Стандартизированный глоссарий

Данный глоссарий должен стать исчерпывающим стандартизированным списком терминологии в Kubernetes. Он включает технические термины, специфичные для K8s, а также более общие термины, которые полезно знать.

Нажмите на значок [+] для получения более подробное объяснения по интересующему термину.

• Add-onsLINK

  Resources that extend the functionality of Kubernetes.

  [+]

  Installing addons explains more about using add-ons with your cluster, and lists some popular add-ons.

• Admission ControllerLINK

  A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.

  [+]

  Admission controllers are configurable for the Kubernetes API server and may be “validating”, “mutating”, or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.

  • Admission controllers in the Kubernetes documentation
• Aggregation LayerLINK

  The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.

  [+]

  When you’ve configured the Kubernetes API ServerControl plane component that serves the Kubernetes API. to support additional APIs, you can add APIService objects to “claim” a URL path in the Kubernetes API.

• AnnotationLINK

  A key-value pair that is used to attach arbitrary non-identifying metadata to objects.

  [+]

  The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labelsTags objects with identifying attributes that are meaningful and relevant to users. . Clients such as tools and libraries can retrieve this metadata.

• API GroupLINK

  A set of related paths in Kubernetes API.

  [+]

  You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the apiVersion field of a serialized object.

  • Read API Group for more information.
• API-серверLINK

  Также известный как:kube-apiserver
  

  Сервер API — компонент Kubernetes панели управленияУровень оркестрации контейнеров с API и интерфейсами для определения, развёртывания и управления жизненным циклом контейнеров. , который представляет API Kubernetes. API-сервер — это клиентская часть панели управления Kubernetes

  [+]

  Основной реализацией API-сервера Kubernetes является kube-apiserver. kube-apiserver предназначен для горизонтального масштабирования, то есть развёртывание на несколько экземпляров. Вы можете запустить несколько экземпляров kube-apiserver и сбалансировать трафик между этими экземплярами.

• App ContainerLINK

  Application containers (or app containers) are the containersA lightweight and portable executable image that contains software and all of its dependencies. in a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. that are started after any init containersOne or more initialization containers that must run to completion before any app containers run. have completed.

  [+]

  An init container lets you separate initialization details that are important for the overall workloadA workload is an application running on Kubernetes. , and that don’t need to keep running once the application container has started. If a pod doesn’t have any init containers configured, all the containers in that pod are app containers.

• Application ArchitectLINK

  A person responsible for the high-level design of an application.

  [+]

  An architect ensures that an app’s implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.

• Application DeveloperLINK

  A person who writes an application that runs in a Kubernetes cluster.

  [+]

  An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.

• ApplicationsLINK

  The layer where various containerized applications run. [+]

  The layer where various containerized applications run.

• ApproverLINK

  A person who can review and approve Kubernetes code contributions.

  [+]

  While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.

• CertificateLINK

  A cryptographically secure file used to validate access to the Kubernetes cluster.

  [+]

  Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.

• cgroup (control group)LINK

  A group of Linux processes with optional resource isolation, accounting and limits.

  [+]

  cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.

• CIDRLINK

  CIDR (Classless Inter-Domain Routing) is a notation for describing blocks of IP addresses and is used heavily in various networking configurations.

  [+]

  In the context of Kubernetes, each NodeA node is a worker machine in Kubernetes. is assigned a range of IP addresses through the start address and a subnet mask using CIDR. This allows Nodes to assign each PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. a unique IP address. Although originally a concept for IPv4, CIDR has also been expanded to include IPv6.

• CLA (Contributor License Agreement)LINK

  Terms under which a contributorSomeone who donates code, documentation, or their time to help the Kubernetes project or community. grants a license to an open source project for their contributions.

  [+]

  CLAs help resolve legal disputes involving contributed material and intellectual property (IP).

• Cloud Controller ManagerLINK

  Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.

  [+]

  Kubernetes v1.6 contains a new binary called cloud-controller-manager. cloud-controller-manager is a daemon that embeds cloud-specific control loops. These cloud-specific control loops were originally in the kube-controller-manager. Since cloud providers develop and release at a different pace compared to the Kubernetes project, abstracting the provider-specific code to the cloud-controller-manager binary allows cloud vendors to evolve independently from the core Kubernetes code.

• Cloud Native Computing Foundation (CNCF)LINK

  The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.

  Kubernetes is a CNCF project.

  [+]

  The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.

• Cloud ProviderLINK

  Также известный как:Cloud Service Provider
  

  A business or other organization that offers a cloud computing platform.

  [+]

  Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.

  Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.

  You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodesA node is a worker machine in Kubernetes. and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.

• Cluster ArchitectLINK

  A person who designs infrastructure that involves one or more Kubernetes clusters.

  [+]

  Cluster architects are concerned with best practices for distributed systems, for example: high availability and security.

• Cluster InfrastructureLINK

  The infrastructure layer provides and maintains VMs, networking, security groups and others. [+]

  The infrastructure layer provides and maintains VMs, networking, security groups and others.

• Cluster OperationsLINK

  The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.

  [+]

  Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.

• Cluster OperatorLINK

  A person who configures, controls, and monitors clusters.

  [+]

  Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.
  

  Note: Cluster operators are different from the Operator pattern that extends the Kubernetes API.

• Code ContributorLINK

  A person who develops and contributes code to the Kubernetes open source codebase.

  [+]

  They are also an active community memberA continuously active contributor in the K8s community. who participates in one or more Special Interest Groups (SIGs)Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. .

• ConfigMapLINK

  An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volumeA directory containing data, accessible to the containers in a pod. .

  [+]

  Allows you to decouple environment-specific configuration from your container imagesA lightweight and portable executable image that contains software and all of its dependencies. , so that your applications are easily portable. When storing confidential data use a Secret.

• Container Environment VariablesLINK

  Container environment variables are name=value pairs that provide useful information into containers running in a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.

  [+]

  Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containersA lightweight and portable executable image that contains software and all of its dependencies. . For example, file system details, information about the container itself, and other cluster resources such as service endpoints.

• Container Lifecycle HooksLINK

  The lifecycle hooks expose events in the ContainerA lightweight and portable executable image that contains software and all of its dependencies. management lifecycle and let the user run code when the events occur.

  [+]

  Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.

• Container network interface (CNI)LINK

  Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.

  [+]

  • For information on Kubernetes and CNI refer to this.
  • For information on Kubernetes and CNI, see “Network plugins”.
• Container runtime interface (CRI)LINK

  Интерфейс среды выполнения контейнера (Container Runtime Interface, CRI) — это API сред выполнения контейнера, которая интегрируется с kubelet на узле.

  [+]

  Для получения дополнительной информации смотрите API и спефикации CRI.

• Container Storage Interface (CSI)LINK

  The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.

  [+]

  CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage ClassA StorageClass provides a way for administrators to describe different available storage types. that uses that CSI driver.

  • CSI in the Kubernetes documentation
  • List of available CSI drivers
• containerdLINK

  Среда выполнения контейнера с упором на простоту, надежность и переносимость

  [+]

  containerd — среда выполнения контейнераПереносимый и не требовательный к ресурсам исполняемый экземпляр образа, содержащий приложение вместе со всеми его зависимостями. , который представляет собой демон для Linux или Windows. containerd заботится о получении и хранении образов контейнеров, запуске контейнеров, осуществлять доступ по сети и т.д.

• ContributorLINK

  Someone who donates code, documentation, or their time to help the Kubernetes project or community.

  [+]

  Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG)Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. participation, or organizing community events.

• ControllerLINK

  In Kubernetes, controllers are control loops that watch the state of your clusterA set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node. , then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.

  [+]

  Controllers watch the shared state of your cluster through the apiserverControl plane component that serves the Kubernetes API. (part of the Control PlaneThe container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers. ).

  Some controllers also run inside the control plane, providing control loops that are core to Kubernetes’ operations. For example: the deployment controller, the daemonset controller, the namespace controller, and the persistent volume controller (and others) all run within the kube-controller-managerControl Plane component that runs controller processes. .

• CRI-OLINK

  Инструмент, позволяющий использовать среды выполнения контейнеров формата OCI с помощью технологии Kubernetes CRI.

  [+]

  CRI-O — это реализация Container runtime interface (CRI)API сред выполнения контейнеров для интеграции с kubelet , позволяющая использовать среды выполнения контейнеровПереносимый и не требовательный к ресурсам исполняемый экземпляр образа, содержащий приложение вместе со всеми его зависимостями. , совместимые со спецификацией исполняемой среды контейнеров Open Container Initiative (OCI).

  Развертывание CRI-O позволяет Kubernetes использовать любую OCI-совместимую среду выполнения в качестве контейнерной среды выполнения для выполнения подовСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. и загружать образы OCI-контейнера из удаленных реестров.

• CronJobLINK

  Manages a Job that runs on a periodic schedule.

  [+]

  Similar to a line in a crontab file, a CronJob object specifies a schedule using the cron format.

• CustomResourceDefinitionLINK

  Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.

  [+]

  Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can’t meet your needs.

• DaemonSetLINK

  Гарантирует, что копия PodСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. выполняется в наборе узлов кластераНабор машин, так называемые узлы, которые запускают контейнеризированные приложения. Кластер имеет как минимум один рабочий узел. .

  [+]

  Используется для развертывания системных демонов, таких как сборщики логов и агенты мониторинга, которые, как правило, должны работать на каждом узлаУзел — рабочая машина в Kubernetes. .

• Data PlaneLINK

  The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network. [+]

  The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network.

• DeploymentLINK

  API-объект, управляющий реплицированным приложением.

  [+]

  Каждая реплика представляет PodСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. , а все Pod-объекты распределяются по узлам кластера.

• Developer (disambiguation)LINK

  May refer to: Application DeveloperA person who writes an application that runs in a Kubernetes cluster. , Code ContributorA person who develops and contributes code to the Kubernetes open source codebase. , or Platform DeveloperA person who customizes the Kubernetes platform to fit the needs of their project. .

  [+]

  This overloaded term may have different meanings depending on the context

• Device PluginLINK

  Device plugins run on worker NodesA node is a worker machine in Kubernetes. and provide Pods The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.

  [+]

  Device plugins advertise resources to the kubeletAn agent that runs on each node in the cluster. It makes sure that containers are running in a pod. , so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSetEnsures a copy of a Pod is running across a set of nodes in a cluster. , or install the device plugin software directly on each target Node.

  See Device Plugins for more information.

• DisruptionLINK

  Disruptions are events that lead to one or more PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. going out of service. A disruption has consequences for workload resources, such as DeploymentAn API object that manages a replicated application. , that rely on the affected Pods.

  [+]

  If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.

  See Disruptions for more information.

• DockerLINK

  Docker (в частности, Docker Engine) — это программное обеспечение для виртуализации на уровне операционной системы, которая также известна как контейнеризацияПереносимый и не требовательный к ресурсам исполняемый экземпляр образа, содержащий приложение вместе со всеми его зависимостями. .

  [+]

  Docker использует возможности изоляции ресурсов ядра Linux, такие как cgroups и пространства имен ядра, а также каскадно-объединённую файловую систему, например, OverlayFS и другие, чтобы независимые друг от друга контейнеры могли работать в одном экземпляре Linux без накладных расходов на запуск и поддержку работы виртуальных машин (VM).

• Downstream (disambiguation)LINK

  May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.

  [+]

  • In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
  • In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
• Dynamic Volume ProvisioningLINK

  Allows users to request automatic creation of storage VolumesA directory containing data, accessible to the containers in a pod. .

  [+]

  Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClassA StorageClass provides a way for administrators to describe different available storage types. , referring to a Volume PluginA Volume Plugin enables integration of storage within a Pod. that provisions a VolumeA directory containing data, accessible to the containers in a pod. and the set of parameters to pass to the Volume Plugin.

• EndpointSliceLINK

  A way to group network endpoints together with Kubernetes resources.

  [+]

  A scalable and extensible way to group network endpoints together. These can be used by kube-proxykube-proxy is a network proxy that runs on each node in the cluster. to establish network routes on each nodeA node is a worker machine in Kubernetes. .

• Ephemeral ContainerLINK

  A ContainerA lightweight and portable executable image that contains software and all of its dependencies. type that you can temporarily run inside a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .

  [+]

  If you want to investigate a Pod that’s running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.

• etcdLINK

  Распределённое и высоконадёжное хранилище данных в формате “ключ-значение”, которое используется как основное хранилище всех данных кластера в Kubernetes.

  [+]

  Если ваш кластер Kubernetes использует etcd в качестве основного хранилища, убедитесь, что у вас настроено резервное копирование данных.

  Вы можете найти подробную информацию о etcd в официальной документации.

• ExtensionsLINK

  Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.

  [+]

  Most cluster administrators will use a hosted or distribution instance of Kubernetes. As a result, most Kubernetes users will need to install extensions and fewer will need to author new ones.

• FlexVolumeLINK

  FlexVolume is an interface for creating out-of-tree volume plugins. The Container Storage InterfaceThe Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers. is a newer interface which addresses several problems with FlexVolumes.

  [+]

  FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSIThe Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers. driver if possible since it addresses the limitations with FlexVolumes.

  • FlexVolume in the Kubernetes documentation
  • More information on FlexVolumes
  • Volume Plugin FAQ for Storage Vendors
• Helm ChartLINK

  A package of pre-configured Kubernetes resources that can be managed with the Helm tool.

  [+]

  Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.

• Horizontal Pod AutoscalerLINK

  Также известный как:HPA
  

  An API resource that automatically scales the number of PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. replicas based on targeted CPU utilization or custom metric targets.

  [+]

  HPA is typically used with ReplicationControllersA (deprecated) API object that manages a replicated application. , DeploymentsAn API object that manages a replicated application. , or ReplicaSetsReplicaSet ensures that a specified number of Pod replicas are running at one time . It cannot be applied to objects that cannot be scaled, for example DaemonSetsEnsures a copy of a Pod is running across a set of nodes in a cluster. .

• HostAliasesLINK

  A HostAliases is a mapping between the IP address and hostname to be injected into a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. ’s hosts file.

  [+]

  HostAliases is an optional list of hostnames and IP addresses that will be injected into the Pod’s hosts file if specified. This is only valid for non-hostNetwork Pods.

• ImageLINK

  Stored instance of a ContainerA lightweight and portable executable image that contains software and all of its dependencies. that holds a set of software needed to run an application.

  [+]

  A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.

• IngressLINK

  An API object that manages external access to the services in a cluster, typically HTTP.

  [+]

  Ingress may provide load balancing, SSL termination and name-based virtual hosting.

• Init ContainerLINK

  One or more initialization containersA lightweight and portable executable image that contains software and all of its dependencies. that must run to completion before any app containers run.

  [+]

  Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.

• IstioLINK

  An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.

  [+]

  Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio’s control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.

• JobLINK

  A finite or batch task that runs to completion.

  [+]

  Creates one or more PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. objects and ensures that a specified number of them successfully terminate. As Pods successfully complete, the Job tracks the successful completions.

• KopsLINK

  A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters.

  [+]

  Note: kops has general availability support only for AWS. Support for using kops with GCE and VMware vSphere are in alpha.

  kops provisions your cluster with:

  • Fully automated installation
  • DNS-based cluster identification
  • Self-healing: everything runs in Auto-Scaling Groups
  • Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
  • High availability (HA) support
  • The ability to directly provision, or to generate Terraform manifests

  You can also build your own cluster using KubeadmA tool for quickly installing Kubernetes and setting up a secure cluster. as a building block. kops builds on the kubeadm work.

• kube-controller-managerLINK

  Компонент Control Plane запускает процессы контроллераA control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state. .

  [+]

  Вполне логично, что каждый контроллерA control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state. в свою очередь представляет собой отдельный процесс, и для упрощения все такие процессы скомпилированы в один двоичный файл и выполняются в одном процессе.

• kube-proxyLINK

  kube-proxy — сетевой прокси, работающий на каждом узле в кластере, и реализующий часть концепции сервисСпособ представления приложения, запущенного в наборе подов, в виде сетевого сервиса. .

  [+]

  kube-proxy конфигурирует правила сети на узлах. При помощи них разрешаются сетевые подключения к вашими подам изнутри и снаружи кластера.

  kube-proxy использует уровень фильтрации пакетов в операционной системы, если он доступен. В противном случае, kube-proxy сам обрабатывает передачу сетевого трафика.

• kube-schedulerLINK

  Компонент плоскости управления, который отслеживает созданные поды без привязанного узла и выбирает узел, на котором они должны работать.

  [+]

  При планировании развёртывания подов на узлах учитываются множество факторов, включая требования к ресурсам, ограничения, связанные с аппаратными/программными политиками, принадлежности (affinity) и непринадлежности (anti-affinity) узлов/подов, местонахождения данных, предельных сроков.

• KubeadmLINK

  A tool for quickly installing Kubernetes and setting up a secure cluster.

  [+]

  You can use kubeadm to install both the control plane and the worker nodeA node is a worker machine in Kubernetes. components.

• KubectlLINK

  A command line tool for communicating with a Kubernetes APIThe application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. server.

  [+]

  You can use kubectl to create, inspect, update, and delete Kubernetes objects.

• KubeletLINK

  Агент, работающий на каждом узле в кластере. Он следит за тем, чтобы контейнеры были запущены в поде.

  [+]

  Утилита kubelet принимает набор PodSpecs, и гарантирует работоспособность и исправность определённых в них контейнеров. Агент kubelet не отвечает за контейнеры, не созданные Kubernetes.

• Kubernetes APILINK

  The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.

  [+]

  Kubernetes resources and “records of intent” are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like kubectl. The core Kubernetes API is flexible and can also be extended to support custom resources.

• LimitRangeLINK

  Provides constraints to limit resource consumption per ContainersA lightweight and portable executable image that contains software and all of its dependencies. or PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. in a namespace.

  [+]

  LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual ContainersA lightweight and portable executable image that contains software and all of its dependencies. or PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. in a namespace.

• LoggingLINK

  Logs are the list of events that are logged by clusterA set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node. or application.

  [+]

  Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity.

• Managed ServiceLINK

  A software offering maintained by a third-party provider.

  [+]

  Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. .

• ManifestLINK

  Specification of a Kubernetes API object in JSON or YAML format.

  [+]

  A manifest specifies the desired state of an object that Kubernetes will maintain when you apply the manifest. Each configuration file can contain multiple manifests.

• MemberLINK

  A continuously active contributorSomeone who donates code, documentation, or their time to help the Kubernetes project or community. in the K8s community.

  [+]

  Members can have issues and PRs assigned to them and participate in special interest groups (SIGs)Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. through GitHub teams. Pre-submit tests are automatically run for members’ PRs. A member is expected to remain an active contributor to the community.

• MinikubeLINK

  A tool for running Kubernetes locally.

  [+]

  Minikube runs a single-node cluster inside a VM on your computer. You can use Minikube to try Kubernetes in a learning environment.

• Mirror PodLINK

  A podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. object that a kubelet uses to represent a static podA pod managed directly by the kubelet daemon on a specific node.

  [+]

  When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.

  (For example, removing a mirror pod will not stop the kubelet daemon from running it).

• NameLINK

  A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name.

  [+]

  Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.

• NamespaceLINK

  An abstraction used by Kubernetes to support multiple virtual clusters on the same physical clusterA set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node. .

  [+]

  Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces.

• Network PolicyLINK

  A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.

  [+]

  Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. NetworkPolicy resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.

• NodeLINK

  Узел — рабочая машина в Kubernetes.

  [+]

  Рабочий узел может быть как виртуальной, так и физической машиной, в зависимости от кластера. У него есть локальные демоны или сервисы, необходимые для запуска подовСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. , а сам он управляется плоскостью управления. Демоны на узле включают в себя kubeletАгент, работающий на каждом узле в кластере. Он следит за тем, чтобы контейнеры были запущены в поде. , kube-proxykube-proxy — сетевой прокси, работающий на каждом узле в кластере. и среду выполнения контейнера, основанную на CRIAPI сред выполнения контейнеров для интеграции с kubelet , например DockerDocker — это программное обеспечение для виртуализации на уровне операционной системы, которая известна как контейнеризация. .

• Operator patternLINK

  The operator pattern is a system design that links a ControllerA control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state. to one or more custom resources.

  [+]

  You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.

  If a running application acts as a controller and has API access to carry out tasks against a custom resource that’s defined in the control plane, that’s an example of the Operator pattern.

• Persistent VolumeLINK

  An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .

  [+]

  PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.

• Persistent Volume ClaimLINK

  Claims storage resources defined in a PersistentVolumeAn API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod. so that it can be mounted as a volume in a containerA lightweight and portable executable image that contains software and all of its dependencies. .

  [+]

  Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are described in the PersistentVolume object.

• Platform DeveloperLINK

  A person who customizes the Kubernetes platform to fit the needs of their project.

  [+]

  A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributorsSomeone who donates code, documentation, or their time to help the Kubernetes project or community. and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.

• PodLINK

  Самый маленький и простой объект в Kubernetes. Объект Pod — набор запущенных контейнеровПереносимый и не требовательный к ресурсам исполняемый экземпляр образа, содержащий приложение вместе со всеми его зависимостями. в кластере.

  [+]

  Как правило, один под предназначен для выполнения одного основного контейнера. Он также может запускать дополнительные “прицепные” (sidecar) контейнеры, добавляющие новые функциональные возможности, например, логирование. Контейнеры обычно управляются DeploymentAPI-объект, управляющий реплицированным приложением. .

• Pod Disruption BudgetLINK

  Также известный как:PDB
  A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time. PDBs cannot prevent an involuntary disruption, but will count against the budget. [+]

  A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time. PDBs cannot prevent an involuntary disruption, but will count against the budget.

• Pod LifecycleLINK

  The sequence of states through which a Pod passes during its lifetime.

  [+]

  The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown. A high-level description of the Pod state is summarized in the PodStatus phase field.

• Pod PriorityLINK

  Pod Priority indicates the importance of a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. relative to other Pods.

  [+]

  Pod Priority gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.

• Pod Security PolicyLINK

  Enables fine-grained authorization of PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. creation and updates.

  [+]

  A cluster-level resource that controls security sensitive aspects of the Pod specification. The PodSecurityPolicy objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.

• PodPresetLINK

  An API object that injects information such as secrets, volume mounts, and environment variables into PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. at creation time.

  [+]

  This object chooses the Pods to inject information into using standard selectors. This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.

• PreemptionLINK

  Preemption logic in Kubernetes helps a pending PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. to find a suitable NodeA node is a worker machine in Kubernetes. by evicting low priority Pods existing on that Node.

  [+]

  If a Pod cannot be scheduled, the scheduler tries to preempt lower priority Pods to make scheduling of the pending Pod possible.

• ProxyLINK

  In computing, a proxy is a server that acts as an intermediary for a remote service.

  [+]

  A client interacts with the proxy; the proxy copies the client’s data to the actual server; the actual server replies to the proxy; the proxy sends the actual server’s reply to the client.

  kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes ServiceA way to expose an application running on a set of Pods as a network service. concept.

  You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.

• QoS ClassLINK

  QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.

  [+]

  QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod: Guaranteed, Burstable or BestEffort.

• QuantityLINK

  A whole-number representation of small or large numbers using SI suffixes.

  [+]

  Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.

  For instance, the number 1.5 is represented as 1500m, while the number 1000 can be represented as 1k, and 1000000 as 1M. You can also specify binary-notation suffixes; the number 2048 can be written as 2Ki.

  The accepted decimal (power-of-10) units are m (milli), k (kilo, intentionally lowercase), M (mega), G (giga), T (tera), P (peta), E (exa).

  The accepted binary (power-of-2) units are Ki (kibi), Mi (mebi), Gi (gibi), Ti (tebi), Pi (pebi), Ei (exbi).

• RBAC (Role-Based Access Control)LINK

  Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes APIThe application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. .

  [+]

  RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.

• ReplicaSetLINK

  A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.

  [+]

  Workload objects such as DeploymentAn API object that manages a replicated application. make use of ReplicaSets to ensure that the configured number of PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. are running in your cluster, based on the spec of that ReplicaSet.

• ReplicationControllerLINK

  A workload resource that manages a replicated application, ensuring that a specific number of instances of a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. are running.

  [+]

  The control plane ensures that the defined number of Pods are running, even if some Pods fail, if you delete Pods manually, or if too many are started by mistake.

  Note: ReplicationController is deprecated. See DeploymentAn API object that manages a replicated application. , which is similar.

• Resource QuotasLINK

  Provides constraints that limit aggregate resource consumption per NamespaceAn abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster. .

  [+]

  Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.

• ReviewerLINK

  A person who reviews code for quality and correctness on some part of the project.

  [+]

  Reviewers are knowledgeable about both the codebase and software engineering principles. Reviewer status is scoped to a part of the codebase.

• rktLINK

  A security-minded, standards-based container engine.

  [+]

  rkt is an application containerA lightweight and portable executable image that contains software and all of its dependencies. engine featuring a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. -native approach, a pluggable execution environment, and a well-defined surface area. rkt allows users to apply different configurations at both the Pod and application level. Each Pod executes directly in the classic Unix process model, in a self-contained, isolated environment.

• SecretLINK

  Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.

  [+]

  Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including encryption at rest. A PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and ConfigMaps for non-confidential data.

• Security ContextLINK

  The securityContext field defines privilege and access control settings for a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. or containerA lightweight and portable executable image that contains software and all of its dependencies. .

  [+]

  In a securityContext, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).

  The PodSpec.securityContext setting applies to all containers in a Pod.

• Service AccountLINK

  Provides an identity for processes that run in a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .

  [+]

  When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, default. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same NamespaceAn abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster. .

• Service BrokerLINK

  An endpoint for a set of Managed ServicesA software offering maintained by a third-party provider. offered and maintained by a third-party.

  [+]

  Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.

• Service CatalogLINK

  An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.

  [+]

  It provides a way to list, provision, and bind with external Managed ServicesA software offering maintained by a third-party provider. from Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. without needing detailed knowledge about how those services are created or managed.

• shuffle shardingLINK

  A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.

  [+]

  We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use. The hash function uses as input characteristics of the request that align with flows. For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.

  That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue. Providing good insulation for a large number of flows requires a large number of queues, which is problematic. Shuffle sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows. The terminology of shuffle sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card. The shuffle sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.

• SIG (special interest group)LINK

  Community membersA continuously active contributor in the K8s community. who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.

  [+]

  Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. SIGs must follow the SIG governance guidelines, but can have their own contribution policy and channels of communication.

  For more information, see the kubernetes/community repo and the current list of SIGs and Working Groups.

• StatefulSetLINK

  Manages the deployment and scaling of a set of PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. , and provides guarantees about the ordering and uniqueness of these Pods.

  [+]

  Like a DeploymentAn API object that manages a replicated application. , a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

• Static PodLINK

  A podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. managed directly by the kubelet daemon on a specific node,

  [+]

  without the API server observing it.

• Storage ClassLINK

  A StorageClass provides a way for administrators to describe different available storage types.

  [+]

  StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields provisioner, parameters, and reclaimPolicy, which are used when a Persistent VolumeAn API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod. belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.

• sysctlLINK

  sysctl is a semi-standardized interface for reading or changing the attributes of the running Unix kernel.

  [+]

  On Unix-like systems, sysctl is both the name of the tool that administrators use to view and modify these settings, and also the system call that the tool uses.

  ContainerA lightweight and portable executable image that contains software and all of its dependencies. runtimes and network plugins may rely on sysctl values being set a certain way.

• TaintLINK

  A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. on nodesA node is a worker machine in Kubernetes. or node groups.

  [+]

  Taints and tolerationsA core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have a matching taint. work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.

• TolerationLINK

  A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. .

  [+]

  Tolerations and taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. work together to ensure that pods are not scheduled onto inappropriate nodes. One or more tolerations are applied to a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. . A toleration indicates that the podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. is allowed (but not required) to be scheduled on nodes or node groups with matching taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. .

• UIDLINK

  A Kubernetes systems-generated string to uniquely identify objects.

  [+]

  Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.

• Upstream (disambiguation)LINK

  May refer to: core Kubernetes or the source repo from which a repo was forked.

  [+]

  • In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
  • In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
• VolumeLINK

  A directory containing data, accessible to the containersA lightweight and portable executable image that contains software and all of its dependencies. in a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .

  [+]

  A Kubernetes volume lives as long as the Pod that encloses it. Consequently, a volume outlives any containers that run within the Pod, and data in the volume is preserved across container restarts.

  See storage for more information.

• Volume PluginLINK

  A Volume Plugin enables integration of storage within a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .

  [+]

  A Volume Plugin lets you attach and mount storage volumes for use by a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. . Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.

• WG (working group)LINK

  Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIGCommunity members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. , or cross-SIG effort.

  [+]

  Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.

  For more information, see the kubernetes/community repo and the current list of SIGs and working groups.

• WorkloadLINK

  A workload is an application running on Kubernetes.

  [+]

  Various core objects that represent different types or parts of a workload include the DaemonSet, Deployment, Job, ReplicaSet, and StatefulSet objects.

  For example, a workload that has a web server and a database might run the database in one StatefulSetManages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. and the web server in a DeploymentAn API object that manages a replicated application. .

• КластерLINK

  Набор машин, так называемые узлы, которые запускают контейнеризированные приложения. Кластер имеет как минимум один рабочий узел.

  [+]

  В рабочих узлах размещены поды, являющиеся компонентами приложения. Плоскость управления управляет рабочими узлами и подами в кластере. В промышленных средах плоскость управления обычно запускается на нескольких компьютерах, а кластер, как правило, развёртывается на нескольких узлах, гарантируя отказоустойчивость и высокую надёжность.

• КонтейнерLINK

  Переносимый и не требовательный к ресурсам исполняемый экземпляр образа, содержащий приложение вместе со всеми его зависимостями.

  [+]

  Контейнеры изолирует приложения от инфраструктуры хост-машины, чтобы обеспечить простое масштабирование и упростить развёртывание в различных средах облачных платформ или операционных систем.

• МеткаLINK

  Группирует объекты на основе произвольных критериев, по которым пользователи могут их идентифицировать.

  [+]

  Метки — это пары “ключ-значение”, которые прикрепляются к таким объектам, как PodСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. . Они используются для организации и получения подмножеств объектов.

• Плоскость управления (Control Plane)LINK

  Уровень оркестрации контейнеров с API и интерфейсами для определения, развёртывания и управления жизненным циклом контейнеров. [+]

  Уровень оркестрации контейнеров с API и интерфейсами для определения, развёртывания и управления жизненным циклом контейнеров.

• СелекторLINK

  Позволяет пользователям фильтровать список ресурсов по меткам.

  [+]

  Селекторы применяются при создании запросов для фильтрации списков ресурсов по меткамГруппирует объекты на основе произвольных критериев, по которым пользователи могут их идентифицировать. .

• Сервис (Service)LINK

  Абстрактный способ представления приложения, запущенного в наборе подовСамый маленький и простой объект в Kubernetes. Под — это набор запущенных контейнеров в кластере. , в виде сетевого сервиса.

  [+]

  Набор подов, из которых состоит сервис, определяется (как правило) селекторомПозволяет пользователям фильтровать список ресурсов по меткам. . При добавлении или удалении подов, набор подов, соответствующий селектору, изменится. Сервис обеспечивает, что сетевой трафик может быть направлен на текущий набор подов для планирования рабочей нагрузки.

• Среда выполнения контейнераLINK

  Среда выполнения контейнера — это программа, предназначенная для выполнения контейнеров.

  [+]

  Kubernetes поддерживает несколько сред для запуска контейнеров: DockerDocker — это программное обеспечение для виртуализации на уровне операционной системы, которая известна как контейнеризация. , containerdСреда выполнения контейнера с упором на простоту, надежность и переносимость , CRI-OОптимизированная среда выполнения контейнеров, разработанная специально для Kubernetes , и любая реализация Kubernetes CRI (Container Runtime Interface).

Обратная связь

Была ли эта страница полезной?

Спасибо за отзыв! Если у вас есть конкретный вопрос об использовании Kubernetes, спрашивайте Stack Overflow. Сообщите о проблеме в репозитории GitHub, если вы хотите сообщить о проблеме или предложить улучшение.