Kubernetes Glossary

Annotations

A storage mechanism for key/value pairs that can be leveraged by tools and libraries.

Blue / Green Deployment

Blue Green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green. At any time, only one of the environments is live. For example if the Blue environment is currently live, as the new version of the application is ready to go live, the final stages of testing takes place on the non-live environment, in this case Green. Once the deployed Green environment has been fully tested, routing of all incoming requests is then channelled to the Green environment instead of the Blue environment. This leap frog deployment mechanism eliminates downtime due to to application deployment.

Canary release

A canary release is a new version of an app that is meant to replace the beta version in the future. Only a small fraction of users hit the canary version to see how it behaves before rolling out to all users.

Cluster

A cluster is a set of machines (physical or VMs) or nodes that are managed by kubernetes.

ConfigMap

A ConfigMap is used to store configuration that’s used by containers. ConfigMaps can be mapped into a running container as environment variables or files.

Container

A docker container is a unit of computer software that packages up an application and all its dependencies so that the application runs quickly and reliably in different computing environments. Containers isolate the application from its environment and ensures that it works uniformly regardless of the computing infrastructure.

Context

A kubernetes context allows us to use kubectl to work on more than one cluster. It is a combination of:

  • A kubernetes cluster

  • Authentication information

  • The namespace

Control Plane
  • The Kubernetes control plane ensures that the actual state of all Kubernetes objects match the desired state.

  • The control plane for a Kubernetes cluster consists of:

    • api-server: entry point to control plane

    • etcd: highly available distributed key/value store

    • controller manager: checks desired state with current state

    • scheduler: assigns newly created pods to a node

DaemonSet

DaemonSets run only a single pod replica on each node, whereas ReplicaSets run pods on any pod in the cluster.

Deployment

Deployments are a way to create an array of pods, including handling roll-outs of new app versions. The deployment resources sit on top of ReplicaSets which is responsible for pushing out an existing or new version of the app when the new version becomes available. Deployments represent a set of multiple, identical Pods with no unique identities. A Deployment runs multiple replicas of your application and automatically replaces any instances that fail or become unresponsive.

Edge Router

A router that enforces the firewall policy for your cluster. This could be a gateway managed by a cloud provider or a physical piece of hardware.

Ingress

An Ingress may be configured to give Services externally reachable URLs, load-balanced traffic, terminate SSL / TLS and offer name based virtual hosting. An Ingress Controller is responsible for fulfilling the Ingress, usually through a load-balancer, though it may also be configured through an edge router or other front-ends to help handle incoming traffic.

Ingress Controller

An Ingress handles incoming web requests at OSI layer L7 and sometimes L4. It can be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name based virtual hosting. An Ingress controller is responsible for fulfilling the Ingress, usually with a load balancer, though it may also configure your edge router or additional front ends to help handle the traffic.

JWT

A JSON Web Token is an internet standard for creating JSON-based access tokens. Kubernetes service accounts uses a signed JWTs for authentication with the API server.

Labels

Labels are key/value pairs that can be attached to kubernetes objects. It provides the foundation for grouping objects. Labels provide flexibility to label / tag resource in a very flexible manner as grouping requirements changes. Examples of labels are acme.com/app-version=1.0.0, appVersion=1.0.0, bigtom.k8/cluster-service=true.

Label Selectors

Are used to filter kubernetes objects based on their label and label value. E.g. $ kubectl get pods --selector="ver=2".

Master node

In a Kubernetes cluster, a master node manages the cluster and constitutes the control plane.

maxSurge and maxUnavailable

These two properties affect how many pods are replaced at once during a Kubernetes Deployment’s rolling update.

  • maxSurge: Determines how many pod instances are allowed to exist above the desired replica count. The default is 25%.

  • maxUnavailable: Determines how many pod instances can be unavailable relative to the desired replica count during the update.

minReadySeconds

Specifies how long in seconds a newly created pod should be allowed to get ready before it is considered as available. If the new pod is not responding to its readiness probe by the time of minReadySeconds, the roll out of the new deployment version will effectively be blocked. See Health Probes

Namespace

Namespaces are a way to divide the cluster resources between multiple users using Resource Quotas. It effectively separates a physical cluster into multiple virtual clusters. A namespace is used to group and sometimes isolate resources in a Kubernetes cluster. A resource can only belong to one name space.

Node

A node represents a server, either virtual or physical in a cluster. A Kubernetes cluster contains master nodes and worker nodes.

nodeSelector

This is a keyword used in a pod definition (Node Selector) to ensure that the pod only runs on pods with the specified label.

Pod

A pod represents the smallest possible deployable component in Kubernetes consisting of one or more co-located containers. You cannot create your own Pods. They are created by the ReplicaSet.

Pod Replacement Strategy

The pod replacement strategy can have either one of the following values which decides how new pods in a deployment are created in a roll out.

  • Recreate: All existing pods are killed before new ones are created.

  • RollingUpdate: Creates one pod at a time before removing it’s old replacement pod.

PV

Persistence Volume are a cluster wide pool of storage managed by an administrator.

PVC

Persistence Volume Claim allows a pod definition to bind to a Persistence Volume.

RBAC

Role Based Access Control.

RepicaSet

A ReplicaSet is used to ensure that a specified number of pods are running at all times. It is defined with fields, including:

  • a selector that specifies how to identify Pods.

  • number of replicates indicating how many Pods it should be maintaining

  • a pod template specifying the data of new Pods it should create

Resource limits

Specifies the maximum amount or resources that an application can consume in a container. Note that docker does not have a limit to how much computing resources it consumes. Hence it is at the Kubernetes container level where we can put a boundary to this. See Container level Quota

Resource Quotas

A Namespace Resource Quota provides constraints that limit resource consumption by Namespace. It is a way to divide resources in a shared cluster between groups of users.

Resource requests

Specifies the minimum amount of resources required to run an application. See Container level Quota

Selector

A label selector is a grouping for resources. It supports two types of selectors:

  • equality-based: allows filtering by label keys and values.

  • set based: allows filtering based on sets of labels.

Service

A Kubernetes Service that identifies a set of Pods using label selectors. Unless mentioned otherwise, Services are assumed to have virtual IPs only route-able within the cluster network.

SessionAffinity

This attribute is used in a service yaml to denote that the service proxy should redirect all incoming requests from an incoming client web request to the same pod as before.

TargetPort

In a Kubernetes yaml file, this denotes the port used by the container. It may also be called a containerPort.

Worker node

In a Kubernetes cluster, a worker node runs the actual workload as compared to a master node which manages the cluster.