Glossary

This glossary is intended to be a comprehensive, standardized list of Kubernetes terminology. It includes technical terms that are specific to Kubernetes, as well as more general terms that provide useful context.

Filter terms according to their tags

The inner components of Kubernetes.
Related to Kubernetes open-source development.
A resource type that Kubernetes supports by default.
Supported customizations of Kubernetes.
Relevant for a first-time user of Kubernetes.
How Kubernetes components talk to each other (and to programs outside the cluster).
Starting and maintaining Kubernetes.
Keeping Kubernetes applications safe and secure.
How Kubernetes applications handle persistent data.
Software that makes Kubernetes easier or better to use.
Represents a common type of Kubernetes user.
Applications running on Kubernetes.
Architecture Community Core Object Extension Fundamental Networking Operation Security Storage Tool User Type Workload Select all Deselect all

Click on the [+] indicators below to get a longer explanation for any particular term.

  • Add-ons

    Resources that extend the functionality of Kubernetes.

    [+]

    Installing addons explains more about using add-ons with your cluster, and lists some popular add-ons.

  • Admission Controller

    A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.

    [+]

    Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.

  • Affinity

    In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.

    [+]

    There are two kinds of affinity:

    The rules are defined using the Kubernetes labels, and selectors specified in pods, and they can be either required or preferred, depending on how strictly you want the scheduler to enforce them.

  • Aggregation Layer

    The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.

    [+]

    When you've configured the Kubernetes API Server to support additional APIs, you can add APIService objects to "claim" a URL path in the Kubernetes API.

  • Annotation

    A key-value pair that is used to attach arbitrary non-identifying metadata to objects.

    [+]

    The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. Clients such as tools and libraries can retrieve this metadata.

  • API Group

    A set of related paths in Kubernetes API.

    [+]

    You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. An API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the apiVersion field of a serialized object.

  • API resource
    Also known as: Resource

    An entity in the Kubernetes type system, corresponding to an endpoint on the Kubernetes API. A resource typically represents an object. Some resources represent an operation on other objects, such as a permission check.

    [+]

    Each resource represents an HTTP endpoint (URI) on the Kubernetes API server, defining the schema for the objects or operations on that resource.

  • API server
    Also known as: kube-apiserver

    The API server is a component of the Kubernetes control plane that exposes the Kubernetes API. The API server is the front end for the Kubernetes control plane.

    [+]

    The main implementation of a Kubernetes API server is kube-apiserver. kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances.

  • API-initiated eviction

    API-initiated eviction is the process by which you use the Eviction API to create an Eviction object that triggers graceful pod termination.

    [+]

    You can request eviction either by directly calling the Eviction API using a client of the kube-apiserver, like the kubectl drain command. When an Eviction object is created, the API server terminates the Pod.

    API-initiated evictions respect your configured PodDisruptionBudgets and terminationGracePeriodSeconds.

    API-initiated eviction is not the same as node-pressure eviction.

  • App Container

    Application containers (or app containers) are the containers in a pod that are started after any init containers have completed.

    [+]

    An init container lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started. If a pod doesn't have any init containers configured, all the containers in that pod are app containers.

  • Application Architect

    A person responsible for the high-level design of an application.

    [+]

    An architect ensures that an app's implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.

  • Application Developer

    A person who writes an application that runs in a Kubernetes cluster.

    [+]

    An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.

  • Applications
    The layer where various containerized applications run. [+]

    The layer where various containerized applications run.

  • Approver

    A person who can review and approve Kubernetes code contributions.

    [+]

    While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.

  • cAdvisor

    cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.

    [+]

    It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.

  • Certificate

    A cryptographically secure file used to validate access to the Kubernetes cluster.

    [+]

    Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.

  • cgroup (control group)

    A group of Linux processes with optional resource isolation, accounting and limits.

    [+]

    cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.

  • CIDR

    CIDR (Classless Inter-Domain Routing) is a notation for describing blocks of IP addresses and is used heavily in various networking configurations.

    [+]

    In the context of Kubernetes, each Node is assigned a range of IP addresses through the start address and a subnet mask using CIDR. This allows Nodes to assign each Pod a unique IP address. Although originally a concept for IPv4, CIDR has also been expanded to include IPv6.

  • CLA (Contributor License Agreement)

    Terms under which a contributor grants a license to an open source project for their contributions.

    [+]

    CLAs help resolve legal disputes involving contributed material and intellectual property (IP).

  • Cloud Controller Manager

    A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster.

    [+]

    By decoupling the interoperability logic between Kubernetes and the underlying cloud infrastructure, the cloud-controller-manager component enables cloud providers to release features at a different pace compared to the main Kubernetes project.

  • Cloud Native Computing Foundation (CNCF)

    The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.

    Kubernetes is a CNCF project.

    [+]

    The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.

  • Cloud Provider
    Also known as: Cloud Service Provider

    A business or other organization that offers a cloud computing platform.

    [+]

    Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.

    Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.

    You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodes and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.

  • Cluster

    A set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.

    [+]

    The worker node(s) host the Pods that are the components of the application workload. The control plane manages the worker nodes and the Pods in the cluster. In production environments, the control plane usually runs across multiple computers and a cluster usually runs multiple nodes, providing fault-tolerance and high availability.

  • Cluster Architect

    A person who designs infrastructure that involves one or more Kubernetes clusters.

    [+]

    Cluster architects are concerned with best practices for distributed systems, for example: high availability and security.

  • Cluster Infrastructure
    The infrastructure layer provides and maintains VMs, networking, security groups and others. [+]

    The infrastructure layer provides and maintains VMs, networking, security groups and others.

  • Cluster Operations

    The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.

    [+]

    Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.

  • Cluster Operator

    A person who configures, controls, and monitors clusters.

    [+]

    Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.

  • Code Contributor

    A person who develops and contributes code to the Kubernetes open source codebase.

    [+]

    They are also an active community member who participates in one or more Special Interest Groups (SIGs).

  • Common Expression Language
    Also known as: CEL

    A general-purpose expression language that's designed to be fast, portable, and safe to execute.

    [+]

    In Kubernetes, CEL can be used to run queries and perform fine-grained filtering. For example, you can use CEL expressions with dynamic admission control to filter for specific fields in requests, and with dynamic resource allocation (DRA) to select resources based on specific attributes.

  • ConfigMap

    An API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

    [+]

    A ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable.

  • Container

    A lightweight and portable executable image that contains software and all of its dependencies.

    [+]

    Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling. The applications that run inside containers are called containerized applications. The process of bundling these applications and their dependencies into a container image is called containerization.

  • Container Environment Variables

    Container environment variables are name=value pairs that provide useful information into containers running in a pod

    [+]

    Container environment variables provide information that is required by the running containerized applications along with information about important related details to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.

  • Container Lifecycle Hooks

    The lifecycle hooks expose events in the Container management lifecycle and let the user run code when the events occur.

    [+]

    Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.

  • Container network interface (CNI)

    Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.

    [+]
  • Container Runtime

    A fundamental component that empowers Kubernetes to run containers effectively. It is responsible for managing the execution and lifecycle of containers within the Kubernetes environment.

    [+]

    Kubernetes supports container runtimes such as containerd, CRI-O, and any other implementation of the Kubernetes CRI (Container Runtime Interface).

  • Container Runtime Interface (CRI)

    The main protocol for the communication between the kubelet and Container Runtime.

    [+]

    The Kubernetes Container Runtime Interface (CRI) defines the main gRPC protocol for the communication between the node components kubelet and container runtime.

  • Container Storage Interface (CSI)

    The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.

    [+]

    CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.

  • containerd

    A container runtime with an emphasis on simplicity, robustness and portability

    [+]

    containerd is a container runtime that runs as a daemon on Linux or Windows. containerd takes care of fetching and storing container images, executing containers, providing network access, and more.

  • Contributor

    Someone who donates code, documentation, or their time to help the Kubernetes project or community.

    [+]

    Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG) participation, or organizing community events.

  • Control Plane

    The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers.

    [+]

    This layer is composed by many different components, such as (but not restricted to):

    These components can be run as traditional operating system services (daemons) or as containers. The hosts running these components were historically called masters.

  • Controller

    In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.

    [+]

    Controllers watch the shared state of your cluster through the apiserver (part of the Control Plane).

    Some controllers also run inside the control plane, providing control loops that are core to Kubernetes' operations. For example: the deployment controller, the daemonset controller, the namespace controller, and the persistent volume controller (and others) all run within the kube-controller-manager.

  • CRI-O

    A tool that lets you use OCI container runtimes with Kubernetes CRI.

    [+]

    CRI-O is an implementation of the Container Runtime Interface (CRI) to enable using container runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.

    Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods, and to fetch OCI container images from remote registries.

  • CronJob

    Manages a Job that runs on a periodic schedule.

    [+]

    Similar to a line in a crontab file, a CronJob object specifies a schedule using the cron format.

  • CustomResourceDefinition

    A kind of API object that defines a new custom API to add to your Kubernetes API server, without building a complete custom server.

    [+]

    CustomResourceDefinitions let you extend the Kubernetes API for your environment if the built-in API resources can't meet your needs.

  • DaemonSet

    Ensures a copy of a Pod is running across a set of nodes in a cluster.

    [+]

    Used to deploy system daemons such as log collectors and monitoring agents that typically must run on every Node.

  • Data Plane
    The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network. [+]

    The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network.

  • Deployment

    An API object that manages a replicated application, typically by running Pods with no local state.

    [+]

    Each replica is represented by a Pod, and the Pods are distributed among the nodes of a cluster. For workloads that do require local state, consider using a StatefulSet.

  • Developer (disambiguation)

    May refer to: Application Developer, Code Contributor, or Platform Developer.

    [+]

    This overloaded term may have different meanings depending on the context

  • Device

    One or more infrastructure resources that are directly or indirectly attached to your nodes.

    [+]

    Devices might be commercial products like GPUs, or custom hardware like ASIC boards. Attached devices usually require device drivers that let Kubernetes Pods access the devices.

  • Device Plugin

    Device plugins run on worker Nodes and provide Pods with access to infrastructure resources, such as local hardware, that require vendor-specific initialization or setup steps.

    [+]

    Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.

    See Device Plugins for more information.

  • DeviceClass