Standardized Glossary
この用語集は、Kubernetesの用語の包括的で標準化されたリストを対象としています。これには、Kubernetesに固有で有用なコンテキストを提供しつつも、より一般的な技術用語が含まれています。
タグに従って用語をフィルタ
Click on the [+] 特定の用語の詳細な説明を取得するには、以下のインジケータを使用します。
- Add-onsLINK
Resources that extend the functionality of Kubernetes.
[+]Installing addons explains more about using add-ons with your cluster, and lists some popular add-ons.
- Admission ControllerLINK
A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.
[+]Admission controllers are configurable for the Kubernetes API server and may be “validating”, “mutating”, or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.
- Aggregation LayerLINK
The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
[+]When you’ve configured the Kubernetes API ServerControl plane component that serves the Kubernetes API. to support additional APIs, you can add
APIService
objects to “claim” a URL path in the Kubernetes API. - AnnotationLINK
A key-value pair that is used to attach arbitrary non-identifying metadata to objects.
[+]The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labelsTags objects with identifying attributes that are meaningful and relevant to users. . Clients such as tools and libraries can retrieve this metadata.
- API GroupLINK
A set of related paths in Kubernetes API.
[+]You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the
apiVersion
field of a serialized object.- Read API Group for more information.
- App ContainerLINK
Application containers (or app containers) are the containersA lightweight and portable executable image that contains software and all of its dependencies. in a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. that are started after any init containersOne or more initialization containers that must run to completion before any app containers run. have completed.
[+]An init container lets you separate initialization details that are important for the overall workloadA workload is an application running on Kubernetes. , and that don’t need to keep running once the application container has started. If a pod doesn’t have any init containers configured, all the containers in that pod are app containers.
- Application ArchitectLINK
A person responsible for the high-level design of an application.
[+]An architect ensures that an app’s implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
- ApproverLINK
A person who can review and approve Kubernetes code contributions.
[+]While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
- CIDRLINK
CIDR (Classless Inter-Domain Routing) is a notation for describing blocks of IP addresses and is used heavily in various networking configurations.
[+]In the context of Kubernetes, each NodeA node is a worker machine in Kubernetes. is assigned a range of IP addresses through the start address and a subnet mask using CIDR. This allows Nodes to assign each PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. a unique IP address. Although originally a concept for IPv4, CIDR has also been expanded to include IPv6.
- CLA (Contributor License Agreement)LINK
Terms under which a contributorSomeone who donates code, documentation, or their time to help the Kubernetes project or community. grants a license to an open source project for their contributions.
[+]CLAs help resolve legal disputes involving contributed material and intellectual property (IP).
- Cloud Controller ManagerLINK
Cloud Controller Manager is an alpha feature in 1.8. In upcoming releases it will be the preferred way to integrate Kubernetes with any cloud.
[+]Kubernetes v1.6 contains a new binary called cloud-controller-manager. cloud-controller-manager is a daemon that embeds cloud-specific control loops. These cloud-specific control loops were originally in the kube-controller-manager. Since cloud providers develop and release at a different pace compared to the Kubernetes project, abstracting the provider-specific code to the cloud-controller-manager binary allows cloud vendors to evolve independently from the core Kubernetes code.
- Cloud Native Computing Foundation (CNCF)LINK
The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.
Kubernetes is a CNCF project.
[+]The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.
- Cloud ProviderLINKまたの名を:Cloud Service Provider
A business or other organization that offers a cloud computing platform.
[+]Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.
Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.
You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodesA node is a worker machine in Kubernetes. and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.
- Cluster OperationsLINK
The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.
[+]Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.
- Code ContributorLINK
A person who develops and contributes code to the Kubernetes open source codebase.
[+]They are also an active community memberA continuously active contributor in the K8s community. who participates in one or more Special Interest Groups (SIGs)Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. .
- ConfigMapLINK
An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volumeA directory containing data, accessible to the containers in a pod. .
[+]Allows you to decouple environment-specific configuration from your container imagesA lightweight and portable executable image that contains software and all of its dependencies. , so that your applications are easily portable. When storing confidential data use a Secret.
- Container Environment VariablesLINK
Container environment variables are name=value pairs that provide useful information into containers running in a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.
[+]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containersA lightweight and portable executable image that contains software and all of its dependencies. . For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
- Container Lifecycle HooksLINK
The lifecycle hooks expose events in the ContainerA lightweight and portable executable image that contains software and all of its dependencies. management lifecycle and let the user run code when the events occur.
[+]Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.
- Container network interface (CNI)LINK
Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
[+]- For information on Kubernetes and CNI refer to this.
- For information on Kubernetes and CNI, see “Network plugins”.
- containerdLINK
A container runtime with an emphasis on simplicity, robustness and portability
[+]containerd is a containerA lightweight and portable executable image that contains software and all of its dependencies. runtime that runs as a daemon on Linux or Windows. containerd takes care of fetching and storing container images, executing containers, providing network access, and more.
- ControllerLINK
クラスターの状態をapiserverKubernetes APIを外部に提供する、マスター上のコンポーネントです。これがKubernetesコントロールプレーンのフロントエンドになります。 から取得して監視する制御ループで、現在の状態を望ましい状態に移行するように更新します。
[+]現在Kubernetesに同梱されているコントローラーの例には、レプリケーションコントローラー、エンドポイントコントローラー、名前空間コントローラー、およびサービスアカウントコントローラーがあります。
- CRI-OLINK
A tool that lets you use OCI container runtimes with Kubernetes CRI.
[+]CRI-O is an implementation of the Container runtime interface (CRI)An API for container runtimes to integrate with kubelet to enable using containerA lightweight and portable executable image that contains software and all of its dependencies. runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.
Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. , and to fetch OCI container images from remote registries.
- DaemonSetLINK
Pod一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 のコピーがクラスターKubernetesが管理するコンテナ化されたアプリケーションを実行する、ノードと呼ばれるマシンの集合です。クラスターには、少なくとも1つのワーカーノードと少なくとも1つのマスターノードがあります。 内の一連のNodeに渡って実行されることを保証します。
[+]通常ノードノードはKubernetesのワーカーマシンです。 で実行する必要があるログコレクターや監視エージェントなどのシステムデーモンをデプロイするために使用します。
- DeploymentLINK
複製されたアプリケーションを管理するAPIオブジェクト。
[+]各レプリカはPod一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 で表され、ポッドはクラスターのノード間で分散されます。
- Developer (disambiguation)LINK
May refer to: Application DeveloperA person who writes an application that runs in a Kubernetes cluster. , Code ContributorA person who develops and contributes code to the Kubernetes open source codebase. , or Platform DeveloperA person who customizes the Kubernetes platform to fit the needs of their project. .
[+]This overloaded term may have different meanings depending on the context
- Device PluginLINK
Device plugins run on worker NodesA node is a worker machine in Kubernetes. and provide Pods The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.
[+]Device plugins advertise resources to the kubeletAn agent that runs on each node in the cluster. It makes sure that containers are running in a pod. , so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSetEnsures a copy of a Pod is running across a set of nodes in a cluster. , or install the device plugin software directly on each target Node.
See Device Plugins for more information.
- DisruptionLINK
Disruptions are events that lead to one or more PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. going out of service. A disruption has consequences for workload resources, such as DeploymentAn API object that manages a replicated application. , that rely on the affected Pods.
[+]If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.
See Disruptions for more information.
- DockerLINK
Docker (specifically, Docker Engine) is a software technology providing operating-system-level virtualization also known as containersA lightweight and portable executable image that contains software and all of its dependencies. .
[+]Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent containers to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines (VMs).
- Downstream (disambiguation)LINK
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
[+]- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
- Dynamic Volume ProvisioningLINK
Allows users to request automatic creation of storage VolumesA directory containing data, accessible to the containers in a pod. .
[+]Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClassA StorageClass provides a way for administrators to describe different available storage types. , referring to a Volume PluginA Volume Plugin enables integration of storage within a Pod. that provisions a VolumeA directory containing data, accessible to the containers in a pod. and the set of parameters to pass to the Volume Plugin.
- EndpointSliceLINK
A way to group network endpoints together with Kubernetes resources.
[+]A scalable and extensible way to group network endpoints together. These can be used by kube-proxykube-proxy is a network proxy that runs on each node in the cluster. to establish network routes on each nodeA node is a worker machine in Kubernetes. .
- Ephemeral ContainerLINK
A ContainerA lightweight and portable executable image that contains software and all of its dependencies. type that you can temporarily run inside a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .
[+]If you want to investigate a Pod that’s running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.
- ExtensionsLINK
Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.
[+]Most cluster administrators will use a hosted or distribution instance of Kubernetes. As a result, most Kubernetes users will need to install extensions and fewer will need to author new ones.
- FlexVolumeLINK
FlexVolume is an interface for creating out-of-tree volume plugins. The Container Storage InterfaceThe Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers. is a newer interface which addresses several problems with FlexVolumes.
[+]FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSIThe Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers. driver if possible since it addresses the limitations with FlexVolumes.
- Helm ChartLINK
A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
[+]Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
- Horizontal Pod AutoscalerLINKまたの名を:HPA
An API resource that automatically scales the number of PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. replicas based on targeted CPU utilization or custom metric targets.
[+]HPA is typically used with ReplicationControllersKubernetes service that ensures a specific number of instances of a pod are always running. , DeploymentsAn API object that manages a replicated application. , or ReplicaSetsReplicaSet ensures that a specified number of Pod replicas are running at one time . It cannot be applied to objects that cannot be scaled, for example DaemonSetsEnsures a copy of a Pod is running across a set of nodes in a cluster. .
- HostAliasesLINK
A HostAliases is a mapping between the IP address and hostname to be injected into a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. ’s hosts file.
[+]HostAliases is an optional list of hostnames and IP addresses that will be injected into the Pod’s hosts file if specified. This is only valid for non-hostNetwork Pods.
- ImageLINK
Stored instance of a ContainerA lightweight and portable executable image that contains software and all of its dependencies. that holds a set of software needed to run an application.
[+]A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.
- Init ContainerLINK
One or more initialization containersA lightweight and portable executable image that contains software and all of its dependencies. that must run to completion before any app containers run.
[+]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
- IstioLINK
An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
[+]Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio’s control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
- JobLINK
A finite or batch task that runs to completion.
[+]Creates one or more PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. objects and ensures that a specified number of them successfully terminate. As Pods successfully complete, the Job tracks the successful completions.
- KopsLINK
A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters.
[+]Note: kops has general availability support only for AWS. Support for using kops with GCE and VMware vSphere are in alpha.kops
provisions your cluster with:- Fully automated installation
- DNS-based cluster identification
- Self-healing: everything runs in Auto-Scaling Groups
- Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
- High availability (HA) support
- The ability to directly provision, or to generate Terraform manifests
You can also build your own cluster using KubeadmA tool for quickly installing Kubernetes and setting up a secure cluster. as a building block.
kops
builds on the kubeadm work. - kube-apiserverLINK
Kubernetes APIを外部に提供する、マスター上のコンポーネントです。これがKubernetesコントロールプレーンのフロントエンドになります。
[+]このコンポーネントは、水平スケールするように設計されています。つまり追加でインスタンスを足すことでスケール可能です。さらなる情報は、高可用性クラスターを構築するを確認してください。
- kube-controller-managerLINK
マスター上に存在し、controllersクラスターの状態をAPIサーバーから取得、見張る制御ループで、現在の状態を望ましい状態に移行するように更新します。 を実行するコンポーネントです。
[+]論理的には、各controllerクラスターの状態をAPIサーバーから取得、見張る制御ループで、現在の状態を望ましい状態に移行するように更新します。 は個別のプロセスですが、複雑になるのを避けるために一つの実行ファイルにまとめてコンパイルされ、単一のプロセスとして動きます。
- kube-proxyLINK
kube-proxy はクラスター内の各Nodeで動作しているネットワークプロキシで、KubernetesのServicePodの集合で実行されているアプリケーションをネットワークサービスとして公開する方法。 コンセプトの一部を実装しています。
[+]kube-proxyは、Nodeのネットワークルールをメンテナンスします。これらのネットワークルールにより、クラスターの内部または外部のネットワークセッションからPodへのネットワーク通信が可能になります。
kube-proxyは、オペレーティングシステムにパケットフィルタリング層があり、かつ使用可能な場合、パケットフィルタリング層を使用します。それ以外の場合は自身でトラフィックを転送します。
- KubeadmLINK
A tool for quickly installing Kubernetes and setting up a secure cluster.
[+]You can use kubeadm to install both the control plane and the worker nodeA node is a worker machine in Kubernetes. components.
- KubectlLINK
A command line tool for communicating with a Kubernetes APIThe application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. server.
[+]You can use kubectl to create, inspect, update, and delete Kubernetes objects.
- Kubernetes APILINK
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[+]Kubernetes resources and “records of intent” are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like
kubectl
. The core Kubernetes API is flexible and can also be extended to support custom resources. - LabelLINK
Tags objects with identifying attributes that are meaningful and relevant to users.
[+]Labels are key/value pairs that are attached to objects such as PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. . They are used to organize and to select subsets of objects.
- LimitRangeLINK
Provides constraints to limit resource consumption per ContainersA lightweight and portable executable image that contains software and all of its dependencies. or PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. in a namespace.
[+]LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual ContainersA lightweight and portable executable image that contains software and all of its dependencies. or PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. in a namespace.
- LoggingLINK
Logs are the list of events that are logged by clusterA set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node. or application.
[+]Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity.
- Managed ServiceLINK
A software offering maintained by a third-party provider.
[+]Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. .
- MinikubeLINK
A tool for running Kubernetes locally.
[+]Minikube runs a single-node cluster inside a VM on your computer. You can use Minikube to try Kubernetes in a learning environment.
- Mirror PodLINK
A podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. object that a kubelet uses to represent a static podA pod managed directly by the kubelet daemon on a specific node.
[+]When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.
(For example, removing a mirror pod will not stop the kubelet daemon from running it).
- NamespaceLINK
同一の物理クラスターKubernetesが管理するコンテナ化されたアプリケーションを実行する、ノードと呼ばれるマシンの集合です。クラスターには、少なくとも1つのワーカーノードと少なくとも1つのマスターノードがあります。 上で複数の仮想クラスターをサポートするために使われる抽象概念です。
[+]Namespaceはクラスター内のオブジェクトをまとめたり、クラスターのリソースを分離するための方法を提供します。
リソース名は、Namespace内で一意である必要がありますが、Namespaceをまたいだ場合はその必要はないです。 - Network PolicyLINK
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
[+]Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on.
NetworkPolicy
resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect. - Operator patternLINK
The operator pattern is a system design that links a ControllerA control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state. to one or more custom resources.
[+]You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.
If a running application acts as a controller and has API access to carry out tasks against a custom resource that’s defined in the control plane, that’s an example of the Operator pattern.
- PodLINK
一番小さく一番シンプルなKubernetesのオブジェクト。Podとはクラスターで動作しているいくつかのコンテナ軽量でポータブルなソフトウェアとそのすべての依存関係が含まれている実行可能なイメージ のまとまりです。
[+]通常、Pod は一つの主コンテナを実行するように設定されます。ロギングなどの補足機能を付加する、取り外し可能なサイドカーコンテナを実行することもできます。Pod は通常 Deployment複製されたアプリケーションを管理するAPIオブジェクト。 によって管理されます。
- Pod Disruption BudgetLINKまたの名を:PDB
A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time. PDBs cannot prevent an involuntary disruption, but will count against the budget. [+]A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time. PDBs cannot prevent an involuntary disruption, but will count against the budget.
- Pod LifecycleLINK
The sequence of states through which a Pod passes during its lifetime.
[+]The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown. A high-level description of the Pod state is summarized in the PodStatus
phase
field. - Pod PriorityLINK
Pod Priority indicates the importance of a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. relative to other Pods.
[+]Pod Priority gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.
- Pod Security PolicyLINK
Enables fine-grained authorization of PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. creation and updates.
[+]A cluster-level resource that controls security sensitive aspects of the Pod specification. The
PodSecurityPolicy
objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller. - PodPresetLINK
An API object that injects information such as secrets, volume mounts, and environment variables into PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. at creation time.
[+]This object chooses the Pods to inject information into using standard selectors. This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.
- PreemptionLINK
Preemption logic in Kubernetes helps a pending PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. to find a suitable NodeA node is a worker machine in Kubernetes. by evicting low priority Pods existing on that Node.
[+]If a Pod cannot be scheduled, the scheduler tries to preempt lower priority Pods to make scheduling of the pending Pod possible.
- ProxyLINK
In computing, a proxy is a server that acts as an intermediary for a remote service.
[+]A client interacts with the proxy; the proxy copies the client’s data to the actual server; the actual server replies to the proxy; the proxy sends the actual server’s reply to the client.
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes ServiceA way to expose an application running on a set of Pods as a network service. concept.
You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.
- QoS ClassLINK
QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.
[+]QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod:
Guaranteed
,Burstable
orBestEffort
. - QuantityLINK
A whole-number representation of small or large numbers using SI suffixes.
[+]Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.
For instance, the number
1.5
is represented as1500m
, while the number1000
can be represented as1k
, and1000000
as1M
. You can also specify binary-notation suffixes; the number 2048 can be written as2Ki
.The accepted decimal (power-of-10) units are
m
(milli),k
(kilo, intentionally lowercase),M
(mega),G
(giga),T
(tera),P
(peta),E
(exa).The accepted binary (power-of-2) units are
Ki
(kibi),Mi
(mebi),Gi
(gibi),Ti
(tebi),Pi
(pebi),Ei
(exbi). - RBAC (Role-Based Access Control)LINK
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes APIThe application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. .
[+]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
- ReplicaSetLINK
A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.
[+]Workload objects such as DeploymentAn API object that manages a replicated application. make use of ReplicaSets to ensure that the configured number of PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. are running in your cluster, based on the spec of that ReplicaSet.
- Replication ControllerLINK
Kubernetes service that ensures a specific number of instances of a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. are always running.
[+]Will automatically add or remove running instances of a pod, based on a set value for that pod. Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.
- Resource QuotasLINK
Provides constraints that limit aggregate resource consumption per NamespaceAn abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster. .
[+]Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.
- rktLINK
A security-minded, standards-based container engine.
[+]rkt is an application containerA lightweight and portable executable image that contains software and all of its dependencies. engine featuring a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. -native approach, a pluggable execution environment, and a well-defined surface area. rkt allows users to apply different configurations at both the Pod and application level. Each Pod executes directly in the classic Unix process model, in a self-contained, isolated environment.
- SecretLINK
Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.
[+]Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including encryption at rest. A PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and ConfigMaps for non-confidential data.
- Security ContextLINK
The
[+]securityContext
field defines privilege and access control settings for a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. or containerA lightweight and portable executable image that contains software and all of its dependencies. .In a
securityContext
, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).The
PodSpec.securityContext
setting applies to all containers in a Pod. - ServiceLINK
Pods一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 の集合で実行されているアプリケーションをネットワークサービスとして公開する抽象的な方法。
[+]Serviceが対象とするPodの集合は、(通常)セレクターユーザーはラベルに基づいてリソースのリストをフィルタリングできます。 によって決定されます。 Podを追加または削除するとセレクターにマッチしているPodの集合は変更されます。 Serviceは、ネットワークトラフィックが現在そのワークロードを処理するPodの集合に向かうことを保証します。
- Service AccountLINK
Provides an identity for processes that run in a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .
[+]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example,
default
. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same NamespaceAn abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster. . - Service BrokerLINK
An endpoint for a set of Managed ServicesA software offering maintained by a third-party provider. offered and maintained by a third-party.
[+]Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
- Service CatalogLINK
An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
[+]It provides a way to list, provision, and bind with external Managed ServicesA software offering maintained by a third-party provider. from Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. without needing detailed knowledge about how those services are created or managed.
- SIG (special interest group)LINK
大規模なKubernetesオープンソースプロジェクトにおいて、開発中の部分または側面を集合的に管理するコミュニティメンバーK8sコミュニティの継続的かつアクティブなコントリビューター
[+]SIGのメンバーは、アーキテクチャ、API machinery、ドキュメンテーションといった、特定のエリアの改善に共通の関心をもっています。 SIGはSIGガバナンスガイドラインに準拠していなければなりませんが、独自の貢献ポリシーやコミュニケーションのチャンネルを持つことが可能です。
さらなる情報はコミュニティ (kubernetes/community)リポジトリとSIGとワーキンググループを参照して下さい。
- StatefulSetLINK
StatefulSetはDeploymentとPod一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 のセットのスケーリングの管理をし、それらのPodの順序とユニーク性を保証 します。
[+]Deployment複製されたアプリケーションを管理するAPIオブジェクト。 のように、StatefulSetは指定したコンテナのspecに基づいてPodを管理します。Deploymentとは異なり、StatefulSetは各Podにおいて管理が大変な同一性を維持します。これらのPodは同一のspecから作成されますが、それらは交換可能ではなく、リスケジュール処理をまたいで維持される永続的な識別子を持ちます。
StatefulSetは他のコントローラーと同様のパターンで動作します。ユーザーはStatefulSetオブジェクト の理想的な状態を定義し、StatefulSetコントローラー は現在の状態から、理想状態になるために必要なアップデートを行います。
- Static PodLINK
A podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. managed directly by the kubelet daemon on a specific node,
[+]without the API server observing it.
- StorageClassLINK
StorageClassは管理者が利用可能なさまざまなストレージタイプを記述する方法を提供します。
[+]StorageClassはサービス品質レベル、バックアップポリシー、クラスター管理者が決定した任意のポリシーにマッピングできます。 各StorageClassには
provisioner
、parameters
、reclaimPolicy
フィールドが含まれています。これらは、対象のStorageClassのPersistentVolumeクラスター内のストレージの一部を表すAPIオブジェクトです。通常利用可能で、個々のPodのライフサイクルの先にあるプラグイン形式のリソースです。 を動的プロビジョニングする必要がある場合に使用されます。ユーザーはStorageClassオブジェクトの名前を使用して特定のStorageClassを要求できます。 - sysctlLINK
[+]sysctl
is a semi-standardized interface for reading or changing the attributes of the running Unix kernel.On Unix-like systems,
sysctl
is both the name of the tool that administrators use to view and modify these settings, and also the system call that the tool uses.ContainerA lightweight and portable executable image that contains software and all of its dependencies. runtimes and network plugins may rely on
sysctl
values being set a certain way. - TaintLINK
A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of PodsThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. on nodesA node is a worker machine in Kubernetes. or node groups.
[+]Taints and tolerationsA core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have a matching taint. work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.
- TolerationLINK
A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. .
[+]Tolerations and taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. work together to ensure that pods are not scheduled onto inappropriate nodes. One or more tolerations are applied to a podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. . A toleration indicates that the podThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. is allowed (but not required) to be scheduled on nodes or node groups with matching taintsA core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. .
- Upstream (disambiguation)LINK
May refer to: core Kubernetes or the source repo from which a repo was forked.
[+]- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
- Volume PluginLINK
A Volume Plugin enables integration of storage within a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. .
[+]A Volume Plugin lets you attach and mount storage volumes for use by a PodThe smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. . Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
- WG (working group)LINK
Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIGCommunity members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project. , or cross-SIG effort.
[+]Working groups are a way of organizing people to accomplish a discrete task, and are relatively easy to create and deprecate when inactive.
For more information, see the kubernetes/community repo and the current list of SIGs and working groups.
- WorkloadLINK
A workload is an application running on Kubernetes.
[+]Various core objects that represent different types or parts of a workload include the DaemonSet, Deployment, Job, ReplicaSet, and StatefulSet objects.
For example, a workload that has a web server and a database might run the database in one StatefulSetManages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. and the web server in a DeploymentAn API object that manages a replicated application. .
- コンテナストレージインターフェイス(CSI)LINK
コンテナストレージインターフェイス(CSI)はストレージシステムをコンテナに公開するための標準インターフェイスを定義します。
[+]CSIはベンダーがKubernetesリポジトリにコードを追加することなく(Kubernetesリポジトリツリー外のプラグインとして)独自のストレージプラグインを作成することを可能にします。CSIドライバをストレージプロバイダから利用するには、はじめにクラスタにCSIプラグインをデプロイする必要があります。その後のCSIドライバーを使用するためのStorageClassStorageClassは管理者が利用可能なさまざまなストレージタイプを記述する方法を提供します。 を作成することができます。
- コンテナランタイムLINK
コンテナランタイムは、コンテナの実行を担当するソフトウェアです。
[+]Kubernetesは次の複数のコンテナランタイムをサポートします。 Docker, containerd, cri-o, rktlet および全ての Kubernetes CRI (Container Runtime Interface) 実装。
- コントリビューターLINK
Kubernetesプロジェクトやコミュニティのために、コード、ドキュメント、その他に自身の時間を使って貢献している人々
[+]貢献はPull Request(PRs)、Issue、フィードバック、special interest groups (SIG)大規模なKubernetesオープンソースプロジェクトにおいて、開発中の部分または側面を集合的に管理するコミュニティのメンバー への参加、またはコミュニティイベントの開催が含まれます。
- セレクターLINK
ユーザーはラベルに基づいてリソースのリストをフィルタリングできます。
[+]セレクターは、リソースのリストを照会してラベルTags objects with identifying attributes that are meaningful and relevant to users. でフィルターするときに適用されます。
- ノードLINK
ノードはKubernetesのワーカーマシンです。
[+]ワーカーノードは、クラスターに応じてVMまたは物理マシンの場合があります。Pod一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 の実行に必要なローカルデーモンまたはサービスがあり、コントロールプレーンによって管理されます。ノード上のデーモンには、kubeletクラスター内の各ノードで実行されるエージェントです。各コンテナがPodで実行されていることを保証します。 、kube-proxykube-proxyはクラスター内の各Nodeで動作しているネットワークプロキシです。 、およびDockerDocker is a software technology providing operating-system-level virtualization also known as containers. などのCRIAn API for container runtimes to integrate with kubelet を実装するコンテナランタイムが含まれます。
- プラットフォーム開発者LINK
自身のプロジェクトの要件に合わせ、Kubernetesプラットフォームをカスタマイズする人
[+]プラットフォーム開発者は、特に自身のアプリケーションのために、例えばカスタムリソースや集約レイヤーを使ったKubernetes APIの拡張を用いて、Kubernetesに機能を追加ことがあるかもしれません。一部のプラットフォーム開発者はまたコントリビューターKubernetesプロジェクトやコミュニティのために、コード、ドキュメント、またはその他の作業に自身の時間を使って貢献している人々 として、エクステンションを開発しKubernetesのコミュニティに貢献しています。他の方々は、クローズドソースな商用もしくは、サイト固有なエクステンションを開発しています。
- ボリュームLINK
ポッド一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 内のコンテナからアクセス可能なデータを含むディレクトリ。
[+]Kubernetesボリュームはボリュームを含むポッド一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 が存在する限り有効です。そのためボリュームはポッド一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 内で実行されるすべてのコンテナ軽量でポータブルなソフトウェアとそのすべての依存関係が含まれている実行可能なイメージ よりも長持ちし、コンテナ軽量でポータブルなソフトウェアとそのすべての依存関係が含まれている実行可能なイメージ の再起動後もデータは保持されます。
- メンバーLINK
K8sコミュニティの継続的かつアクティブなコントリビューターKubernetesプロジェクトやコミュニティのために、コード、ドキュメント、またはその他の作業に自身の時間を使って貢献している人々
[+]メンバーはイシューとPRをアサインすることができ、GitHub teamを通じてspecial interest groups (SIGs)大規模なKubernetesオープンソースプロジェクトにおいて、開発中の部分または側面を集合的に管理するコミュニティのメンバー に参加することが可能です。メンバーのPRではPre-submitテストが自動で走ります。メンバーは、アクティブなコントリビューターとしてコミュニティに居続けることを期待されています。
- 永続ボリュームLINK
クラスター内のストレージの一部を表すAPIオブジェクトです。通常利用可能で、個々のPod一番小さく一番シンプルな Kubernetes のオブジェクト。Pod とはクラスターで動作しているいくつかのコンテナのまとまりです。 のライフサイクルの先にあるプラグイン形式のリソースです。
[+]PersistentVolume(PV)はストレージの利用方法からストレージの提供方法の詳細を抽象化するAPIを提供します。 PVはストレージを事前に作成できるシナリオで直接使用されます(静的プロビジョニング)。 オンデマンドストレージ(動的プロビジョニング)を必要とするシナリオでは、代わりにPersistentVolumeClaims(PVC)が使用されます。
フィードバック
このページは役に立ちましたか?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to 問題を報告する or 改善を提案.