to a part of the codebase.
- SIG (special interest group)
Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.
[-]Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. SIGs must follow the SIG Governance guidelines but can have their own contribution policy and channels of communication.
For more information, see the kubernetes/community repo and the current list of SIGs and Working Groups.
- Secret
Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.
[-]Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including encryption at rest. A Pod references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and ConfigMaps for non-confidential data.
- Security Context
The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.
[-]The securityContext field in a Pod (applying to all containers) or container is used to set the user (runAsUser) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
- Service Account
Provides an identity for processes that run in a Pod.
[-]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, default. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace Namespace.
- Service Broker
An endpoint for a set of Managed Services offered and maintained by a third-party.
[-]Service Brokers implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
- Service Catalog
An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
[-]It provides a way to list, provision, and bind with external Managed Services from Service Brokers without needing detailed knowledge about how those services are created or managed.
- StatefulSet
Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
[-]Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
A StatefulSet operates under the same pattern as any other Controller. You define your desired state in a StatefulSet object, and the StatefulSet controller makes any necessary updates to get there from the current state.
- Storage Class
A StorageClass provides a way for administrators to describe different available storage types.
[-]StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields provisioner, parameters, and reclaimPolicy, which are used when a Persistent Volume belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.
- UID
A Kubernetes systems-generated string to uniquely identify objects.
[-]Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.
- Upstream (disambiguation)
May refer to: core Kubernetes or the source repo from which a repo was forked.
[-]- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools relies upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
- Volume Plugin
A Volume Plugin enables integration of storage within a Pod.
[-]A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
- WG (working group)
Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.
[-]Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.
For more information, see the kubernetes/community repo and the current list of SIGs and working groups.
- docker
Docker is a software technology providing operating-system-level virtualization also known as containers.
[-]Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent “containers” to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines (VMs).
- etcd
Consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data.
[-]Always have a backup plan for etcd’s data for your Kubernetes cluster. For in-depth information on etcd, see etcd documentation.
- kube-apiserver
Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane.
[-]It is designed to scale horizontally – that is, it scales by deploying more instances. See Building High-Availability Clusters.
- kube-controller-manager
Component on the master that runs controllers.
[-]Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process.
- kube-proxy
kube-proxy is a network proxy that runs on each node in the cluster.
[-]kube-proxy is responsible for request forwarding. kube-proxy allows TCP and UDP stream forwarding or round robin TCP and UDP forwarding across a set of backend functions.
- kube-scheduler
Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on.
[-]Factors taken into account for scheduling decisions include individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference and deadlines.
Annotation
A key-value pair that is used to attach arbitrary non-identifying metadata to objects.
[-]The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. Clients such as tools and libraries can retrieve this metadata.
Application Architect
A person responsible for the high-level design of an application.
[-]An architect ensures that an app’s implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
Application Developer
A person who writes an application that runs in a Kubernetes cluster.
[-]An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.
Approver
A person who can review and approve Kubernetes code contributions.
[-]While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
CLA (Contributor License Agreement)
Terms under which a contributor grants a license to an open source project for their contributions.
[-]CLAs help resolve legal disputes involving contributed material and intellectual property (IP).
CNI (Container network interface)
Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
[-]- For information on Kubernetes and CNI refer to this.
- For information on Kubernetes and CNI, see “Network plugins”.
Certificate
A cryptographically secure file used to validate access to the Kubernetes cluster.
[-]Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.
Cloud Controller Manager
Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.
[-]Kubernetes v1.6 contains a new binary called cloud-controller-manager. cloud-controller-manager is a daemon that embeds cloud-specific control loops. These cloud-specific control loops were originally in the kube-controller-manager. Since cloud providers develop and release at a different pace compared to the Kubernetes project, abstracting the provider-specific code to the cloud-controller-manager binary allows cloud vendors to evolve independently from the core Kubernetes code.
Cloud Provider
Cloud provider is a company that offers cloud computing platform that can run Kubernetes clusters.
[-]Cloud providers or sometime called Cloud Service Provider (CSPs) provides cloud computing platforms. They may offer services such as Infrastructure as a Service (IaaS) or Platform as a Service (PaaS). Cloud providers host the Kubernetes cluster and also provide services that interact with the cluster, such as Load Balancers, Storage Classes etc.
Cluster
A set of machines, called nodes, that run containerized applications managed by Kubernetes.
[-]A cluster has several worker nodes and at least one master node.
Cluster Architect
A person who designs infrastructure that involves one or more Kubernetes clusters.
[-]Cluster architects are concerned with best practices for distributed systems, for example: high availability and security.
Cluster Operator
A person who configures, controls, and monitors clusters.
[-]Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.
NOTE: Cluster operators are different from the Operator pattern that extends the Kubernetes API.
Code Contributor
A person who develops and contributes code to the Kubernetes open source codebase.
[-]They are also an active community member who participates in one or more Special Interest Groups (SIGs).
ConfigMap
An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volume.
[-]Allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable. When storing confidential data use a Secret.
Container
A lightweight and portable executable image that contains software and all of its dependencies.
[-]Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.
Container Environment Variables
Container environment variables are name/value pairs that provide useful information into containers running in a Pod.
[-]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the [Containers] Containers. For example, file system, information about the container itself and other cluster resources such as service endpoints, etc.
Container Storage Interface (CSI)
The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.
[-]CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.
Contributor
Someone who donates code, documentation, or their time to help the Kubernetes project or community.
[-]Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG) participation, or organizing community events.
Controller
A control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state.
[-]Examples of controllers that ship with Kubernetes today are the replication controller, endpoints controller, namespace controller, and serviceaccounts controller.
CustomResourceDefinition
Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
[-]Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can’t meet your needs.
Developer (disambiguation)
May refer to: Application Developer, Code Contributor, or Platform Developer.
[-]This overloaded term may have different meanings depending on the context
Downstream (disambiguation)
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
[-]- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
Dynamic Volume Provisioning
Allows users to request automatic creation of storage Volumes.
[-]Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.
Flexvolume
Flexvolume is an interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface which addresses several problems with Flexvolumes.
[-]Flexvolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with Flexvolumes.
Helm Chart
A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
[-]Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
Horizontal Pod Autoscaler
An API resource that automatically scales the number of pod replicas based on targeted CPU utilization or custom metric targets.
[-]HPA is typically used with Replication Controllers, Deployments, or Replica Sets. It cannot be applied to objects that cannot be scaled, for example DaemonSets.
Image
Stored instance of a container that holds a set of software needed to run an application.
[-]A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.
Ingress
An API object that manages external access to the services in a cluster, typically HTTP.
[-]Ingress can provide load balancing, SSL termination and name-based virtual hosting.
Init Container
One or more initialization containers that must run to completion before any app containers run.
[-]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
Istio
An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
[-]Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio’s control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
Kops
A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters. NOTE: Officially supports AWS only, with GCE and VMware vSphere in alpha.
[-]kops provisions your cluster with:
- Fully automated installation
- DNS-based cluster identification
- Self-healing: everything runs in Auto-Scaling Groups
- Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
- High availability (HA) support
- The ability to directly provision, or generate terraform manifests
You can also build your own cluster using Kubeadm as a building block. kops builds on the kubeadm work.
Kubeadm
A tool for quickly installing Kubernetes and setting up a secure cluster.
[-]You can use kubeadm to install both the control plane and the worker node components.
Kubectl
A command line tool for communicating with a Kubernetes API server.
[-]You can use kubectl to create, inspect, update, and delete Kubernetes objects.
Kubelet
An agent that runs on each node in the cluster. It makes sure that containers are running in a pod.
[-]The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn’t manage containers which were not created by Kubernetes.
Kubernetes API
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[-]Kubernetes resources and “records of intent” are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like kubectl. The core Kubernetes API is flexible and can also be extended to support custom resources.
Managed Service
A software offering maintained by a third-party provider.
[-]Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
Member
A continuously active contributor in the K8s community.
[-]Members can have issues and PRs assigned to them and participate in special interest groups (SIGs)through GitHub teams. Pre-submit tests are automatically run for members’ PRs. A member is expected to remain an active contributor to the community.
Minikube
A tool for running Kubernetes locally.
[-]Minikube runs a single-node cluster inside a VM on your computer.
Name
A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name.
Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.
Network Policy
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
[-]Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. NetworkPolicy resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.
Persistent Volume
An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.
[-]PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.
Persistent Volume Claim
Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container.
[-]Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are in the PersistentVolume specification.
Platform Developer
A person who customizes the Kubernetes platform to fit the needs of their project.
[-]A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributors and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.
Pod
The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.
[-]A Pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a Deployment.
Pod Security Policy
Enables fine-grained authorization of Pod creation and updates.
[-]A cluster-level resource that controls security sensitive aspects of the Pod specification. The PodSecurityPolicy objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
PodPreset
An API object that injects information such as secrets, volume mounts, and environment variables into pods at creation time.
[-]This object chooses the pods to inject information into using standard selectors. This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.
RBAC (Role-Based Access Control)
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
[-]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
ReplicaSet
ReplicaSet is the next-generation Replication Controller.
[-]ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
Replication Controller
Kubernetes service that ensures a specific number of instances of a pod are always running.
[-]Will automatically add or remove running instances of a pod, based on a set value for that pod. Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.
Reviewer
A person who reviews code for quality and correctness on some part of the project.
[-]Reviewers are knowledgeable about both the codebase and software engineering principles. Reviewer status is scoped to a part of the codebase.
SIG (special interest group)
Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.
[-]Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. SIGs must follow the SIG Governance guidelines but can have their own contribution policy and channels of communication.
For more information, see the kubernetes/community repo and the current list of SIGs and Working Groups.
Secret
Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.
[-]Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including encryption at rest. A Pod references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and ConfigMaps for non-confidential data.
Security Context
The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.
[-]The securityContext field in a Pod (applying to all containers) or container is used to set the user (runAsUser) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
Service Account
Provides an identity for processes that run in a Pod.
[-]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, default. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace Namespace.
Service Broker
An endpoint for a set of Managed Services offered and maintained by a third-party.
[-]Service Brokers implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
Service Catalog
An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
[-]It provides a way to list, provision, and bind with external Managed Services from Service Brokers without needing detailed knowledge about how those services are created or managed.
StatefulSet
Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
[-]Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
A StatefulSet operates under the same pattern as any other Controller. You define your desired state in a StatefulSet object, and the StatefulSet controller makes any necessary updates to get there from the current state.
Storage Class
A StorageClass provides a way for administrators to describe different available storage types.
[-]StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields provisioner, parameters, and reclaimPolicy, which are used when a Persistent Volume belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.
UID
A Kubernetes systems-generated string to uniquely identify objects.
[-]Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.
Upstream (disambiguation)
May refer to: core Kubernetes or the source repo from which a repo was forked.
[-]- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools relies upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
Volume Plugin
A Volume Plugin enables integration of storage within a Pod.
[-]A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
WG (working group)
Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.
[-]Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.
For more information, see the kubernetes/community repo and the current list of SIGs and working groups.
docker
Docker is a software technology providing operating-system-level virtualization also known as containers.
[-]Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent “containers” to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines (VMs).
etcd
Consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data.
[-]Always have a backup plan for etcd’s data for your Kubernetes cluster. For in-depth information on etcd, see etcd documentation.
kube-apiserver
Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane.
[-]It is designed to scale horizontally – that is, it scales by deploying more instances. See Building High-Availability Clusters.
kube-controller-manager
Component on the master that runs controllers.
[-]Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process.
kube-proxy
kube-proxy is a network proxy that runs on each node in the cluster.
kube-proxy is responsible for request forwarding. kube-proxy allows TCP and UDP stream forwarding or round robin TCP and UDP forwarding across a set of backend functions.
kube-scheduler
Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on.
[-]Factors taken into account for scheduling decisions include individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference and deadlines.
반응형
