- Documentazione
- Blog di Kubernetes
- Formazione
- Partner
- Community
- Casi di Studio
- Versions
- Release Information
- v1.32
- v1.31
- v1.30
- v1.29
- v1.28
- Italiano (Italian)
- English
- 中文 (Chinese)
- 한국어 (Korean)
- 日本語 (Japanese)
- Français (French)
- Deutsch (German)
- Español (Spanish)
- Português (Portuguese)
- Bahasa Indonesia
- हिन्दी (Hindi)
- Tiếng Việt (Vietnamese)
- Русский (Russian)
- Polski (Polish)
- Українська (Ukrainian)
You are viewing documentation for Kubernetes version: v1.28
Kubernetes v1.28 documentazione non è più manutenuta. La versione che stai visualizzando in questo momento è archiviata. Per una versione aggiornata, guarda ultima versione.
Glossary
Questo glossario vuole essere un aiuto per standardizzare la terminologia usata per Kubernetes. Include termini tecnici che sono specifici di Kubernetes, così come termini più generali che sono utili per dare un contesto.
Filtra i termini sulla base delle loro etichette
.
Architecture
Community
Core Object
Extension
Fundamental
Networking
Operation
Security
Storage
Tool
User Type
Workload
Seleziona tutto
Deseleziona tutto
Fare click sull'icona [+] per il significato di questo termine.
-
Affinity
In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.
[+] -
API Group
A set of related paths in Kubernetes API.
[+]You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the
apiVersion
field of a serialized object.- Read API Group for more information.
-
API serverAnche noto come:kube-apiserver
L'API server è un componente di Kubernetes control plane che espone le Kubernetes API. L'API server è il front end del control plane di Kubernetes.
[+]La principale implementazione di un server Kubernetes API è kube-apiserver. kube-apiserver è progettato per scalare orizzontalmente, cioè scala aumentando il numero di istanze. Puoi eseguire multiple istanze di kube-apiserver e bilanciare il traffico tra queste istanze.
-
ApplicationsThe layer where various containerized applications run. [+]
The layer where various containerized applications run.
-
cgroup (control group)
A group of Linux processes with optional resource isolation, accounting and limits.
[+]cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.
-
Cluster
Un'insieme di macchine, chiamate nodi, che eseguono container gestiti da Kubernetes. Un cluster ha almeno un Worker Node.
[+]Il/I Worker Node ospitano i Pod che eseguono i workload dell'utente. Il/I Control Plane Node gestiscono i Worker Node e tutto quanto accade all'interno del cluster. Per garantire la high-availability e la possibilità di failover del cluster, vengono utilizzati più Control Plane Node.
-
Container
Una immagine leggera, portabile ed eseguibile che contiene un software e tutte le sue dipendenze.
[+]I ontainer disaccoppiano le applicazione dall'infrastruttura host sottostante e rendono semplice il deploy nei differenti cloud o sistemi operativi e anche per una semplice scalabilità
-
Container Environment Variables
Container environment variables are name=value pairs that provide useful information into containers running in a pod
[+]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
-
Container Runtime
Il container runtime è il software che è responsabile per l'esecuzione dei container.
[+]Kubernetes supporta diversi container runtimes: Docker, containerd, cri-o, rktlet e tutte le implementazioni di Kubernetes CRI (Container Runtime Interface).
-
Control Plane
Lo strato per l'orchestrazione dei container che espone le API e interfaccie per definere, deploy, e gestione del ciclo di vita dei container.
[+]Questo strato è composto da diversi componenti, come (ma non limitato a):
Questi compenti possono girare come trazionali servizi del sistema operativo (demoni) o come containers. L'host che esegue questi componenti era storicamente chiamato master.
-
Controller
In Kubernetes, i controller sono circuiti di controllo che osservano lo stato del cluster, e apportano o richiedono modifiche quando necessario. Ogni controller prova a portare lo stato corrente del cluster verso lo stato desiderato.
[+]I controller osservano lo stato condiviso del cluster attraverso il apiserver (che è parte del Control Plane).
Alcuni controller vengono eseguiti all'interno del piano di controllo (control plane), e forniscono circuiti di controllo che sono parte dell'operatività base di Kubernetes. Ad esempio: il deployment controller, il daemonset controller, il namespace controller, ed il persistent volume controller (e altri) vengono tutti eseguiti all'interno del kube-controller-manager.
-
CustomResourceDefinition
Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
[+]Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can't meet your needs.
-
Data PlaneThe layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network. [+]
The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network.
-
Deployment
Un oggetto API che gestisce un'applicazione replicatata, tipicamente esegue Pod senza stato locale.
[+]Ogni replica è rappresentata da un Pod, e i Pod sono distribuiti attraverso i nodi di un cluster. Per i carichi di lavoro che hanno bisogno di uno stato locale, cosidera l'utilizzo di un StatefulSet.
-
Device Plugin
Device plugins run on worker Nodes and provide Pods with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.
[+]Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.
See Device Plugins for more information.
-
Disruption
Disruptions are events that lead to one or more Pods going out of service. A disruption has consequences for workload resources, such as Deployment, that rely on the affected Pods.
[+]If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.
See Disruptions for more information.
-
Docker
Docker (nello specifico, Docker Engine) è una technologia software che offre una virtualizzazione a livello del sistema operativo nota come container.
[+]Docker utilizza delle funzionalità di isolamente del kernel Linux come cgroups e kernel namespaces e un file system union-capable come OverlayFS e altro permettendo a container indipendenti di girare all'interno di una singola istanza Linux, eliminando il sovraccarico nell'avviare e manutenere delle virtual machines (VMs).
-
Dockershim
The dockershim is a component of Kubernetes version 1.23 and earlier. It allows the kubelet to communicate with Docker Engine.
[+]Starting with version 1.24, dockershim has been removed from Kubernetes. For more information, see Dockershim FAQ.
-
Ephemeral Container
A Container type that you can temporarily run inside a Pod.
[+]If you want to investigate a Pod that's running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.
Ephemeral containers are not supported by static pods.
-
Event
Event is a Kubernetes object that describes state change/notable occurrences in the system.
[+]Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given reason reflecting a consistent underlying trigger, or the continued existence of events with that reason.
Events should be treated as informative, best-effort, supplemental data.
In Kubernetes, auditing generates a different kind of Event record (API group
audit.k8s.io
). -
Extensions
Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.
[+]Many cluster administrators use a hosted or distribution instance of Kubernetes. These clusters come with extensions pre-installed. As a result, most Kubernetes users will not need to install extensions and even fewer users will need to author new ones.
-
Feature gate
Feature gates are a set of keys (opaque string values) that you can use to control which Kubernetes features are enabled in your cluster.
[+]You can turn these features on or off using the
--feature-gates
command line flag on each Kubernetes component. Each Kubernetes component lets you enable or disable a set of feature gates that are relevant to that component. The Kubernetes documentation lists all current feature gates and what they control. -
Finalizer
Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion. Finalizers alert controllers to clean up resources the deleted object owned.
[+]When you tell Kubernetes to delete an object that has finalizers specified for it, the Kubernetes API marks the object for deletion by populating
.metadata.deletionTimestamp
, and returns a202
status code (HTTP "Accepted"). The target object remains in a terminating state while the control plane, or other components, take the actions defined by the finalizers. After these actions are complete, the controller removes the relevant finalizers from the target object. When themetadata.finalizers
field is empty, Kubernetes considers the deletion complete and deletes the object.You can use finalizers to control garbage collection of resources. For example, you can define a finalizer to clean up related resources or infrastructure before the controller deletes the target resource.
-
Garbage Collection
Garbage collection is a collective term for the various mechanisms Kubernetes uses to clean up cluster resources.
[+]Kubernetes uses garbage collection to clean up resources like unused containers and images, failed Pods, objects owned by the targeted resource, completed Jobs, and resources that have expired or failed.
-
Image
Istanza archiviata di un Container che contiene un insieme di software e librerie necessarie per eseguire l'applicazione.
[+]Un modo di distribuire software che permette di immagazzinarlo in Image Registry (un registro di container images), scaricarlo in un sistema locale ed eseguirlo come un'applicazione. I metadati sono inclusi nell'immagine e possono contenere informazioni su come avviare l'esecuzione, chi ha prodotto l'immagine, o altro.
-
Init Container
One or more initialization containers that must run to completion before any app containers run.
[+]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
-
kube-controller-manager
Componente della Control Plane che gestisce controllers.
[+]Da un punto di vista logico, ogni controller è un processo separato, ma per ridurre la complessità, tutti i principali controller di Kubernetes vengono raggruppati in un unico container ed eseguiti in un singolo processo.
-
kube-proxy
kube-proxy è un proxy eseguito su ogni nodo del cluster, responsabile della gestione dei Kubernetes Service.
[+]I kube-proxy mantengono le regole di networking sui nodi. Queste regole permettono la comunicazione verso gli altri nodi del cluster o l'esterno.
Il kube-proxy usa le librerie del sistema operativo quando possible; in caso contrario il kube-proxy gestisce il traffico direttamente.
-
KubectlAnche noto come:kubectl
Command line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API.
[+]You can use
kubectl
to create, inspect, update, and delete Kubernetes objects. -
Kubelet
Un agente che è eseguito su ogni nodo del cluster. Si assicura che i container siano eseguiti in un pod.
[+]La kubelet riceve un set di PodSpecs che vengono forniti attraverso vari meccanismi, e si assicura che i container descritti in questi PodSpecs funzionino correttamente e siano sani. La kubelet non gestisce i container che non sono stati creati da Kubernetes.
-
Kubernetes API
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[+]Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like
kubectl
. The core Kubernetes API is flexible and can also be extended to support custom resources. -
LimitRange
Provides constraints to limit resource consumption per Containers or Pods in a namespace.
[+]LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual Containers or Pods in a namespace.
-
Manifest
Specification of a Kubernetes API object in JSON or YAML format.
[+]A manifest specifies the desired state of an object that Kubernetes will maintain when you apply the manifest. Each configuration file can contain multiple manifests.
-
Master
Termine vecchio, usato come sinonimo per i nodi che ospitano la control plane.
[+]Il termine è ancora usato da alcuni strumenti di provisioning, come kubeadm, e servizi gestiti, per mettere la label
kubernetes.io/role
ai nodi per controllare il posizionamento dei pods della control plane . -
Minikube
A tool for running Kubernetes locally.
[+]Minikube runs a single-node cluster inside a VM on your computer. You can use Minikube to try Kubernetes in a learning environment.
-
Mirror Pod
A pod object that a kubelet uses to represent a static pod
[+]When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.
(For example, removing a mirror pod will not stop the kubelet daemon from running it).
-
Name
A client-provided string that refers to an object in a resource URL, such as
[+]/api/v1/pods/some-name
.Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.
-
Namespace
An abstraction used by Kubernetes to support isolation of groups of resources within a single cluster.
[+]Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).
-
Node
Un node è una macchina worker in Kubernetes.
[+]Un worker node può essere una VM o una macchina fisica, in base al cluster. Possiede daemon locali o servizi ncessari a eseguire Pods e viene gestito dalla control plane. I deamon i un node includono kubelet, kube-proxy, e un container runtiome che implementa CRI come ad esempio Docker.
Nelle prime versioni di Kubernetes, i Node venivano chiamati "Minion".
-
Object
An entity in the Kubernetes system. The Kubernetes API uses these entities to represent the state of your cluster.
[+]A Kubernetes object is typically a “record of intent”—once you create the object, the Kubernetes control plane works constantly to ensure that the item it represents actually exists. By creating an object, you're effectively telling the Kubernetes system what you want that part of your cluster's workload to look like; this is your cluster's desired state.
-
Pod
Il più piccolo e semplice oggetto in Kubernetes. Un pod rappresenta un gruppo di container nel tuo cluster.
[+]Un pod è tipicamente progettato per eseguire un singolo container primario. Può opzionalmente eseguire sidecar container che aggiungono funzionalità supplementari come logging. I Pod sono generalmetne gestiti da un Deployment.
-
Pod Lifecycle
The sequence of states through which a Pod passes during its lifetime.
[+]The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown. A high-level description of the Pod state is summarized in the PodStatus
phase
field. -
Pod Security Policy
Enables fine-grained authorization of Pod creation and updates.
[+]A cluster-level resource that controls security sensitive aspects of the Pod specification. The
PodSecurityPolicy
objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.PodSecurityPolicy was deprecated as of Kubernetes v1.21, and removed in v1.25. As an alternative, use Pod Security Admission or a 3rd party admission plugin.
-
QoS Class
QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.
[+]QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod:
Guaranteed
,Burstable
orBestEffort
. -
RBAC (Role-Based Access Control)
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
[+]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
-
ReplicaSet
A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.
[+]Workload objects such as Deployment make use of ReplicaSets to ensure that the configured number of Pods are running in your cluster, based on the spec of that ReplicaSet.
-
Service
A method for exposing a network application that is running as one or more Pods in your cluster.
[+]The set of Pods targeted by a Service is (usually) determined by a selector. If more Pods are added or removed, the set of Pods matching the selector will change. The Service makes sure that network traffic can be directed to the current set of Pods for the workload.
Kubernetes Services either use IP networking (IPv4, IPv6, or both), or reference an external name in the Domain Name System (DNS).
The Service abstraction enables other mechanisms, such as Ingress and Gateway.
-
ServiceAccount
Provides an identity for processes that run in a Pod.
[+]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example,
default
. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same Namespace. -
Shuffle-sharding
A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.
[+]We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use. The hash function uses as input characteristics of the request that align with flows. For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.
That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue. Providing good insulation for a large number of flows requires a large number of queues, which is problematic. Shuffle-sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows. The terminology of shuffle-sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card. The shuffle-sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.
-
StatefulSet
Gestisce deployment e la scalabilità di un gruppo di Pods, e garantisce il corretto ordine e unicità di questi Pods.
[+]Come un Deployment, uno StatefulSet gestisce Pod che sono basati sulla stessa specifica di container. Contrariamente da un Deployment, uno StatefulSet mantiente una specifica identita per ogni Pod. Questi pod sono creati dalla stessa specifica, ma non sono intercambiabili: ogni pod a un identificativo persistente che si mantiene attraverso ogni rischedulazione.
Se vuoi usare un volume dello storage per avere la persistenza per il tuo carico di lavoro, puoi usare uno StatefulSet come parte della tua soluzione. Anche se i singoli Pod in uno StatefulSet sono suscettibili al fallimento, l'identificativo persistente del Pod rende semplice il collegamento dei volumi esistenti ai nuovi Pods che sostituiscono quelli falliti.
-
Static Pod
A pod managed directly by the kubelet daemon on a specific node,
[+]without the API server observing it.
Static Pods do not support ephemeral containers.
-
Taint
A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of Pods on nodes or node groups.
[+]Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.
-
UID
A Kubernetes systems-generated string to uniquely identify objects.
[+]Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.
-
Volume
Una cartella contenente i dati, accessibile dal containers in un Pod.
[+]Un volume di Kubernetes rimane in vita fintanto che lo rimane il Pod che lo racchiude. Di conseguenza, un volume sopravvive ad ogni container all'interno del Pod, e i dati nel volume sono preservati a prescindere dai restart del container.
Vedi storage per più informazioni.
-
Workload
A workload is an application running on Kubernetes.
[+]Various core objects that represent different types or parts of a workload include the DaemonSet, Deployment, Job, ReplicaSet, and StatefulSet objects.
For example, a workload that has a web server and a database might run the database in one StatefulSet and the web server in a Deployment.
Ultima modifica June 16, 2021 at 5:57 PM PST: Remove exec permission on markdown files (e9703497a1)