kubernetes-glossary

addons
- ⤢
  At 8:35 DNS and UI are addons ^{^addons}
API Server
- AKA apiserver
- TODO - does this run in the cluster itself?
- a RESTful API - has swagger support
- "a number of processes that implement the Kubernetes API" - kubernetes-docs-high-availability
- installed using the kubelet - kubernetes-docs-high-availability
- ⤢
  Only the apiserver should communicate with etcd/store, and not other components (scheduler, kubelet, etc.). ^{^only-api-server-communicates-with-etcd}
- ⤢
  In contrast to Omega, which exposes the store directly to trusted control-plane components, state in Kubernetes is accessed exclusively through a domain-specific REST API that applies higher-level versioning, validation, semantics, and policy, in support of a more diverse array of clients. ^{^no-direct-access}
- ⤢
  the centralization makes it easy to enforce common semantics, invariants, and policies ^{^api-server-centralization-benefits}
annotation
- TODO
- from kubernetes-kubectl-commands "Update the annotations on a resource"
- for non-identifying information... information would not be used for object selection and therefore doesn't belong in labels
- ⤢
  annotations... "can be used to communicate application structure" ^{^annotations-communicate-application-structure}
- ⤢
  "annotations can be set by the container itself or other actors in the management system" ^{^annotation-set-by-various-things}
autoscale (verb)
- Things that can be autoscaled: deployment, replica set, or replication controller
backend
- TODO from kubernetes-docs-services
claim
- AKA Persistent Volume Claim
- AKA PVC
- ⤢
  A PersistentVolumeClaim (PVC) is a request for storage by a developer. It is similar to a pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific storage size and access modes such as read and read-write. ^{^persistent-volume-claim-definition}
cluster
- From kubernetes-docs-ingress "A group of nodes firewalled from the internet, that are the primary compute resources managed by Kubernetes."
- From kubernetes-code-readme "a set of physical or virtual machines and other infrastructure resources used by Kubernetes to run your applications. Kubernetes can run anywhere! See the Getting Started Guides for instructions for a variety of services."
cluster add-on
- TODO
cluster IP
- ⤢
  At 37:50 - The default option is exposing the service port as a cluster IP ^{^service-port-as-cluster-ip}
- ⤢
  At 48:50 - An intranet-only service is called a cluster ip ^{^cluster-ip-is-intranet-only-service}
cluster manager
- from kubernetes-kubectl-commands "kubectl controls the Kubernetes cluster manager"
cluster network
- from kubernetes-docs-ingress "A set of links, logical or physical, that facilitate communication within a cluster according to the Kubernetes networking model. Examples of a Cluster network include Overlays such as flannel or SDNs such as OVS."
component
- TODO - unclear
- in kubectl get cs (get component statuses) it gives statuses for etcd, the scheduler, and the controller manager
- ⤢
  ... still working on a few things, like making kubelet itself (all our components, really) run within containers ^{^making-run-on-containers}
- ⤢
  "The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with). All of these components run in pods started by kubelet." ^{^run-in-pods-started-by-kubelet}
config maps
- ⤢
  "provides mechanisms to inject containers with configuration data while keeping containers agnostic of Kubernetes" ^{^inject}
- ⤢
  can be used to store fine-grained information like individual properties or coarse-grained information like entire config files or JSON blobs ^{^fine-or-coarse}
- ⤢
  is similar to secrets, but designed to more conveniently support working with strings that do not contain sensitive information. ^{^similar-to-secrets-but-not-for-secrets}
- ⤢
  Both users and system components may store configuration data in ConfigMap ^{^users-and-system-components}
control plane
- ⤢
  The Kubernetes control plane is split into a set of components. Currently they all run on a single master node, but that is expected to change soon in order to support high-availability clusters. These components work together to provide a unified view of the cluster. ^{^control-plane}
- ⤢
  "The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with). All of these components run in pods started by kubelet." ^{^run-in-pods-started-by-kubelet}
controller manager
- A small binary that lives on the "master side of the house"
- Responsible for doing health maintenance.
- modifies cluster state, and can get a lease-lock from the API Server to ensure single actor modifying cluster state - kubernetes-docs-high-availability
CNI - Container Network Interface
- TODO
daemon set
- kubernetes-docs-deamon-set
dashboard
- TODO
- kubectl cluster-info gives kubernetes-dashboard is running at https://172.17.4.99:443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
declaritive primitives
- TODO - Same as the (maybe called templates or manifests) that declare this stuff?
- ⤢
  robust declarative primitives for maintaining the desired state requested by the user. We see these primitives as the main value added by Kubernetes. Self-healing mechanisms, such as auto-restarting, re-scheduling, and replicating containers require active controllers, not just imperative orchestration. ^{^declarative-primitives}
deployment
- includes a replication controller
- includes the setup for rollouts
definition
- ⤢
  At 52:42 - definition seems a bit like manifest ^{^definition}
data volume
- Independent of the lifespan of the containers
desired state
- The declarative statement about what you'd like the world to look like
edge router
- From kubernetes-docs-ingress "A router that enforces the firewall policy for your cluster. This could be a gateway managed by a cloudprovider or a physical piece of hardware."
endpoint
- TODO
- Can be internal or external
- Can also be non-Kubernetes
etcd
- AKA clustered etcd
- A fault-tolerant key/value datastore.
- Clustered etcd replicates your storage to all master instances in your cluster - kubernetes-docs-high-availability
- Also a lock manager (TODO used that way in Kubernetes? Was used that way for the CoreOS competitor to Kubernetes)
- can check status with kubectl get cs (component statuses)
expose (verb)
- Can take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service.
extensions resources
- things like DaemonSets, Deployments, HorizontalPodAutoscalers, Ingress, Jobs and ReplicaSets (are enabled by default)
features
- TODO - what is this?
- In kubernetes-kubectl-commands it says: "Set specific features on objects". Also, what are objects? Same as resources?
fluentd
- unified logger
- ⤢
  At 8:35 fluentd runs on the master node ^{^fluentd-runs-on-master}
frontend
- TODO from kubernetes-docs-services
Heapster
- Container Cluster Monitoring and Performance Analysis
- kubectl cluster-info gives "Heapster is running at https://172.17.4.99:443/api/v1/proxy/namespaces/kube-system/services/heapster"
Init containers
- ⤢
  For containers on a single pod, there are init-containers which run serially and in order prior to running the main container ^{^init-containers}
Interprocess communication (IPC) namespace
- TODO - is one way pod is isolated
IP addresses
- From kubernetes-docs-services - "Each pod gets an IP addresses, but it cannot be relied upon to be stable over time."
- From video-kubernetes-architecture - Each container in the pod shares the same IP address, and considers the other containers to be on localhost.
- ⤢
  At 24:30 - A Cluster IP is available only within the cluster. ^{^cluster-ip}
- ⤢
  we decided that Kubernetes would allocate an IP address per pod, thus aligning network identity (IP address) with application identity ^{^ip-address-per-pod}
job
- creates a pod for a specific purpose, then removes that pod when it's done
kubeadm
- Installs Kubernetes on bare metal
kubectl
- The command-line client that talks to the API server
- from kubernetes-kubectl-commands "kubectl controls the Kubernetes cluster manager"
KubeDNS
- DNS is a built-in service launched automatically using the addon manager cluster add-on
- Kubernetes DNS schedules a DNS Pod and Service on the cluster, and configures the kubelets to tell individual containers to use the DNS Service's IP to resolve DNS names.
- kubectl cluster-info gives "KubeDNS is running at https://172.17.4.99:443/api/v1/proxy/namespaces/kube-system/services/kube-dns"
kubelet
- A small daemon that lives on the "machines" themselves.
- ⤢
  node agents (kubelet) ^{^node-agent-is-kubelet}
- is used on each of the worker nodes, and can also be used on the master node, as described in kubernetes-docs-high-availability
- When the scheduler tells it that its desired state is to be running X containers, it has a reconciliation loop that attempts to get it to that state.
- installs the API Server
- ⤢
  At 10:00 the kubelet reports health to the master ^{^kubelet-reports-health-to-master}
- ⤢
  ... still working on a few things, like making kubelet itself (all our components, really) run within containers ^{^making-run-on-containers}
- ⤢
  "While the kubelet plays an important role in a Kubernetes cluster, it also works well in standalone mode — outside of a Kubernetes cluster." (TODO - why?) ^{^outside-kubernetes}
- ⤢
  My understanding is that the kubelet was added to CoreOS directly ^{^added-to-coreos}
  
  (is pre-installed in the base node OS (TODO what is their name for that?))
- ⤢
  "The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with). All of these components run in pods started by kubelet." ^{^run-in-pods-started-by-kubelet}
kube-proxy
- lives on each node
- core networking component of Kubernetes
- manages the ip tables on each node
- also exposes services
- related to, or possibly the same as service-proxy (TODO?)
- ⤢
  kube-proxy can do simple TCP and UDP stream forwarding (round robin) across a set of backends. ^{^kube-proxy}
- ⤢
  At 48:10 - if you access a service at the right port, but wrong node, kube proxy will bounce it to the right node ^{^kube-proxy-gets-request-to-right-node}
kube-system pods
- Based on kubectl cluster-info, the following reside at ...v1/proxy/namespaces/kube-system/...
  - heapster
  - KubeDNS
  - dashboard
label
- ⤢
  An explicitly documented name and identifier ^{^name-and-identifier}
- ⤢
  label (DNS_LABEL): An alphanumeric (a-z, and 0-9) string, with a maximum length of 63 characters, with the '-' character allowed anywhere except the first or last character, suitable for use as a hostname or segment in a domain name. ^{^label}
- Key/Value pairs that are useful for organizing your things
- form the basis of two API objects that will be talked about in talk-technical-overview-of-kubernetes after 12 minutes (TODO ensure this gets updated)
- From kubernetes-code-readme Labels are used to organize and select groups of objects based on key:value pairs.
- associate one kubernetes object with another
label key
- label keys have two segments: an optional prefix and name
- TODO - I don't understand what the optional prefix is for
label selector
- the core grouping primitive in Kubernetes.
- two types of selectors: equality-based and set-based (TODO, what is the difference?)
- ⤢
  Label selectors are the grouping mechanism in Kubernetes, and define the scope of all management operations that can span multiple entities. ^{^label-selectors}
lease-lock
- provided by the API Server to ensure single actor modifying cluster state (like controller manager or scheduler)
load balancer
- want one between each layer of your application
- TODO - special names for these load balancers?
manifest
- The file that's passed to kubectl create that creates one or many resources, for example.
- ⤢
  At 52:42 - definition seems a bit like manifest ^{^definition}
maps
- ⤢
  "Labels selectors for both objects are defined in json or yaml files using maps, and only equality-based requirement selectors are supported:"

^{^maps}

* master * TODO - * AKA master **node** (or nodes in an HA setup). Contrast this with **worker** * `kubectl cluster-info` gives "Kubernetes **master** is running at https://172.17.4.99:443" *

⤢

At 8:35 master /can/ run containers, but usually doesn't. ^{^master-containers}

⤢

At 30:54 - When you run kubectl get nodes if it says SchedulingDisabled on the master node, it will not run containers ^{^scheduling-disabled}

⤢

Node controller is a component in Kubernetes master which manages Node objects. ^{^node-controller}

* minikube * a tool that makes it easy to run Kubernetes locally. It runs Kubernetes in a VM on your local machine. * minion * the *deprecated* name for a **node** * network namespace * TODO - is one way **pod** is isolated * name *

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

* http://kubernetes.io/docs/user-guide/identifiers/ * client-provided. * only one object of a given kind can have a given name at a time (i.e., they are spatially unique). * used to refer to an object in a resource URL, such as /api/v1/pods/some-name * naked pod *

⤢

... naked pods (i.e., pods not bound to a replication controller ), go with the alternative. Naked pods will not be rescheduled in the event of node failure. ^{^naked-pods}

* namespaces * TODO - there are a bunch of these, but I don't understand them yet * by default, everything is in the default namespace *

⤢

At 6:20 - namespaces... different ones for environments: test/staging/production or for tenants ^{^namespace-for-environment}

* From [video-kubernetes-architecture](video-kubernetes-architecture.html) - **Process ID (PID) namespace** * From [video-kubernetes-architecture](video-kubernetes-architecture.html) - **Network namespace** * From [video-kubernetes-architecture](video-kubernetes-architecture.html) - **Interprocess communication (IPC) namespace** * From [video-kubernetes-architecture](video-kubernetes-architecture.html) - **Unix Timesharing (UTS) namespace** *

⤢

kubectl --namespace=demos get events ^{^namespace-get-events}

* node * from [kubernetes-kubectl-commands](kubernetes-kubectl-commands.html) "Update the **taint**s on one or more nodes" * from [kubernetes-docs-ingress](kubernetes-docs-ingress.html) "A single virtual or physical machine in a Kubernetes cluster." *

⤢

node is a worker machine in Kubernetes, previously known as minion. ^{^node-is-worker}

* node affinity * TODO - [kubernetes-docs-assigning-pods-to-nodes](kubernetes-docs-assigning-pods-to-nodes.html) * node controller *

⤢

Node controller is a component in Kubernetes master which manages Node objects. ^{^node-controller}

⤢

node controller receiving heartbeats ^{^node-controller-receives-heartbeats}

(TODO - who sends these?) * [kubernetes-docs-node](kubernetes-docs-node.html) * node pools * TODO * node port *

⤢

At 24:40 - A Node Port is an external service. Called node port because every node in the cluster makes the service available on the same port. ^{^node-port}

⤢

At 46:15 - the node ports fall within a specific range ^{^node-ports-range}

⤢

At 48:10 - if you access a service at the right port, but wrong node, kube proxy will bounce it to the right node ^{^kube-proxy-gets-request-to-right-node}

* object * TODO - same as **resource**? * seems to be referred to much more often than resources. *

⤢

every Kubernetes object has three basic fields in its description: Object Metadata, Specification (or Spec), and Status. ^{^three-basic-fields}

* persistent volume * attached to the node prior to running the pod itself on the node *

⤢

"Unlike volumes, persistent volumes are not associated with any specific pod or containers when they are created" ^{^persistent-volumes-no-association}

⤢

networked storage resource of the cluster that has been provisioned by an administrator. It is a resource in the cluster just like a node is a cluster resource. Are volume plugins like Volumes, but they have a distinct lifecycle that is independent of any individual pod that consumes the PV. ^{^persistent-volume-definition}

* Types:

⤢

Are implemented as plugins. Kubernetes supports popular backends and distributed file systems including Amazon EBS, GCE Persistent Disks, Cinder, Azure File System, NFS, iSCSI, Gluster, and Ceph among other types. ^{^persistent-volume-types}

* pet sets *

⤢

Pet Sets, an evolving concept in Kubernetes for running highly available stateful workloads. ^{^pet-sets}

⤢

Pet Sets, soon to be replaced by Stateful Sets in Kubernetes v1.5, give you deterministic order of initialization of pods. ^{^pet-set-stateful-set}

* pod * The atomic unit of a kubernetes **cluster** * A collection of one of more containers that work well together * from [kubernetes-code-readme](kubernetes-code-readme.html) "a colocated group of application containers with shared volumes. They're the smallest deployable units that can be created, scheduled, and managed with Kubernetes. Pods can be created individually, but it's recommended that you use a replication controller even if creating a single pod." * A set of **data-volume**s * **namespaces** * **labels** * The atomic unit of scheduling. "It doesn't make any sense for those two containers to land on different machines" [talk-technical-overview-of-kubernetes](talk-technical-overview-of-kubernetes.html) * can be connected together on localhost (different containers on a pod can all see each other because they share a network namespace) * From [kubernetes-docs-services](kubernetes-docs-services.html) - "Each **pod** gets an IP addresses, but it cannot be relied upon to be stable over time." * From [video-kubernetes-architecture](video-kubernetes-architecture.html) - "Alternative to VM with multiple processes" * From [video-kubernetes-architecture](video-kubernetes-architecture.html) - Each pod is isolated by **Process ID (PID) namespace**, **Network namespace**, **Interprocess communication (IPC) namespace**, **Unix Timesharing (UTS) namespace** *

⤢

At 18:20 "Every pod is completely autonomous. There is no notion of an 'application' that brings multiple pods together" ^{^pods-are-autonomous}

⤢

always runs an application container inside a top-level pod, even if the pod contains a single container ^{^always-in-a-pod}

⤢

it's easy to add a new small support service, because it operates in the private execution environment provided by its own container ^{^pod-makes-it-easy-to-add-support-service}

⤢

we decided that Kubernetes would allocate an IP address per pod, thus aligning network identity (IP address) with application identity ^{^ip-address-per-pod}

* podmaster * TODO * name from diagram in [kubernetes-docs-high-availability](kubernetes-docs-high-availability.html) on **master** * port name *

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

⤢

port name (IANA_SVC_NAME): An alphanumeric (a-z, and 0-9) string, with a maximum length of 15 characters, with the '-' character allowed anywhere except the first or the last character or adjacent to another '-' character, it must contain at least a (a-z) character. ^{^port-name}

* Process ID (PID) namespace * TODO - is one way **pod** is isolated * Prometheus * A way of monitoring a Kubernetes cluster * resource * TODO - seems to be a pretty generic term. What can it refer to? *

⤢

Allow idempotent creation of API resources (#148) and enforcement of space-uniqueness of singleton objects. ^{^api-resources}

(In same doc other things are referred to as objects) * reconciliation loop * Name from [talk-technical-overview-of-kubernetes](talk-technical-overview-of-kubernetes.html) at 14:20 * Same loop can be used for create, update, and delete * replica set * run X copies of a pod * handle **pod** failures (health checks) - TODO, what actually does this? * replication controller * combination of a **template** (a desired state template), some **labels**, and a number (like I want three) * From [kubernetes-code-readme](kubernetes-code-readme.html) "manage the lifecycle of pods. They ensure that a specified number of pods are running at any given time, by creating or killing pods as required." * scheduler * A small binary that lives on the "master side of the house" * Responsible for scheduling pods onto machines * modifies cluster state, and can get a **lease-lock** from the **API Server** to ensure single actor modifying cluster state - [kubernetes-docs-high-availability](kubernetes-docs-high-availability.html) *

⤢

The scheduler binds unscheduled pods to nodes via the /binding API. The scheduler is pluggable, and we expect to support multiple cluster schedulers and even user-provided schedulers in the future. ^{^scheduler}

⤢

The scheduler needs to take into account individual and collective resource requirements, quality of service requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, deadlines, and so on ^{^scheduler}

* schedulable * A **node**-level attribute that determines whether **pod**s will be scheduled onto the node. * `cordon` marks a **node** as un**schedulable** * `uncordon` marks a **node** as **schedulable** * `drain` removes **pod**s from a node and marks is as un**schedulable**. * secret * exposed by data volume or ENV vars * managed by the **API Server** * selector * TODO (it's in the **spec** section in the yml file - what is that yml file called?) * same as **label selector**, or are there additional types of selectors? * service * From [kubernetes-code-readme](kubernetes-code-readme.html) "Services provide a single, stable name and address for a set of pods. They act as basic load balancers." * From [kubernetes-docs-services](kubernetes-docs-services.html) "A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them." * Get a known, static, fixed IP address * They get a DNS entry that's associated with that known, static, fixed IP address * The IP address only exists in the routing tables in the machines in the cluster (otherwise it's fake) * Has a name, some ports, and a label query. * The load balancer sends traffic to the dynamic set of pods that match the label query * TODO in **expose**, it says you can expose a service as a new Kubernetes Service. What does that mean? * from [kubernetes-docs-ingress](kubernetes-docs-ingress.html) "A Kubernetes Service that identifies a set of pods using label selectors. Unless mentioned otherwise, Services are assumed to have virtual IPs only routable within the **cluster network**." *

⤢

At 22:15 an abstraction to define a logical set of pods, bound by a policy to access them. ^{^service-abstraction}

⤢

At 22:15 services are exposed through internal and external endpoints ^{^service-internal-external-enpoints}

⤢

At 22:15 can also point to a non-kubernetes endpoint through a Virtual-IP-Bridge ^{^service-non-kubernetes-endpoints}

⤢

At 22:15 supports TCP and UDP ^{^service-tcp-and-udp}

⤢

Interfaces with kube-proxy to manipulate IP tables ^{^service-interfaces-with-kube-proxy}

⤢

At 39:40 - there is a default kubernetes service when you do kubectl get svc ^{^default-kubernetes-service}

⤢

At 51:50 - If you scale a service by using a replication controller, the service will route to the right nodes using a load balancing scheme ^{^scale-service}

* simple load balancing including session affinity * service port * The port specified in the **spec** of a **service** **manifest**. *

⤢

At 37:50 - The default option is exposing the service port as a cluster IP ^{^service-port-as-cluster-ip}

* service proxy * that lives on the "machines" themselves * provides load balancing * spec * TODO the spec section within the **manifest**. * Stateful sets *

⤢

Pet Sets, soon to be replaced by Stateful Sets in Kubernetes v1.5, give you deterministic order of initialization of pods. ^{^pet-set-stateful-set}

⤢

runs database using statefulsets ^{^runs-database-using-statefulsets}

* storage class *

⤢

Enables administrators to create multiple tiers or classes of storage they offer. Different classes map to different levels of quality-of-service, backup policies, and arbitrary policies as defined by the administrators. ^{^storage-class}

* storage pools * TODO - [blog-post-running-stateful-application-in-kubernetes](blog-post-running-stateful-application-in-kubernetes.html) * subdomain *

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

⤢

subdomain (DNS_SUBDOMAIN): One or more lowercase rfc1035/rfc1123 labels separated by '.' with a maximum length of 253 characters. ^{^subdomain}

* supervisord *

⤢

At 8:35 supervisord runs docker and kubelet ^{^supervisord-docker-kubelet}

⤢

At 10:20 supervisord ensures that docker and kublet remain running ^{^supervisord-ensures-docker-and-kublet-running}

* taint * TODO - what is this? * from [kubernetes-kubectl-commands](kubernetes-kubectl-commands.html) "Update the **taint**s on one or more nodes" * template * TODO * UID *

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

⤢

UID: A non-empty, opaque, system-generated value guaranteed to be unique in time and space; intended to distinguish between historical occurrences of similar entities. ^{^uid}

* UUID *

⤢

An explicitly documented name and identifier ^{^name-and-identifier}

⤢

universally unique identifier (UUID): A 128 bit generated value that is extremely unlikely to collide across time and space and requires no central coordination. ^{^uuid}

* In the case of Kubernetes, a UUID is one type of **UID** * Unix Timesharing (UTS) namespace * TODO - is one way **pod** is isolated * Virtual-IP-Bridge * TODO - a way that services can point to non-Kubernetes **endpoint**s. * worker * AKA worker node *

⤢

At 12:25 the node is also called a minion or a slave (TODO is that only the worker node?) ^{^minion-slave}

^{^glossary}

tag--glossary

tag--project-kubernetes

tag--pub-to-codedtested

tag--deployed-section

tag--pub-to-kubnotes