Kubernetes Glossary

Tools and host/kernel-enforced controls that detect and block suspicious behavior at runtime and enforce process-level restrictions.

Pluggable control points invoked on API requests to validate, mutate, or reject resources before they are persisted.

The front-end interface for Kubernetes control plane, handling RESTful requests.

Volume snapshot/backup semantics (frequency, retention, restore) for block/object storage backing pods.

Strategies for safe releases; blue/green switches traffic between two environments, canary releases gradual traffic to new versions.

The foundation that hosts Kubernetes and related ecosystem projects ensuring governance, sustainability, and innovation.

A set of nodes managed together by Kubernetes; includes worker nodes that run workloads and a control plane that manages cluster state.

Automatically adjusts the number of nodes in a cluster based on pending pods and utilization; used with cloud provider APIs.

Tools and patterns for managing resources across multiple clusters (multi-cluster sync, policy propagation, multi-region failover).

Abstractions that coordinate resources across clusters and enable global deployments and failover.

Using eBPF in CNI plugins (e.g., Cilium) to implement high-performance, programmable networking and observability inside the kernel.

Stores non-confidential configuration data as key-value pairs for pods.

A lightweight runtime bundle packaging an application and its dependencies, executed inside a Pod and isolated from other containers.

Policies and tooling to scan images for vulnerabilities and enforce which images are allowed to run (signing, registries, SCA).

The standard plugin model for configuring container network interfaces / pod networking; popular implementations include Calico, Cilium, Flannel, and Weave.

Software like Docker or containerd responsible for running containers within Kubernetes pods.

Set of components (API server, scheduler, controller manager) managing the Kubernetes cluster state and API lifecycle.

Security practices to secure the API server and etcd, including TLS encryption, authentication, and audit logging.

Metering and reporting per-namespace or per-team resource usage for billing, showback, or internal chargeback.

Namespace quotas, resource requests/limits, and workload tagging combined with monitoring to control cloud costs and chargeback.

Extends the Kubernetes API by defining new custom resource types which are managed by controllers.

Kubelet interface to container runtimes (e.g., containerd, CRI-O) that manages container lifecycle on nodes.

The standardized interface for block and file storage plugins enabling dynamic provisioning and lifecycle operations in Kubernetes.

Ensures a copy of a Pod runs on all or a selected subset of nodes, commonly used for node-level agents like loggers and monitoring exporters.

Command line utilities and patterns for inspecting pods, execing into containers, port-forwarding, and capturing logs/events.

Manages updates and rollback of ReplicaSets to control application versions smoothly.

Mechanisms to detect when live cluster/infrastructure diverges from declared IaC state (helps detect configuration drift).

Consistent and highly-available key-value store used by Kubernetes to store all cluster data and configuration.

Processes to protect and recover cluster state; consistent backups and safe restore procedures are essential for recovery.

Patterns and tooling to manage workloads, policies, and failover across multiple clusters for geo-redundancy and scale.

Finalizers ensure cleanup actions run before resource deletion; garbage collection reclaims dependent resources when owners are removed.

Agents that collect and route logs from pods to central systems like Elasticsearch or cloud logging services.

Practice of managing Kubernetes cluster and application configurations through Git repositories for version control and automation.

Kubernetes package manager that simplifies deployment and management of complex applications using versioned charts.

Automatically scales the number of pods in a deployment based on observed metrics like CPU.

Adjusts the number of pod replicas based on observed metrics such as CPU, memory, or custom application metrics.

Using Kubernetes RBAC integrated with cloud IAM systems to enforce least privilege access controls at app and cluster levels.

CI/CD and registry checks that detect vulnerabilities, enforce signing, and ensure provenance of container images to reduce runtime risk.

Deployment approach where nodes and infra are replaced rather than mutated, making upgrades and rollbacks more predictable.

Declarative tooling/practices (Terraform, Crossplane, Pulumi) to define and manage cloud and cluster infrastructure reproducibly.

An API object that defines external HTTP/HTTPS routing rules to services, typically implemented by an ingress controller.

The actual controller that implements Ingress rules, commonly NGINX, Traefik, or cloud-managed controllers.

Job runs pods to completion for finite tasks; CronJob schedules Jobs on a time-based cadence similar to cron.

Minimal Kubernetes distributions optimized for edge, IoT, or resource constrained environments with simplified footprint and ops.

Adds event-driven autoscaling capabilities, scaling workloads based on external event sources or queue lengths.

Tools and APIs for bootstrapping, managing, and automating cluster lifecycle across environments.

The central API endpoint that validates, processes, and serves Kubernetes API requests and persists state to etcd.

Runs controllers that reconcile cluster state such as ReplicaSet, Deployment, and Node controllers to achieve desired state.

The command-line tool used to interact with the Kubernetes API server for managing the cluster.

An agent running on each node that ensures the containers described in PodSpecs are running and reports node status back to the control plane.

Handles networking rules on nodes to route service traffic to pods; can run in iptables, IPVS, or user-space modes.

An open source container orchestration system that automates deployment, scaling, and lifecycle management of containerized applications across clusters of machines.

Management of multiple clusters from a single control plane, synchronizing resources and workloads across clusters globally.

Software extension using CRDs and controllers to automate complex application lifecycle tasks like backups, scaling, and upgrades.

The component that assigns newly created pods to suitable nodes based on constraints, resources, and scheduling policies.

Mechanism among controllers to ensure only a single active controller instance performs certain operations at any time.

Distributes incoming network traffic across multiple pods/services to ensure availability.

Cloud provider managed control planes that reduce operational burden by handling upgrades, patching, and control plane HA.

Environment with multiple independent Kubernetes clusters, used for scalability, high availability, or geographic distribution.

Techniques and controls (namespaces, network, RBAC, quotas) to safely host multiple teams/customers on shared infrastructure while maintaining isolation.

A way to divide cluster resources between multiple users or teams for organization and access.

Kubernetes objects that limit resource consumption (CPU, memory, storage) per namespace to prevent noisy-neighbor problems.

Defines rules that govern network traffic flow between pods or between pods and external endpoints for securing communication.

A physical or virtual machine in a cluster that runs pods and provides CPU, memory, storage, and networking resources.

Rules to prefer or require pods to co-locate or avoid co-locating based on node labels, improving locality or fault isolation.

Grouping nodes with similar instance types or roles, enabling differentiated scheduling and scaling behavior.

Profiling and GPU or CPU-level performance tools to diagnose hotspots and improve application efficiency.

Tools and methods (metrics, logs, tracing) integrated with Kubernetes and service meshes to monitor cluster health and performance.

Distributed tracing and telemetry standards that correlate requests across services to diagnose latency and failures.

A pattern and runtime packaging custom controllers to automate lifecycle management of complex stateful applications using CRDs.

A piece of storage in the cluster that remains available beyond pod lifetimes.

Cluster resource that provides durable storage independent of pod lifetime, used for stateful workloads like databases.

A request for storage by a pod specifying size and access modes.

Storage request from a pod specifying size and access mode that binds to a Persistent Volume.

A cluster-level resource representing a piece of storage provisioned by an admin or dynamically by the platform.

A request for storage by a pod; PVC binds to a matching PV based on class, access mode, and capacity.

The smallest deployable unit in Kubernetes, representing one or more containers running together.

A policy that specifies the minimum number of pods that must remain available during voluntary disruptions like upgrades.

Scheduling mechanism that assigns priority to pods and, if needed, preempts lower-priority pods to free resources for higher-priority workloads.

Cluster admission control that enforces pod-level security posture such as restricting privileged containers, hostPath mounts, or capabilities.

Deprecated but important security feature to enforce fine-grained pod-level security constraints in cluster admission control.

A policy object that limits how many pods of an application can be voluntarily disrupted during maintenance or upgrades.

Priority classes influence scheduling order and allow higher priority pods to preempt lower priority pods when resources are scarce.

A popular metrics collection and alerting system for Kubernetes that scrapes metrics and stores time series for monitoring.

Quality of Service tiers (Guaranteed, Burstable, BestEffort) determined by requests and limits that affect eviction priority under pressure.

The core controller mechanism that continually compares desired state to actual state and performs actions to converge them.

Ensures a specified number of pod replicas are running at any time to maintain availability.

Pod resource requests inform the scheduler of minimum required CPU/memory; limits cap usage to protect node stability.

A method for regulating access to resources in Kubernetes based on user roles and permissions.

A deployment strategy that incrementally replaces old pod versions with new ones to minimize downtime.

Tools that monitor runtime behavior (system calls, file access) to detect anomalies and block attacks; examples include Falco and runtime policies.

Stores sensitive information like passwords and tokens securely within the cluster.

Kubernetes abstraction that provides a stable IP and DNS name to a set of pods, enabling load balancing and service discovery.

An identity for processes running in pods, used to grant API permissions and isolate machine identities from human users.

Dedicated infrastructure layer managing secure, observable, and resilient communication between microservices in a Kubernetes cluster.

Short lived credentials and projected tokens used to grant pods scoped access reducing the risk of long-lived secrets.

A container deployed alongside an app container within a pod to handle networking, security, or telemetry functions (service mesh).

Controller managing stateful applications that require stable network IDs and persistent storage for each pod replica.

Defines storage types and dynamic provisioning parameters, allowing admins to offer multiple storage profiles (e.g., SSD, encrypted, high-IOPS).

Mechanisms to repel pods from nodes unless they explicitly tolerate the node’s taints; used to reserve nodes for special workloads.

Recommends or automatically adjusts CPU and memory requests for pods to better match actual usage patterns.

Point-in-time replicas of volumes used for backups, cloning, or rapid restores; often implemented via CSI snapshot drivers.