3ps-kubernetes-dvps07-v2-ex100

Kops

1.A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters on AWS. 2. kops provisions your cluster with: Fully automated installation,DNS-based cluster identification,Self-healing: everything runs in Auto-Scaling Groups,High availability (HA) support,The ability to directly provision, or to generate Terraform manifests. 3.You can also build your own cluster using Kubeadm as a building block. kops builds on the kubeadm work.

HostAliases

1.A HostAliases is a mapping between the IP address and hostname 2.be injected into the Pod's hosts file. This is only valid for non-hostNetwork Pods."

Storage Class

1.A StorageClass describes different available storage types. 2.StorageClasses can map to quality-of-service levels, backup policies, Each StorageClass contains the fields provisioner, parameters, and reclaimPolicy, which are used when a Persistent Volume to be dynamically provisioned. 3.Users can request a particular class using the name of a StorageClass object.

Volume Plugin

1.A Volume Plugin enables integration of storage within a Pod. 2.A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. 3.In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.

Name

1.A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name. 2.Only one object of a given kind can have a given name at a time. 3.However, if you delete the object, you can make a new object with the same name.

containerd

1.A container runtime with an emphasis on simplicity, robustness and portability 2.containerd is a container runtime that runs as a daemon on Linux or Windows. 3.containerd takes care of fetching and storing container images, executing containers, providing network access, and more.

Controller

1.A control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state. 2.Examples of controllersare the replication controller, endpoints controller, namespace controller, and serviceaccounts controller. 3.The Kubernetes Master is a collection of three processes that run on a single node in your cluster, which is designated as the master node

Taint

1.A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of pods on nodes or node groups. 2.Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. 3.One or more taints are applied to a node. A node should only schedule a pod with the matching tolerations for the configured taints.

Toleration

1.A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taints. 2.Tolerations and taints work together to ensure that pods are not scheduled onto inappropriate nodes. One or more tolerations are applied to a pod. 3.A toleration indicates that the pod is allowed (but not required) to be scheduled on nodes or node groups with matching taints.

Certificate

1.A cryptographically secure file used to validate access to the Kubernetes cluster. 2.Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API. 3.Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.

UID

1.A directory containing data, accessible to the containers in a pod. 2.A Kubernetes volume lives as long as the pod that encloses it. 3.a volume outlives any containers that run within the pod, and data is preserved across container restarts.

Namespace

1.A feature used by Kubernetes to support multiple virtual clusters on the same physical cluster. 2.Names of resources need to be unique within a namespace, but not across namespaces.

Job

1.A finite or batch task that runs to completion. 2.Creates one or more Pod objects and ensures that a specified number of them successfully terminate. 3.As Pods successfully complete, the Job tracks the successful completions.

Workload

1.A group of Linux processes with resource isolation, accounting and limits. 2.cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes. 3.cgroups (or control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.

Pod Lifecycle

1.A high-level summary of what phase the Pod is in within its lifecyle. ""2.The Pod Lifecycle is a high level summary of where a Pod is in its lifecyle. 3. A Pod's status field is a PodStatus object, which has a phase field that displays one of the following phases: Running, Pending, Succeeded, Failed, Unknown, Completed, or CrashLoopBackOff.""

Annotation

1.A key-value pair that is used to attach arbitrary non-identifying metadata to objects. 2.The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. 3.Clients such as tools and libraries can retrieve this metadata.

Container

1.A lightweight and portable executable image that contains software and all of its dependencies. 2.Containers decouple applications from underlying host infrastructure to make deployment easier. 3.in different cloud or OS environments, and for easier scaling.

Node

1.A node is a worker machine in Kubernetes. 2.A worker node may be a VM or physical machine, depending on the cluster. It has local daemons or services necessary to run Pods and is managed by the control plane. 3.The daemons on a node include kubelet, kube-proxy, and a container runtime implementing the CRI such as Docker.

Helm Chart

1.A package of pre-configured Kubernetes resources that can be managed with the Helm tool. 2.Charts provide a reproducible way of creating and sharing Kubernetes applications. 3.A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches

Admission Controller

1.A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object. ""2.Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both. Any admission controller may reject the request. "" 3.Mutating controllers may modify the objects they admit; validating controllers may not.

Static Pod

1.A pod managed directly by the kubelet daemon on a specific node, 2.without the API server observing it. 3.Static Pods are managed directly by the kubelet daemon on a specific node, without the API server

Mirror Pod

1.A pod object that a kubelet uses to represent a static pod 2.When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there. 3.For example, removing a mirror pod will not stop the kubelet daemon from running it.

Cluster

1.A set of machines, called nodes, that run containerized applications managed by Kubernetes. A cluster has at least one worker node and at least one master node. 2.The worker node(s) host the pods 3.The master node(s) manages the worker nodes and the pods in the cluster. Multiple master nodes are used to provide a cluster with failover and high availability.

Network Policy

1.A specification of how groups of Pods are allowed to communicate with each other 2.Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and which port numbers to enforce each policy on. NetworkPolicy resources use labels to select Pods and define rules which specify what traffic iore s allowed to the selected Pods. 3.Network Policies are implemented by a supported network plugin provided by a network provider.

Kubeadm

1.A tool for installing Kubernetes and setting up a secure cluster. 2.use kubeadm to install both the control plane and the worker node components. 3.use kubeadm to install both the control plane and the worker node components.

Minikube

1.A tool for running Kubernetes locally. 2.Minikube runs a single-node cluster inside a VM on your computer. 3.You can use Minikube to try Kubernetes in a learning environment.

Service

1.A way to expose an application running on a set of Pods as a network service. 2.The set of Pods targeted by a Service is determined by a selector. If more Pods are added or removed, the set of Pods matching the selector will change. 3.The Service makes sure that network traffic can be directed to the current set of Pods for the workload.

Volume

1.A workload is an application running on Kubernetes. 2.Workload involves different objects like DaemonSet, Deployment, Job, ReplicaSet, and StatefulSet objects. 3.For example, a workload that has a web server and a database can run the database in one StatefulSet and the web server in a Deployment.

Ingress

1.API object that manages external access to the services in a cluster, like HTTP. 2.Ingress provides load balancing, SSL termination and name-based virtual hosting. 3.ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Dynamic Volume Provisioning

1.Allows users automatic creation of storage Volumes. 2.Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. 3.Dynamic volume provisioning is based on , StorageClass, Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.

Selector

1.Allows users to filter a list of resources based on labels. 2.Selectors are applied when querying lists of resources to filter them by Labels. 3. selectors let you select Kubernetes resources based on the value of one or more resource fields

Pod Disruption Budget

1.Also known as:PDB 2.A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time. 3.PDBs cannot prevent an involuntary disruption, but will count against the budget."

Deployment

1.An API object that manages a replicated application. 2.Each replica is represented by a Pod 3.Pods are distributed among the nodes of a cluster.

ConfigMap

1.An API object used to store non-confidential data in key-value pairs. Can be used as environment variables, command-line arguments, or config files in a volume. 2.Allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable 3.When storing confidential data use a Secret.

Horizontal Pod Autoscaler

1.An API resource that automatically scales the number of pod replicas based on targeted CPU utilization or custom metric targets. 2.HPA is used with Replication Controllers, Deployments, or Replica Sets. 3. It cannot be applied to objects that cannot be scaled, for example DaemonSets."

Kubelet

1.An agent that runs on each node in the cluster. It makes sure that containers are running in a pod. 2.The kubelet ensures that the containers described in PodSpecs are running and healthy. 3.The kubelet doesn't manage containers which were not created by Kubernetes.

Service Broker

1.An endpoint for a set of Managed Services offered and maintained by a third-party. 2.Service Brokers implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. 3.Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.

Service Catalog

1.An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider. 2.It provides a way to list, provision, and bind with external Managed Services from Service Brokers without needing detailed knowledge about how those services are created or managed. 3.Service Catalog lets you provision cloud services directly from the of native Kubernetes tools

Istio

1.An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, 2.Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. 3.Istio's control plane abstracts away the underlying Kubernetes

App Container

1.Application containers (or app containers) are the containers in a pod that are started after any init containers have completed. 2.An init container lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started. 3.If a pod doesn't have any init containers configured, all the containers in that pod are app containers.

Persistent Volume Claim

1.Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container. 2.Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). 3.Details of the storage itself are in the PersistentVolume specification.

cgroup (control group)

1.Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. 2.It can horizontally - by deploying more instances. to build High-Availability Clusters. 3.It is designed to scale horizontally - that is, it scales by deploying more instances. See Building High-Availability Clusters.

kube-apiserver

1.Component on the master that exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. 2.It can horizontally - by deploying more instances. to build High-Availability Clusters. 3.It is designed to scale horizontally - that is, it scales by deploying more instances. See Building High-Availability Clusters."

kube-controller-manager

1.Component on the master that runs controllers. 2.Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. 3.Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process."

kube-scheduler

1.Component on the master that watches newly created pods that have no node assigned, and selects a node for them to run on. 2.Factors taken into account for scheduling decisions include individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference and deadlines. 3.kube-scheduler is the default scheduler for Kubernetes and runs as part of the control plane

Container network interface (CNI)

1.Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification. 2.For information on Kubernetes and CNI refer to this. 3.For information on Kubernetes and CNI, see "Network plugins".

CustomResourceDefinition

1.Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server. 2.Custom Resource Definitions let you extend the Kubernetes API for your environment. 3.Create a CustomResourceDefinition When you create a new CustomResourceDefinition (CRD), 2.Custom Resource Definitions let you extend the Kubernetes API for your environment.

Device Plugin

1.Device Plugins are containers that provide access to a vendor specific resource. 2.Device Plugins advertise these resources to Kubelet. They can be deployed manually or as a DaemonSet, 3.intel, nvdia and several other devices have plugins

Pod Security Policy

1.Enables fine-grained authorization of Pod creation and updates. 2.PodSecurityPolicy objects define a set of conditions that a Pod must run with 3.Pod Security Policy control is implemented as an optional admission controller.

DaemonSet

1.Ensures a copy of a Pod is running across a set of nodes in a cluster. 2.Used to deploy system daemons such as log collectors and monitoring agents that normally must run on every Node. 3.A DaemonSet make sure that all or some kubernetes Nodes run a copy of a Pod

Extensions

1.Extensions are software components integrate with Kubernetes to support new types of hardware. 2.Most cluster administrators will use a hosted or distribution instance of Kubernetes. 3.As a result, most Kubernetes users will need to install extensions

FlexVolume

1.FlexVolume is an interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface which addresses several problems with FlexVolumes. 2.FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. 3.FlexVolume driver binaries and dependencies must be installed on host machines.

Replication Controller

1.Kubernetes service that ensures a specific number of instances of a pod are always running. 2.Will automatically add or remove running instances of a pod, based on a set value for that pod. 3.Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.

Cloud Controller Manager

1.Kubernetes v1.6 contains a new binary called cloud-controller-manager. 2.cloud-controller-manager is a daemon that embeds cloud-specific control loops. 3.These cloud-specific control loops were originally in the kube-controller-manager

Logging

1.Logs are the list of events that are logged by cluster or application. 2.Application and systems logs help you understand what is happening inside your cluster. 3.The logs are also useful for debugging problems and monitoring cluster activity.

CronJob

1.Manages a Job that runs on a periodic schedule. 2.Similar to a line in a crontab file, a CronJob object specifies a schedule using the cron format. 3.Similar to a crontab of lines

RBAC (Role-Based Access Control)

1.Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API. 2.RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users. 3.RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.

StatefulSet

1.Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. 2.Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. But, a StatefulSet maintains a persistent identifier that it maintains across any rescheduling. 3.A StatefulSet operates under the same pattern as any other Controller. You define your desired state in a StatefulSet object, and the StatefulSet controller makes any necessary updates to get there from the current state.

Init Container

1.One or more initialization containers that must run before any app containers run. 2.Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. 3.Init containers run in series: each init container must run to completion before the next init container begins.

Pod Priority

1.Pod Priority indicates the importance of a Pod relative to other Pods. 2.Pod Priority gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload. 3.An API object that injects information such as secrets, volume mounts, and environment variables into pods at creation time.

Preemption

1.Preemption logic in Kubernetes helps a pending Pod to find a suitable Node by evicting low priority Pods existing on that Node. 2.If a Pod cannot be scheduled, the scheduler tries to preempt lower priority Pods to make scheduling of the pending Pod possible. 3.If a Pod cannot be scheduled, the scheduler tries to preempt lower priority Pods to make scheduling of the pending Pod possible.

Service Account

1.Provides an identity for processes that run in a Pod. 2.When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, default. 3.When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace Namespace.

Resource Quotas

1.Provides constraints that limit aggregate resource consumption per Namespace. 2.Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project. 3.Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.

LimitRange

1.Provides constraints to limit resource consumption per Containers or Pods in a namespace. 2.LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual Containers or Pods in a namespace. 3.By default, containers run with unbounded compute resources on a Kubernetes cluster. With Resource quotas, cluster administrators can restrict the resource consumption and creation on a namespace basis

Qos

1.QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction. 2.QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. 3.QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod: Guaranteed, Burstable or BestEffort.

QoS Class

1.QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod: Guaranteed, Burstable or BestEffort 2.Provides constraints that limit aggregate resource consumption per Namespace. 3.Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.

ReplicaSet

1.ReplicaSet is the next-generation Replication Controller. ""2.ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, 3.Replication Controller only supports equality-based selector requirements.""

Image

1.Stored instance of a container that holds software needed to run an application. 2.package software that allows it to be stored in a container registry, pulled to a local system, and run as an application. 3.Meta data is included in the image that text what executable to run, who built it, and other information.

Secret

1.Stores sensitive information, such as passwords, OAuth tokens, and ssh keys. 2.Allows for more control over how sensitive information is used and reduces the risk of accidental exposure, including encryption at rest. 3.A Pod references the secret as a file in a volume mount or by the kubelet pulling images for a pod. Secrets are used confidential data and ConfigMaps for non-confidential data.

Label

1.Tags are objects with identifying attributes that are meaningful and relevant to users. 2.Labels are key/value pairs that are attached to objects such as Pods. 3.They are used to organize and to select subsets of objects.

Container Storage Interface (CSI)

1.The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers. ""2.CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins). 3.To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.""

Kubernetes API

1.The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. 2.Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. 3.The API allows configuration to be managed in a declarative way

Control Plane

1.The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers. 2.The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers. 3.consists of a collection of processes running on your cluster

Container Runtime

1.The container runtime is the software that is responsible for running containers. 2.Kubernetes supports several container runtimes: Docker, containerd, cri-o, rktlet 3.any implementation of the Kubernetes CRI (Container Runtime Interface).

Data Plane

1.The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network. 2.Kubernetes Control Plane maintains a record of all of the Kubernetes Objects in the system, and runs continuous control loops to manage those objects' state. 3.This plane is comprised of one or more etcd containers.

Applications

1.The layer where various containerized applications run. 2.A Kubernetes app is a containerized application that you can run on your Kubernetes cluster. 3.package a web application in a Docker container image, and run that container image on a Google Kubernetes Engine cluster

Security Context

1.The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID. 2.The securityContext field in a Pod or container is used to set the user, groups, capabilities, privilege settings, and security policies 3.The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.

Pod

1.The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster. 2.A Pod is normally set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. 3.Pods are commonly managed by a Deployment.

Aggregation Layer

1.When you've configured the Kubernetes API Server to support additional APIs, you can add APIService objects to "claim" a URL path in the Kubernetes API. 2.Cloud Controller Manager is way to integrate Kubernetes with any cloud. 3.The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.

Operator pattern

1.You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself. 2.If a running application acts as a controller and has API access to carry out tasks against a custom resource that's defined in the control plane, that's an example of the Operator pattern. 3.An Operator is an application-specific controller that extends Kubernetes to create, configure, and manage instances of complex applications

etcd

1.etcd is a highly available key-value store which Kubernetes uses for persistent storage of all of its objects like deployment, pod, service information 2.You can find in-depth information about etcd in the offical documentation. 3.If Kubernetes cluster uses etcd as its backing store

kube-proxy

1.kube-proxy is a network proxy that runs on each node in your cluster 2.kube-proxy uses the operating system packet filtering layer or kube-proxy forwards the traffic itself. 3.kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.

Persistent Volume

1.storage in the cluster. that persists beyond the lifecycle of any individual Pod. 2.PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). 3.For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used.

PodPreset

1This object chooses the pods to inject information into using standard selectors. 2.This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration. 3.This allows the podspec definitions to be nonspecific, decoupling the podspec from environment specific configuration.

Architecture

@@

Core Objects

@@

Extension

@@

Fundamental

@@

Networking

@@

Operations

@@

Security

@@

Storage

@@

Tools

@@

Workload

@@