Glosario de términos
Este glosario tiene la intención de ser una lista completa y estandarizada de la terminología de Kubernetes. Incluye términos técnicos que son específicos de k8s, así como términos más generales que proporcionan un contexto.
Filtrar terminos por categoría:
Haz click en el símbolo [+] para obtener información detallada sobre el término.
-
Add-onsLINK
Resources that extend the functionality of Kubernetes.
[+]Installing addons explains more about using add-ons with your cluster, and lists some popular add-ons.
-
Admission ControllerLINK
A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.
[+]Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.
-
AffinityLINK
In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.
[+] -
Aggregation LayerLINK
The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
[+]When you've configured the Kubernetes API Server to support additional APIs, you can add
APIService
objects to "claim" a URL path in the Kubernetes API. -
AnnotationLINK
Una pareja clave-valor utilizada para añadir metadatos a los objetos.
[+]La información adicional proporcionada por las anotaciones puede ser grande o pequeña, estructurada como JSON o texto plano, y además permite caracteres que no están soportados por las Labels. Esta información puede ser útil para librerías o clientes que puedan necesitar información adicional.
-
API GroupLINK
A set of related paths in Kubernetes API.
[+]You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the
apiVersion
field of a serialized object.- Read API Group for more information.
-
API ServerLINKAlso known as:Servidor de la API, kube-apiserver
El servidor de la API es el componente del plano de control de Kubernetes que expone la API de Kubernetes. Se trata del frontend de Kubernetes, recibe las peticiones y actualiza acordemente el estado en etcd.
[+]La principal implementación de un servidor de la API de Kubernetes es kube-apiserver. Es una implementación preparada para ejecutarse en alta disponiblidad y que puede escalar horizontalmente para balancear la carga entre varias instancias.
-
API-initiated evictionLINK
API-initiated eviction is the process by which you use the Eviction API to create an
[+]Eviction
object that triggers graceful pod termination.You can request eviction either by directly calling the Eviction API using a client of the kube-apiserver, like the
kubectl drain
command. When anEviction
object is created, the API server terminates the Pod.API-initiated evictions respect your configured
PodDisruptionBudgets
andterminationGracePeriodSeconds
.API-initiated eviction is not the same as node-pressure eviction.
- See API-initiated eviction for more information.
-
App ContainerLINK
Application containers (or app containers) are the containers in a pod that are started after any init containers have completed.
[+]An init container lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started. If a pod doesn't have any init containers configured, all the containers in that pod are app containers.
-
ApproverLINK
A person who can review and approve Kubernetes code contributions.
[+]While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
-
Arquitecto/a de aplicacionesLINK
Una de las personas responsables del diseño a alto nivel de una aplicación.
[+]Un/a arquitecto/a garantiza que la implementación de una aplicación le permita interactuar con otros componentes de su entorno de forma escalable y mantenible. Estos componentes pueden ser bases de datos, infraestructura de logs u otros microservicios.
-
cAdvisorLINK
cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.
[+]It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.
-
CertificateLINK
Un fichero criptográficamente seguro usado para validar el acceso al clúster de Kubernetes.
[+]Los Certificates (certificados en español) permiten que las aplicaciones dentro del clúster accedan a la API de Kubernetes de forma segura. Los certificados sirven para validar que un cliente tiene permiso para acceder a la API.
-
CLA (Contributor License Agreement)LINK
Términos bajo los cuales un contribuidor da la licencia a un proyecto de código abierto a sus contribuciones.
[+]Las CLAs ayudan a resolver los conflictos legales que implican material con propiedad intelectual (IP).
-
Cloud Controller ManagerLINK
A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster.
[+]By decoupling the interoperability logic between Kubernetes and the underlying cloud infrastructure, the cloud-controller-manager component enables cloud providers to release features at a different pace compared to the main Kubernetes project.
-
Cloud Native Computing Foundation (CNCF)LINK
The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.
Kubernetes is a CNCF project.
[+]The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.
-
Cloud ProviderLINKAlso known as:Cloud Service Provider
A business or other organization that offers a cloud computing platform.
[+]Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.
Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.
You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodes and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.
-
Cluster OperationsLINK
The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.
[+]Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.
-
Cluster OperatorLINK
A person who configures, controls, and monitors clusters.
[+]Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.
Note: Cluster operators are different from the Operator pattern that extends the Kubernetes API. -
Code ContributorLINK
A person who develops and contributes code to the Kubernetes open source codebase.
[+]They are also an active community member who participates in one or more Special Interest Groups (SIGs).
-
ConfigmapLINK
Un objeto de la API utilizado para almacenar datos no confidenciales en el formato clave-valor. Los Pods pueden utilizar los ConfigMaps como variables de entorno, argumentos de la linea de comandos o como ficheros de configuración en un Volumen.
Un ConfigMap te permite desacoplar la configuración de un entorno específico de una imagen de contenedor, así las aplicaciones son fácilmente portables.
[+] -
Container Environment VariablesLINK
Container environment variables are name=value pairs that provide useful information into containers running in a pod
[+]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
-
Container Lifecycle HooksLINK
The lifecycle hooks expose events in the Container management lifecycle and let the user run code when the events occur.
[+]Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.
-
Container network interface (CNI)LINK
Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
[+]- For information on Kubernetes and CNI, see Network Plugins.
-
Container RuntimeLINK
El Container Runtime es el software responsable de ejecutar contenedores.
[+]Kubernetes soporta varios Container Runtimes: Docker, containerd, cri-o, rktlet y cualquier implementación de Kubernetes CRI (Container Runtime Interface).
-
Container Runtime InterfaceLINK
The main protocol for the communication between the kubelet and Container Runtime.
[+]The Kubernetes Container Runtime Interface (CRI) defines the main gRPC protocol for the communication between the cluster components kubelet and container runtime.
-
Container Storage Interface (CSI)LINK
The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.
[+]CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.
-
ContenedorLINK
Una imagen ligera y portátil que contiene un software y todas sus dependencias.
[+]Los contenedores desacoplan la aplicaciones de la infraestructura subyacente del servidor donde se ejecutan para facilitar el despliegue en diferentes proveedores de nube o entornos de SO, y para un escalado más eficiente.
-
ContributorLINK
Someone who donates code, documentation, or their time to help the Kubernetes project or community.
[+]Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG) participation, or organizing community events.
-
Control PlaneLINK
The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers.
[+]This layer is composed by many different components, such as (but not restricted to):
These components can be run as traditional operating system services (daemons) or as containers. The hosts running these components were historically called masters.
-
ControladorLINK
En Kubernetes, los controladores son bucles de control que observan el estado del clúster, y ejecutan o solicitan los cambios que sean necesarios para llevar el estado actual del clúster más cerca del estado deseado.
[+]Los controladores observan el estado compartido del clúster a través del API Server (parte del plano de control).
Algunos controladores también se ejecutan dentro del mismo plano de control, proporcionado los bucles de control necesarios para las operaciones principales de Kubernetes. Por ejemplo, el controlador de Deployments, el controlador de DaemonSets, el controlador de Namespaces y el controlador de volúmenes persistentes, entre otros, se ejecutan dentro del kube-controller-manager.
-
CRI-OLINK
A tool that lets you use OCI container runtimes with Kubernetes CRI.
[+]CRI-O is an implementation of the Container runtime interface (CRI) to enable using container runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.
Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods, and to fetch OCI container images from remote registries.
-
Desarrollador/a de aplicacionesLINK
Una persona que escribe una aplicación que se ejecutará en un clúster de Kubernetes.
[+]Un/a desarrollador/a de aplicaciones escribe, depura y mantiene el código fuente de la aplicación. La aplicación puede ser el resultado del trabajo de una sola persona o de un equipo.
-
Developer (disambiguation)LINK
May refer to: Application Developer, Code Contributor, or Platform Developer.
[+]This overloaded term may have different meanings depending on the context
-
Device PluginLINK
Device plugins run on worker Nodes and provide Pods with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.
[+]Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.
See Device Plugins for more information.
-
DisruptionLINK
Disruptions are events that lead to one or more Pods going out of service. A disruption has consequences for workload resources, such as Deployment, that rely on the affected Pods.
[+]If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.
See Disruptions for more information.
-
DockerLINK
Docker (especialmente, Docker Engine) es una tecnología de software que proporciona virtualización a nivel de sistema operativo, también conocida como contenedores.
[+]Docker utiliza características de aislamiento del Kernel de Linux como cgroups y namespaces, además de sistemas de archivos con capacidad de unión como OverlayFS para permitir que contenedores independientes se ejecuten dentro de una misma instancia de Linux, evitando el coste de iniciar y mantener máquinas virtuales (VM).
-
DockershimLINK
The dockershim is a component of Kubernetes version 1.23 and earlier. It allows the kubelet to communicate with Docker Engine.
[+]Starting with version 1.24, dockershim has been removed from Kubernetes. For more information, see Dockershim FAQ.
-
Downstream (disambiguation)LINK
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
[+]- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
-
Downward APILINK
Kubernetes' mechanism to expose Pod and container field values to code running in a container.
[+]It is sometimes useful for a container to have information about itself, without needing to make changes to the container code that directly couple it to Kubernetes.
The Kubernetes downward API allows containers to consume information about themselves or their context in a Kubernetes cluster. Applications in containers can have access to that information, without the application needing to act as a client of the Kubernetes API.
There are two ways to expose Pod and container fields to a running container:
- using environment variables
- using a
downwardAPI
volume
Together, these two ways of exposing Pod and container fields are called the downward API.
-
Dynamic Volume ProvisioningLINK
Allows users to request automatic creation of storage Volumes.
[+]Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.
-
EndpointsLINK
Endpoints track the IP addresses of Pods with matching selectors.
[+]Endpoints can be configured manually for Services without selectors specified. The EndpointSlice resource provides a scalable and extensible alternative to Endpoints.
-
EndpointSliceLINK
A way to group network endpoints together with Kubernetes resources.
[+]A scalable and extensible way to group network endpoints together. These can be used by kube-proxy to establish network routes on each node.
-
Ephemeral ContainerLINK
A Container type that you can temporarily run inside a Pod.
[+]If you want to investigate a Pod that's running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.
Ephemeral containers are not supported by static pods.
-
etcdLINK
Almacén de datos persistente, consistente y distribuido de clave-valor utilizado para almacenar toda a la información del clúster de Kubernetes.
[+]Si tu clúster utiliza etcd como sistema de almacenamiento, échale un vistazo a la documentación sobre estrategias de backup.
Puedes encontrar información detallada sobre etcd en su documentación oficial.
-
EventLINK
Each Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system.
[+]Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given reason reflecting a consistent underlying trigger, or the continued existence of events with that reason.
Events should be treated as informative, best-effort, supplemental data.
In Kubernetes, auditing generates a different kind of Event record (API group
audit.k8s.io
). -
ExtensionsLINK
Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.
[+]Many cluster administrators use a hosted or distribution instance of Kubernetes. These clusters come with extensions pre-installed. As a result, most Kubernetes users will not need to install extensions and even fewer users will need to author new ones.
-
FinalizerLINK
Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion. Finalizers alert controllers to clean up resources the deleted object owned.
[+]When you tell Kubernetes to delete an object that has finalizers specified for it, the Kubernetes API marks the object for deletion by populating
.metadata.deletionTimestamp
, and returns a202
status code (HTTP "Accepted"). The target object remains in a terminating state while the control plane, or other components, take the actions defined by the finalizers. After these actions are complete, the controller removes the relevant finalizers from the target object. When themetadata.finalizers
field is empty, Kubernetes considers the deletion complete and deletes the object.You can use finalizers to control garbage collection of resources. For example, you can define a finalizer to clean up related resources or infrastructure before the controller deletes the target resource.
-
FlexVolumeLINK
FlexVolume is a deprecated interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface that addresses several problems with FlexVolume.
[+]FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with FlexVolumes.
-
Garbage CollectionLINK
Garbage collection is a collective term for the various mechanisms Kubernetes uses to clean up cluster resources.
[+]Kubernetes uses garbage collection to clean up resources like unused containers and images, failed Pods, objects owned by the targeted resource, completed Jobs, and resources that have expired or failed.
-
Helm ChartLINK
A package of pre-configured Kubernetes resources that can be managed with the Helm tool.
[+]Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
-
Horizontal Pod AutoscalerLINKAlso known as:HPA
An API resource that automatically scales the number of Pod replicas based on targeted CPU utilization or custom metric targets.
[+]HPA is typically used with ReplicationControllers, Deployments, or ReplicaSets. It cannot be applied to objects that cannot be scaled, for example DaemonSets.
-
HostAliasesLINK
A HostAliases is a mapping between the IP address and hostname to be injected into a Pod's hosts file.
[+]HostAliases is an optional list of hostnames and IP addresses that will be injected into the Pod's hosts file if specified. This is only valid for non-hostNetwork Pods.
-
ImageLINK
Instantánea de un contenedor que contiene un conjunto de librerías necesarias para ejecutar la aplicación.
[+]Mecanismo para empaquetar software que permite almacenarlo en un registro de contenedores, descargarlo al entorno local y ejecutarlo como una aplicación. Los metadatos se incluyen en la imagen y proporcionan información diversa como el ejecutable por defecto o quién la ha construido.
-
Init ContainerLINK
One or more initialization containers that must run to completion before any app containers run.
[+]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
-
IstioLINK
An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.
[+]Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio's control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.
-
KopsLINK
Herramienta de línea de comandos que facilita la creación, destrucción, actualización y mantenimiento de clústeres de Kubernetes en alta disponibilidad para entornos de producción. NOTA: Oficialmente solo soporta AWS, aunque también ofrece soporte para GCE en beta y WMware vSphere en versión alpha.
[+]kops
provisiona el clúster con:- Instalación totalmente automatizada
- Identificación de clúster basada en DNS
- Autoreparación ya que todo se ejecuta en grupos de instancias gestionados
- Soporte de Sistema Operativo limitado (Debian como opción recomendada, aunque soporta versiones de Ubuntu posteriores a la 16.04 y también ofrece soporte experimental para CentOS y RHEL)
- Soporte de Alta disponibilidad (HA)
- Habilidad para provisionar directamente la plataforma o generar los manifests de Terraform equivalentes como salida
También puedes construir tu propio clúster utilizando directamente Kubeadm, que es la herramienta en la que se basa
kops
. -
kube-controller-managerLINK
Componente del plano de control que ejecuta los controladores de Kubernetes.
[+]Lógicamente cada controlador es un proceso independiente, pero para reducir la complejidad, todos se compilan en un único binario y se ejecuta en un mismo proceso.
-
kube-proxyLINK
kube-proxy es un componente de red que se ejecuta en cada uno de los nodos del clúster, implementando parte del concepto de Kubernetes Service.
[+]kube-proxy mantiene las reglas de red en los nodos, permitiendo la comunicación entre sus Pods desde las sesiones de red dentro o fuera del clúster.
kube-proxy usa la capa de filtrado de paquetes del sistema operativo si la hay y está disponible; de lo contrario, kube-proxy reenvía el tráfico por sí mismo.
-
KubectlLINK
Herramienta de línea de comandos para comunicarse con un servidor ejecutando la API de Kubernetes.
[+]Puedes usar kubectl para crear, inspeccionar, actualizar y borrar objetos de Kubernetes.
-
KubeletLINK
Agente que se ejecuta en cada nodo de un clúster. Se asegura de que los contenedores estén corriendo en un pod.
[+]El agente kubelet toma un conjunto de especificaciones de Pod, llamados PodSpecs, que han sido creados por Kubernetes y garantiza que los contenedores descritos en ellos estén funcionando y en buen estado.
-
Kubernetes APILINK
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[+]Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like
kubectl
. The core Kubernetes API is flexible and can also be extended to support custom resources. -
LabelLINK
Metadatos en forma de clave-valor que permite añadir a los objetos atributos que sean relevantes para los usuarios para identificarlos.
[+]Las etiquetas son pares clave-valor que se adhieren a los diferentes objetos, como los Pods, y que se utilizan para identificar, organizar y seleccionar subconjuntos de objetos.
-
LimitRangeLINK
Proporciona restricciones para limitar el consumo de recursos por Contenedores o Pods en un espacio de nombres (Namespace)
[+]LimitRange limita la cantidad de objetos que se pueden crear por tipo, así como la cantidad de recursos informáticos que pueden ser requeridos/consumidos por Pods o Contenedores individuales en un Namespace.
-
MasterLINK
Legacy term, used as synonym for nodes hosting the control plane.
[+]The term is still being used by some provisioning tools, such as kubeadm, and managed services, to label nodes with
kubernetes.io/role
and control placement of control plane pods. -
MemberLINK
A continuously active contributor in the K8s community.
[+]Members can have issues and PRs assigned to them and participate in special interest groups (SIGs) through GitHub teams. Pre-submit tests are automatically run for members' PRs. A member is expected to remain an active contributor to the community.
-
Mirror PodLINK
A pod object that a kubelet uses to represent a static pod
[+]When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.
(For example, removing a mirror pod will not stop the kubelet daemon from running it).
-
NamespaceLINKAlso known as:Espacio de nombres
Abstracción utilizada por Kubernetes para soportar múltiples clústeres virtuales en el mismo clúster físico.
[+]Los Namespaces, espacios de nombres, se utilizan para organizar objetos del clúster proporcionando un mecanismo para dividir los recusos del clúster. Los nombres de los objetos tienen que ser únicos dentro del mismo namespace, pero se pueden repetir en otros namespaces del mismo clúster.
-
Network PolicyLINK
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
[+]Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on.
NetworkPolicy
resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect. -
NodeLINK
Un Node, nodo en castellano, es una de las máquinas del clúster de Kubernetes.
[+]Una máquina del clúster puede ser tanto una máquina virtual como una máquina física, dependiendo del clúster. Tiene los servicios necesarios para ejecutar Pods y es manejado por los componentes maestros. Los servicios de Kubernetes en un nodo incluyen la container runtime interface, kubelet y kube-proxy.
-
Node-pressure evictionLINKAlso known as:kubelet eviction
Node-pressure eviction is the process by which the kubelet proactively terminates pods to reclaim resources on nodes.
[+]The kubelet monitors resources like CPU, memory, disk space, and filesystem inodes on your cluster's nodes. When one or more of these resources reach specific consumption levels, the kubelet can proactively fail one or more pods on the node to reclaim resources and prevent starvation.
Node-pressure eviction is not the same as API-initiated eviction.
-
NombreLINK
Una cadena de caracteres proporcionada por el cliente que identifica un objeto en la URL de un recurso, como por ejemplo,
[+]/api/v1/pods/nombre-del-objeto
.Los nombres de los objetos son únicos para cada tipo de objeto. Sin embargo, si se elimina el objeto, se puede crear un nuevo objeto con el mismo nombre.
-
ObjectLINK
An entity in the Kubernetes system. The Kubernetes API uses these entities to represent the state of your cluster.
[+]A Kubernetes object is typically a “record of intent”—once you create the object, the Kubernetes control plane works constantly to ensure that the item it represents actually exists. By creating an object, you're effectively telling the Kubernetes system what you want that part of your cluster's workload to look like; this is your cluster's desired state.
-
Operator patternLINK
The operator pattern is a system design that links a Controller to one or more custom resources.
[+]You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.
If a running application acts as a controller and has API access to carry out tasks against a custom resource that's defined in the control plane, that's an example of the Operator pattern.
-
Persistent VolumeLINK
An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.
[+]PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.
-
Persistent Volume ClaimLINK
Reserva el recurso de almacenamiento definido en un PersistentVolume para poderlo montar como un volúmen en un contenedor.
[+]Especifica la cantidad de almacenamiento, cómo acceder a él (sólo lectura, lectura y escritura y/o exclusivo) y qué hacer una vez eliminemos el PersistentVolumeClaim (mantener, reciclar o eliminar). Los detalles sobre almacenamiento están disponibles en la especificación de PersistentVolume.
-
Platform DeveloperLINK
A person who customizes the Kubernetes platform to fit the needs of their project.
[+]A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributors and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.
-
PodLINK
El objeto más pequeño y simple de Kubernetes. Un Pod es la unidad mínima de computación en Kubernetes y representa uno o más contenedores ejecutándose en el clúster.
[+]Normalmente un Pod se configura para ejecutar un solo contenedor primario, pero también puede ejecutar contenedores adicionales para implementar diferentes patrones como sidecar o ambassador. Estos contenedores pueden ser parte de la aplicación o simplemente añadir funcionalidades adicionales como gestión de logs o actuar de proxy. Los Pods son comúnmente gestionados por un Deployment.
-
Pod DisruptionLINK
Pod disruption is the process by which Pods on Nodes are terminated either voluntarily or involuntarily.
[+]Voluntary disruptions are started intentionally by application owners or cluster administrators. Involuntary disruptions are unintentional and can be triggered by unavoidable issues like Nodes running out of resources, or by accidental deletions.
-
Pod Disruption BudgetLINKAlso known as:PDB
A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time.
[+]Involuntary disruptions cannot be prevented by PDBs; however they do count against the budget.
-
Pod LifecycleLINK
The sequence of states through which a Pod passes during its lifetime.
[+]The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown. A high-level description of the Pod state is summarized in the PodStatus
phase
field. -
Pod Security PolicyLINK
Enables fine-grained authorization of Pod creation and updates.
[+]A cluster-level resource that controls security sensitive aspects of the Pod specification. The
PodSecurityPolicy
objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.PodSecurityPolicy was deprecated as of Kubernetes v1.21, and removed in v1.25. As an alternative, use Pod Security Admission or a 3rd party admission plugin.
-
ProxyLINK
In computing, a proxy is a server that acts as an intermediary for a remote service.
[+]A client interacts with the proxy; the proxy copies the client's data to the actual server; the actual server replies to the proxy; the proxy sends the actual server's reply to the client.
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.
-
QoS ClassLINK
QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.
[+]QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod:
Guaranteed
,Burstable
orBestEffort
. -
QuantityLINK
A whole-number representation of small or large numbers using SI suffixes.
[+]Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.
For instance, the number
1.5
is represented as1500m
, while the number1000
can be represented as1k
, and1000000
as1M
. You can also specify binary-notation suffixes; the number 2048 can be written as2Ki
.The accepted decimal (power-of-10) units are
m
(milli),k
(kilo, intentionally lowercase),M
(mega),G
(giga),T
(tera),P
(peta),E
(exa).The accepted binary (power-of-2) units are
Ki
(kibi),Mi
(mebi),Gi
(gibi),Ti
(tebi),Pi
(pebi),Ei
(exbi). -
RBAC (Role-Based Access Control)LINK
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
[+]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
-
ReplicaSetLINK
El ReplicaSet es la nueva generación del ReplicationController.
[+]Un ReplicaSet, análogamente a un ReplicationController, garantiza que un número establecido de réplicas de un pod estén corriendo en un momento dado. El ReplicaSet tiene soporte para selectores del tipo set-based, lo que permite el filtrado de claves por grupos de valores como por ejemplo todos los pods cuya etiqueta
environment
no seaproduction
niqa
. Por otro lado, el ReplicationController solo soporta selectores equality-based, es decir, que solo puedes filtrar por valores exactos como por ejemplo, los pods que tengan la etiquetatier
con valorfrontend
. -
ReplicationControllerLINK
A workload resource that manages a replicated application, ensuring that a specific number of instances of a Pod are running.
[+]The control plane ensures that the defined number of Pods are running, even if some Pods fail, if you delete Pods manually, or if too many are started by mistake.
Note: ReplicationController is deprecated. See Deployment, which is similar. -
rktLINK
Un motor de contenedores basado en el estándar y centrado en la seguridad.
[+].
rkt es un motor de contenedores cuya unidad mínima de computación es el pod, que representa una colección de contenedores igual que el Pod de la API de Kubernetes. rkt permite a los usuarios aplicar diferentes configuraciones a nivel de Pod y aplicación. Cada Pod se ejecuta directamente en el modelo clásico de Unix, en un entorno independiente y aislado.
-
SecretLINK
Un Secret, secreto en castellano, almacena información sensible, como contraseñas, tokens OAuth o claves ssh.
[+]Ofrece un mayor control sobre cómo usar información sensible y reduce el riesgo de exposición accidental, incluyendo encriptado en reposo. Un Pod referencia el secreto como un simple fichero en un volumen montado o como variables de entorno accesibles en los Containers. Los secretos son ideales para datos confidenciales y los ConfigMaps para datos no confidenciales.
-
Security ContextLINK
The
[+]securityContext
field defines privilege and access control settings for a Pod or container.In a
securityContext
, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).The
PodSpec.securityContext
setting applies to all containers in a Pod. -
Service CatalogLINK
A former extension API that enabled applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.
[+]It provided a way to list, provision, and bind with external Managed Services without needing detailed knowledge about how those services would be created or managed.
-
ServiceAccountLINK
Provides an identity for processes that run in a Pod.
[+]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example,
default
. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same Namespace. -
Shuffle-shardingLINK
A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.
[+]We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use. The hash function uses as input characteristics of the request that align with flows. For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.
That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue. Providing good insulation for a large number of flows requires a large number of queues, which is problematic. Shuffle-sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows. The terminology of shuffle-sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card. The shuffle-sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.
-
SIG (special interest group)LINK
Grupo de miembros de la comunidad que colectivamente gestionan una pieza o parte del proyecto Kubernetes.
[+]Los miembros dentro de un SIG tienen un interés compartido en avanzar en una área específica, como puede ser la arquitectura, la maquinaria detrás de las APIs, la usabilidad o la documentación. Los SIGs deben cumplir las guías de SIG pautas de gobernanza, pero pueden tener sus propias normas de contribución y canales de comunicación.
Para más información, consulta el repositorio kubernetes/community y la lista de los SIGs y Grupos de Trabajo (WGs).
-
StatefulSetLINK
Gestiona el despliegue y escalado de un conjunto de Pods, y garantiza el orden y unicidad de dichos Pods.
[+]Al igual que un Deployment, un StatefulSet gestiona Pods que se basan en una especificación idéntica de contenedor. A diferencia de un Deployment, un StatefulSet mantiene una identidad asociada a sus Pods. Estos pods se crean a partir de la misma especificación, pero no pueden intercambiarse; cada uno tiene su propio identificador persistente que mantiene a lo largo de cualquier re-programación.
Un StatefulSet opera bajo el mismo patrón que cualquier otro controlador. Se define el estado deseado en un objeto StatefulSet, y el controlador del StatefulSet efectúa las actualizaciones que sean necesarias para alcanzarlo a partir del estado actual.
-
Static PodLINK
A pod managed directly by the kubelet daemon on a specific node,
[+]without the API server observing it.
Static Pods do not support ephemeral containers.
-
Storage ClassLINK
A StorageClass provides a way for administrators to describe different available storage types.
[+]StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators. Each StorageClass contains the fields
provisioner
,parameters
, andreclaimPolicy
, which are used when a Persistent Volume belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object. -
sysctlLINK
[+]sysctl
es una interfaz común usada para consultar o modificar atributos del núcleo Unix durante su ejecución.En los sistemas Unix-like,
sysctl
es el comando que usan los administradores, para ver o modificar esos valores y también el nombre de la llamada al sistema que realiza esta función.La ejecución del Contenedor y de los complementos de red puede depender de los valores asignados via
sysctl
. -
TaintLINK
A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of Pods on nodes or node groups.
[+]Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.
-
Upstream (disambiguation)LINK
May refer to: core Kubernetes or the source repo from which a repo was forked.
[+]- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
-
user namespaceLINK
A kernel feature to emulate root. Used for "rootless containers".
[+]User namespaces are a Linux kernel feature that allows a non-root user to emulate superuser ("root") privileges, for example in order to run containers without being a superuser outside the container.
User namespace is effective for mitigating damage of potential container break-out attacks.
In the context of user namespaces, the namespace is a Linux kernel feature, and not a namespace in the Kubernetes sense of the term.
-
VolumeLINK
Un directorio que contiene datos y que es accesible desde los contenedores corriendo en un pod.
[+]Un volumen de Kubernetes vive mientras exista el pod que lo contiene, no depende de la vida del contenedor por eso se conservan los datos entre los reinicios de los contenedores.
-
Volume PluginLINK
A Volume Plugin enables integration of storage within a Pod.
[+]A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
-
WG (working group)LINK
Facilita la discusión y/o la implementación de un proyecto que sea efímero, corto o desacoplado para un comité, SIG, o un esfuerzo entre varios SIGs.
[+]Los grupos de trabajo son una forma de organizar personas para completar una tarea discreta.
Para más información, consulta el repositorio kubernetes/community y la lista de los SIGs y Grupos de Trabajo (WGs)..
-
WorkloadLINK
Un Workload es una aplicación que se ejecuta en Kubernetes.
[+]Varios objetos clave que representan diferentes tipos o partes de un Workload incluyen los objetos: DaemonSet, Deployment, Job, ReplicaSet y StatefulSet.
Por ejemplo, un Workload que tiene un servidor web y una base de datos podría ejecutar la base de datos en un StatefulSet y el servidor web en un Deployment.
Comentarios
¿Esta página le ha sido de ayuda?
Muchas gracias por el feedback. Si tienes alguna pregunta específica sobre como usar Kubernetes, puedes preguntar en Stack Overflow. Abre un issue en el repositorio de GitHub si quieres reportar un problema o sugerir alguna mejora.