Questo glossario vuole essere un aiuto per standardizzare la terminologia usata per Kubernetes. Include termini tecnici che sono specifici di Kubernetes, così come termini più generali che sono utili per dare un contesto.
Filtra i termini sulla base delle loro etichette
Fare click sull'icona [+] per il significato di questo termine.
- Admission ControllerLINK
A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.[+]
Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.
In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.[+]
- API GroupLINK
A set of related paths in Kubernetes API.[+]
You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the
apiVersionfield of a serialized object.
- Read API Group for more information.
- API serverLINKAnche noto come:kube-apiserver
L'API server è un componente di Kubernetes control plane che espone le Kubernetes API. L'API server è il front end del control plane di Kubernetes.[+]
La principale implementazione di un server Kubernetes API è kube-apiserver. kube-apiserver è progettato per scalare orizzontalmente, cioè scala aumentando il numero di istanze. Puoi eseguire multiple istanze di kube-apiserver e bilanciare il traffico tra queste istanze.
- API-initiated evictionLINK
API-initiated eviction is the process by which you use the Eviction API to create an[+]
Evictionobject that triggers graceful pod termination.
You can request eviction either by directly calling the Eviction API using a client of the kube-apiserver, like the
kubectl draincommand. When an
Evictionobject is created, the API server terminates the Pod.
API-initiated eviction is not the same as node-pressure eviction.
- See API-initiated eviction for more information.
- App ContainerLINK[+]
An init container lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started. If a pod doesn't have any init containers configured, all the containers in that pod are app containers.
- Application ArchitectLINK
A person responsible for the high-level design of an application.[+]
An architect ensures that an app's implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
A person who can review and approve Kubernetes code contributions.[+]
While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.[+]
It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.
CIDR (Classless Inter-Domain Routing) is a notation for describing blocks of IP addresses and is used heavily in various networking configurations.[+]
- Cloud Controller ManagerLINK
Un componente della control plane di Kubernetes che aggiunge logiche di controllo specifiche per il cloud. Il cloud-controller-manager ti permette di collegare il tuo cluster con le API del cloud provider e separa le componenti che interagiscono con la piattaforma cloud dai componenti che interagiscono solamente col cluster.[+]
Disaccoppiando la logica di interoperabilità tra Kubernetes e l'infrastruttura cloud sottostante, il componente cloud-controller-manager abilità i cloud provider di rilasciare funzionalità a un ritmo diverso rispetto al progetto principale Kubernetes.
- Cloud Native Computing Foundation (CNCF)LINK
The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.
Kubernetes is a CNCF project.[+]
The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.
- Cloud ProviderLINKAnche noto come:Cloud Service Provider
A business or other organization that offers a cloud computing platform.[+]
Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.
Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.
You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodes and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.
Un'insieme di macchine, chiamate nodi, che eseguono container gestiti da Kubernetes. Un cluster ha almeno un Worker Node.[+]
Il/I Worker Node ospitano i Pod che eseguono i workload dell'utente. Il/I Control Plane Node gestiscono i Worker Node e tutto quanto accade all'interno del cluster. Per garantire la high-availability e la possibilità di failover del cluster, vengono utilizzati più Control Plane Node.
- Cluster OperationsLINK
The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.[+]
Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.
- Cluster OperatorLINK
A person who configures, controls, and monitors clusters.[+]
Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.Note: Cluster operators are different from the Operator pattern that extends the Kubernetes API.
Un oggetto API usato per memorizzare dati non riservati in coppie chiave-valore. I Pods possono utilizzare le ConfigMaps come variabili d'ambiente, argomenti da riga di comando, o come files di configurazione all'interno di un Volume.[+]
La ConfigMap ti permette di disaccoppiare le configurazioni specifiche per ambiente dalle immagini del container, cosicchè le tue applicazioni siano facilmente portabili.
- Container Environment VariablesLINK
Container environment variables are name=value pairs that provide useful information into containers running in a pod[+]
Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
- Container Lifecycle HooksLINK
The lifecycle hooks expose events in the Container management lifecycle and let the user run code when the events occur.[+]
Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.
- Container Storage Interface (CSI)LINK
The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.[+]
CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.
- Control PlaneLINK
Lo strato per l'orchestrazione dei container che espone le API e interfaccie per definere, deploy, e gestione del ciclo di vita dei container.[+]
Questo strato è composto da diversi componenti, come (ma non limitato a):
Questi compenti possono girare come trazionali servizi del sistema operativo (demoni) o come containers. L'host che esegue questi componenti era storicamente chiamato master.
In Kubernetes, i controller sono circuiti di controllo che osservano lo stato del cluster, e apportano o richiedono modifiche quando necessario. Ogni controller prova a portare lo stato corrente del cluster verso lo stato desiderato.[+]
Alcuni controller vengono eseguiti all'interno del piano di controllo (control plane), e forniscono circuiti di controllo che sono parte dell'operatività base di Kubernetes. Ad esempio: il deployment controller, il daemonset controller, il namespace controller, ed il persistent volume controller (e altri) vengono tutti eseguiti all'interno del kube-controller-manager.
A tool that lets you use OCI container runtimes with Kubernetes CRI.[+]
Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods, and to fetch OCI container images from remote registries.
Un oggetto API che gestisce un'applicazione replicatata, tipicamente esegue Pod senza stato locale.[+]
- Device PluginLINK[+]
Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.
See Device Plugins for more information.
If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.
See Disruptions for more information.
Docker (nello specifico, Docker Engine) è una technologia software che offre una virtualizzazione a livello del sistema operativo nota come container.[+]
Docker utilizza delle funzionalità di isolamente del kernel Linux come cgroups e kernel namespaces e un file system union-capable come OverlayFS e altro permettendo a container indipendenti di girare all'interno di una singola istanza Linux, eliminando il sovraccarico nell'avviare e manutenere delle virtual machines (VMs).
- Downstream (disambiguation)LINK
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.[+]
- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
- Downward APILINK
Kubernetes' mechanism to expose Pod and container field values to code running in a container.[+]
It is sometimes useful for a container to have information about itself, without needing to make changes to the container code that directly couple it to Kubernetes.
The Kubernetes downward API allows containers to consume information about themselves or their context in a Kubernetes cluster. Applications in containers can have access to that information, without the application needing to act as a client of the Kubernetes API.
There are two ways to expose Pod and container fields to a running container:
Together, these two ways of exposing Pod and container fields are called the downward API.
- Dynamic Volume ProvisioningLINK
Allows users to request automatic creation of storage Volumes.[+]
Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.
- Ephemeral ContainerLINK[+]
If you want to investigate a Pod that's running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.
È un database key-value ridondato, che è usato da Kubernetes per salvare tutte le informazioni del cluster.[+]
Each Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system.[+]
Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given reason reflecting a consistent underlying trigger, or the continued existence of events with that reason.
Events should be treated as informative, best-effort, supplemental data.
In Kubernetes, auditing generates a different kind of Event record (API group
Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.[+]
Many cluster administrators use a hosted or distribution instance of Kubernetes. These clusters come with extensions pre-installed. As a result, most Kubernetes users will not need to install extensions and even fewer users will need to author new ones.
Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion. Finalizers alert controllers to clean up resources the deleted object owned.[+]
When you tell Kubernetes to delete an object that has finalizers specified for it, the Kubernetes API marks the object for deletion by populating
.metadata.deletionTimestamp, and returns a
202status code (HTTP "Accepted"). The target object remains in a terminating state while the control plane, or other components, take the actions defined by the finalizers. After these actions are complete, the controller removes the relevant finalizers from the target object. When the
metadata.finalizersfield is empty, Kubernetes considers the deletion complete and deletes the object.
You can use finalizers to control garbage collection of resources. For example, you can define a finalizer to clean up related resources or infrastructure before the controller deletes the target resource.
FlexVolume is a deprecated interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface that addresses several problems with FlexVolume.[+]
FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with FlexVolumes.
- Garbage CollectionLINK
Garbage collection is a collective term for the various mechanisms Kubernetes uses to clean up cluster resources.[+]
- Helm ChartLINK
A package of pre-configured Kubernetes resources that can be managed with the Helm tool.[+]
Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
- Horizontal Pod AutoscalerLINKAnche noto come:HPA
An API resource that automatically scales the number of Pod replicas based on targeted CPU utilization or custom metric targets.[+]
Istanza archiviata di un Container che contiene un insieme di software e librerie necessarie per eseguire l'applicazione.[+]
Un modo di distribuire software che permette di immagazzinarlo in Image Registry (un registro di container images), scaricarlo in un sistema locale ed eseguirlo come un'applicazione. I metadati sono inclusi nell'immagine e possono contenere informazioni su come avviare l'esecuzione, chi ha prodotto l'immagine, o altro.
- Init ContainerLINK
One or more initialization containers that must run to completion before any app containers run.[+]
Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.[+]
Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio's control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters.[+]Note: kops has general availability support only for AWS. Support for using kops with GCE and VMware vSphere are in alpha.
kopsprovisions your cluster with:
- Fully automated installation
- DNS-based cluster identification
- Self-healing: everything runs in Auto-Scaling Groups
- Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
- High availability (HA) support
- The ability to directly provision, or to generate Terraform manifests
You can also build your own cluster using Kubeadm as a building block.
kopsbuilds on the kubeadm work.
Componente della Control Plane che gestisce controllers.[+]
Da un punto di vista logico, ogni controller è un processo separato, ma per ridurre la complessità, tutti i principali controller di Kubernetes vengono raggruppati in un unico container ed eseguiti in un singolo processo.
I kube-proxy mantengono le regole di networking sui nodi. Queste regole permettono la comunicazione verso gli altri nodi del cluster o l'esterno.
Il kube-proxy usa le librerie del sistema operativo quando possible; in caso contrario il kube-proxy gestisce il traffico direttamente.
Componente della Control Plane che controlla i pod appena creati che non hanno un nodo assegnato, e dopo averlo identificato glielo assegna.[+]
I fattori presi in considerazioni nell'individuare un nodo a cui assegnare l'esecuzione di un Pod includono la richiesta di risorse del Pod stesso e degli altri workload presenti nel sistema, i vincoli delle hardware/software/policy, le indicazioni di affinity e di anti-affinity, requisiti relativi alla disponibilità di dati/Volumes, le interferenze tra diversi workload e le scadenze.
Un agente che è eseguito su ogni nodo del cluster. Si assicura che i container siano eseguiti in un pod.[+]
La kubelet riceve un set di PodSpecs che vengono forniti attraverso vari meccanismi, e si assicura che i container descritti in questi PodSpecs funzionino correttamente e siano sani. La kubelet non gestisce i container che non sono stati creati da Kubernetes.
- Kubernetes APILINK
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.[+]
Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like
kubectl. The core Kubernetes API is flexible and can also be extended to support custom resources.
A continuously active contributor in the K8s community.[+]
Members can have issues and PRs assigned to them and participate in special interest groups (SIGs) through GitHub teams. Pre-submit tests are automatically run for members' PRs. A member is expected to remain an active contributor to the community.
- Mirror PodLINK[+]
When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.
(For example, removing a mirror pod will not stop the kubelet daemon from running it).
An abstraction used by Kubernetes to support isolation of groups of resources within a single cluster.[+]
Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
- Network PolicyLINK
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.[+]
Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on.
NetworkPolicyresources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.
Un node è una macchina worker in Kubernetes.[+]
Un worker node può essere una VM o una macchina fisica, in base al cluster. Possiede daemon locali o servizi ncessari a eseguire Pods e viene gestito dalla control plane. I deamon i un node includono kubelet, kube-proxy, e un container runtiome che implementa CRI come ad esempio Docker.
Nelle prime versioni di Kubernetes, i Node venivano chiamati "Minion".
- Node-pressure evictionLINKAnche noto come:kubelet eviction
Node-pressure eviction is the process by which the kubelet proactively terminates pods to reclaim resources on nodes.[+]
The kubelet monitors resources like CPU, memory, disk space, and filesystem inodes on your cluster's nodes. When one or more of these resources reach specific consumption levels, the kubelet can proactively fail one or more pods on the node to reclaim resources and prevent starvation.
Node-pressure eviction is not the same as API-initiated eviction.
An entity in the Kubernetes system. The Kubernetes API uses these entities to represent the state of your cluster.[+]
A Kubernetes object is typically a “record of intent”—once you create the object, the Kubernetes control plane works constantly to ensure that the item it represents actually exists. By creating an object, you're effectively telling the Kubernetes system what you want that part of your cluster's workload to look like; this is your cluster's desired state.
- Operator patternLINK[+]
You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.
If a running application acts as a controller and has API access to carry out tasks against a custom resource that's defined in the control plane, that's an example of the Operator pattern.
- Persistent VolumeLINK
An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.[+]
PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.
- Persistent Volume ClaimLINK[+]
Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are described in the PersistentVolume object.
- Platform DeveloperLINK
A person who customizes the Kubernetes platform to fit the needs of their project.[+]
A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributors and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.
Il più piccolo e semplice oggetto in Kubernetes. Un pod rappresenta un gruppo di container nel tuo cluster.[+]
Un pod è tipicamente progettato per eseguire un singolo container primario. Può opzionalmente eseguire sidecar container che aggiungono funzionalità supplementari come logging. I Pod sono generalmetne gestiti da un Deployment.
- Pod DisruptionLINK
Pod disruption is the process by which Pods on Nodes are terminated either voluntarily or involuntarily.[+]
Voluntary disruptions are started intentionally by application owners or cluster administrators. Involuntary disruptions are unintentional and can be triggered by unavoidable issues like Nodes running out of resources, or by accidental deletions.
- Pod Disruption BudgetLINKAnche noto come:PDB
A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time.[+]
Involuntary disruptions cannot be prevented by PDBs; however they do count against the budget.
- Pod LifecycleLINK
The sequence of states through which a Pod passes during its lifetime.[+]
- Pod Security PolicyLINK
Enables fine-grained authorization of Pod creation and updates.[+]
A cluster-level resource that controls security sensitive aspects of the Pod specification. The
PodSecurityPolicyobjects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
PodSecurityPolicy was deprecated as of Kubernetes v1.21, and removed in v1.25. As an alternative, use Pod Security Admission or a 3rd party admission plugin.
In computing, a proxy is a server that acts as an intermediary for a remote service.[+]
A client interacts with the proxy; the proxy copies the client's data to the actual server; the actual server replies to the proxy; the proxy sends the actual server's reply to the client.
You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.
- QoS ClassLINK
QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.[+]
QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod:
A whole-number representation of small or large numbers using SI suffixes.[+]
Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.
For instance, the number
1.5is represented as
1500m, while the number
1000can be represented as
1M. You can also specify binary-notation suffixes; the number 2048 can be written as
The accepted decimal (power-of-10) units are
k(kilo, intentionally lowercase),
The accepted binary (power-of-2) units are
A workload resource that manages a replicated application, ensuring that a specific number of instances of a Pod are running.[+]
The control plane ensures that the defined number of Pods are running, even if some Pods fail, if you delete Pods manually, or if too many are started by mistake.Note: ReplicationController is deprecated. See Deployment, which is similar.
Contiene informazioni sensibili, come passwords, token OAuth, e chiavi ssh.[+]
Permette un maggiore controllo su come vengono usate le informazioni sensibili e riduce il rischio di un'esposizione accidentale. I valori del Secret sono codificati in base64 e esso viene memorizzato non criptato di default, ma può essere configurato per essere criptato. Un Pod fa riferimento al Secret come un file in un volume montato o by the kubelet pulling images for a pod. I Secrets sono ideali per i dati sensibili e le ConfigMaps per i dati non sensibili.
- Security ContextLINK[+]
securityContext, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).
PodSpec.securityContextsetting applies to all containers in a Pod.
An abstract way to expose an application running on a set of Pods as a network service.[+]
The set of Pods targeted by a Service is (usually) determined by a selector. If more Pods are added or removed, the set of Pods matching the selector will change. The Service makes sure that network traffic can be directed to the current set of Pods for the workload.
- Service CatalogLINK
A former extension API that enabled applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.[+]
It provided a way to list, provision, and bind with external Managed Services without needing detailed knowledge about how those services would be created or managed.
Provides an identity for processes that run in a Pod.[+]
When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example,
default. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same Namespace.
A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.[+]
We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use. The hash function uses as input characteristics of the request that align with flows. For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.
That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue. Providing good insulation for a large number of flows requires a large number of queues, which is problematic. Shuffle-sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows. The terminology of shuffle-sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card. The shuffle-sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.
- SIG (special interest group)LINK
Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.[+]
Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. SIGs must follow the SIG governance guidelines, but can have their own contribution policy and channels of communication.
Gestisce deployment e la scalabilità di un gruppo di Pods, e garantisce il corretto ordine e unicità di questi Pods.[+]
Come un Deployment, uno StatefulSet gestisce Pod che sono basati sulla stessa specifica di container. Contrariamente da un Deployment, uno StatefulSet mantiente una specifica identita per ogni Pod. Questi pod sono creati dalla stessa specifica, ma non sono intercambiabili: ogni pod a un identificativo persistente che si mantiene attraverso ogni rischedulazione.
Se vuoi usare un volume dello storage per avere la persistenza per il tuo carico di lavoro, puoi usare uno StatefulSet come parte della tua soluzione. Anche se i singoli Pod in uno StatefulSet sono suscettibili al fallimento, l'identificativo persistente del Pod rende semplice il collegamento dei volumi esistenti ai nuovi Pods che sostituiscono quelli falliti.
- Storage ClassLINK
A StorageClass provides a way for administrators to describe different available storage types.[+]
StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields
reclaimPolicy, which are used when a Persistent Volume belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.
sysctlis a semi-standardized interface for reading or changing the attributes of the running Unix kernel.
On Unix-like systems,
sysctlis both the name of the tool that administrators use to view and modify these settings, and also the system call that the tool uses.
Container runtimes and network plugins may rely on
sysctlvalues being set a certain way.
Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.
A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taints.[+]
- Upstream (disambiguation)LINK
May refer to: core Kubernetes or the source repo from which a repo was forked.[+]
- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
- user namespaceLINK
A kernel feature to emulate root. Used for "rootless containers".[+]
User namespaces are a Linux kernel feature that allows a non-root user to emulate superuser ("root") privileges, for example in order to run containers without being a superuser outside the container.
User namespace is effective for mitigating damage of potential container break-out attacks.
In the context of user namespaces, the namespace is a Linux kernel feature, and not a namespace in the Kubernetes sense of the term.
Un volume di Kubernetes rimane in vita fintanto che lo rimane il Pod che lo racchiude. Di conseguenza, un volume sopravvive ad ogni container all'interno del Pod, e i dati nel volume sono preservati a prescindere dai restart del container.
Vedi storage per più informazioni.
- Volume PluginLINK
A Volume Plugin enables integration of storage within a Pod.[+]
A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
- WG (working group)LINK
Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.[+]
A workload is an application running on Kubernetes.[+]