現在表示しているのは、次のバージョン向けのドキュメントです。Kubernetesバージョン: v1.28
Kubernetes v1.28 のドキュメントは積極的にメンテナンスされていません。現在表示されているバージョンはスナップショットです。最新のドキュメントはこちらです: 最新バージョン
標準化用語集
この用語集は、Kubernetesの用語の包括的で標準化されたリストを対象としています。これには、Kubernetesに固有で有用なコンテキストを提供しつつも、より一般的な技術用語が含まれています。
タグに従って用語をフィルタ
Click on the [+] 特定の用語の詳細な説明を取得するには、以下のインジケータを使用します。
- Admission ControllerLINK
A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.
[+]Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both. Any admission controller may reject the request. Mutating controllers may modify the objects they admit; validating controllers may not.
- AffinityLINK
In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.
[+] - Aggregation LayerLINK
The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
[+]When you've configured the Kubernetes API Server to support additional APIs, you can add
APIService
objects to "claim" a URL path in the Kubernetes API. - API GroupLINK
A set of related paths in Kubernetes API.
[+]You can enable or disable each API group by changing the configuration of your API server. You can also disable or enable paths to specific resources. API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the
apiVersion
field of a serialized object.- Read API Group for more information.
- APIサーバーLINKまたの名を:kube-apiserver
APIサーバーは、Kubernetes APIを外部に提供するKubernetesコントロールプレーンのコンポーネントです。 APIサーバーはKubernetesコントロールプレーンのフロントエンドになります。
[+]Kubernetes APIサーバーの主な実装はkube-apiserverです。 kube-apiserverは水平方向にスケールするように設計されています—つまり、インスタンスを追加することでスケールが可能です。 複数のkube-apiserverインスタンスを実行することで、インスタンス間でトラフィックを分散させることが可能です。
- APIを起点とした退避LINK
APIを起点とした退避は、Eviction APIを使用して退避オブジェクトを作成し、Podの正常終了を起動させるプロセスです。
[+]kubectl drain
コマンドのようなkube-apiserverのクライアントを使用し、Eviction APIを直接呼び出すことで、退避を要求することができます。Eviction
オブジェクトが生成された時、APIサーバーは対象のPodを終了させます。APIを起点とした退避は
PodDisruptionBudgets
とterminationGracePeriodSeconds
の設定を優先します。APIを起点とした退避は、Node不足による退避とは異なります。
- 詳しくはAPIを起点とした退避をご覧ください。
- App ContainerLINK
Application containers (or app containers) are the containers in a pod that are started after any init containers have completed.
[+]An init container lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started. If a pod doesn't have any init containers configured, all the containers in that pod are app containers.
- Application ArchitectLINK
A person responsible for the high-level design of an application.
[+]An architect ensures that an app's implementation allows it to interact with its surrounding components in a scalable, maintainable way. Surrounding components include databases, logging infrastructure, and other microservices.
- ApproverLINK
A person who can review and approve Kubernetes code contributions.
[+]While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution. Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others. Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.
- cAdvisorLINK
cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.
[+]It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.
- CLA (Contributor License Agreement)LINK
Terms under which a contributor grants a license to an open source project for their contributions.
[+]CLAs help resolve legal disputes involving contributed material and intellectual property (IP).
- Cloud Native Computing Foundation (CNCF)LINK
Cloud Native Computing Foundation (CNCF)は、持続可能なエコシステムを構築し、マイクロサービスアーキテクチャの一部としてコンテナをオーケストレーションするプロジェクトを中心としたコミュニティを育成します。
KubernetesはCNCFプロジェクトです。
[+]CNCFはLinux Foundationのサブファウンデーションです。 CNCFの使命は、クラウドネイティブコンピューティングをユビキタスにすることです。
- Cloud ProviderLINKまたの名を:Cloud Service Provider
A business or other organization that offers a cloud computing platform.
[+]Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.
Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.
You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodes and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.
- Cluster OperationsLINK
The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.
[+]Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.
- Code ContributorLINK
A person who develops and contributes code to the Kubernetes open source codebase.
[+]They are also an active community member who participates in one or more Special Interest Groups (SIGs).
- Container Environment VariablesLINK
Container environment variables are name=value pairs that provide useful information into containers running in a pod
[+]Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.
- Container Lifecycle HooksLINK
The lifecycle hooks expose events in the Container management lifecycle and let the user run code when the events occur.
[+]Two hooks are exposed to Containers: PostStart which executes immediately after a container is created and PreStop which is blocking and is called immediately before a container is terminated.
- Container network interface (CNI)LINK
Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.
[+]- For information on Kubernetes and CNI, see Network Plugins.
- Container Runtime InterfaceLINK
The main protocol for the communication between the kubelet and Container Runtime.
[+]The Kubernetes Container Runtime Interface (CRI) defines the main gRPC protocol for the communication between the node components kubelet and container runtime.
- ControllerLINK
Kubernetesにおいて、コントローラーはクラスターの状態を監視し、必要に応じて変更を加えたり要求したりする制御ループです。それぞれのコントローラーは現在のクラスターの状態を望ましい状態に近づけるように動作します。
[+]コントローラーはクラスターの状態をコントロールプレーンの一部であるkube-apiserverから取得します。
コントロールプレーン内部で動くいくつかのコントローラーは、Kubernetesの主要な操作に対する制御ループを提供します。 例えば、Deploymentコントローラー、Daemonsetコントローラー、Namespaceコントローラー、Persistent Volumeコントローラー等はkube-controller-managerの内部で動作します。
- CRI-OLINK
A tool that lets you use OCI container runtimes with Kubernetes CRI.
[+]CRI-O is an implementation of the Container runtime interface (CRI) to enable using container runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.
Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods, and to fetch OCI container images from remote registries.
- DeploymentLINK
複製されたアプリケーションを管理するAPIオブジェクトで、通常はステートレスなPodを実行します。
[+]各レプリカはPodで表され、Podはクラスターのノード間で分散されます。 ローカル状態を要求するワークロードには、StatefulSetの利用を考えてください。
- Developer (disambiguation)LINK
May refer to: Application Developer, Code Contributor, or Platform Developer.
[+]This overloaded term may have different meanings depending on the context
- Device PluginLINK
Device plugins run on worker Nodes and provide Pods with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.
[+]Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.
See Device Plugins for more information.
- DisruptionLINK
Disruptions are events that lead to one or more Pods going out of service. A disruption has consequences for workload resources, such as Deployment, that rely on the affected Pods.
[+]If you, as cluster operator, destroy a Pod that belongs to an application, Kubernetes terms that a voluntary disruption. If a Pod goes offline because of a Node failure, or an outage affecting a wider failure zone, Kubernetes terms that an involuntary disruption.
See Disruptions for more information.
- DockershimLINK
The dockershim is a component of Kubernetes version 1.23 and earlier. It allows the kubelet to communicate with Docker Engine.
[+]Starting with version 1.24, dockershim has been removed from Kubernetes. For more information, see Dockershim FAQ.
- Downstream (disambiguation)LINK
May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.
[+]- In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
- In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
- Downward APILINK
Kubernetes' mechanism to expose Pod and container field values to code running in a container.
[+]It is sometimes useful for a container to have information about itself, without needing to make changes to the container code that directly couple it to Kubernetes.
The Kubernetes downward API allows containers to consume information about themselves or their context in a Kubernetes cluster. Applications in containers can have access to that information, without the application needing to act as a client of the Kubernetes API.
There are two ways to expose Pod and container fields to a running container:
- using environment variables
- using a
downwardAPI
volume
Together, these two ways of exposing Pod and container fields are called the downward API.
- Dynamic Volume ProvisioningLINK
Allows users to request automatic creation of storage Volumes.
[+]Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.
- EndpointsLINK
Endpoints track the IP addresses of Pods with matching selectors.
[+]Endpoints can be configured manually for Services without selectors specified. The EndpointSlice resource provides a scalable and extensible alternative to Endpoints.
- EndpointSliceLINK
A way to group network endpoints together with Kubernetes resources.
[+]A scalable and extensible way to group network endpoints together. These can be used by kube-proxy to establish network routes on each node.
- Ephemeral ContainerLINK
A Container type that you can temporarily run inside a Pod.
[+]If you want to investigate a Pod that's running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.
Ephemeral containers are not supported by static pods.
- EventLINK
Event is a Kubernetes object that describes state change/notable occurrences in the system.
[+]Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given reason reflecting a consistent underlying trigger, or the continued existence of events with that reason.
Events should be treated as informative, best-effort, supplemental data.
In Kubernetes, auditing generates a different kind of Event record (API group
audit.k8s.io
). - ExtensionsLINK
Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.
[+]Many cluster administrators use a hosted or distribution instance of Kubernetes. These clusters come with extensions pre-installed. As a result, most Kubernetes users will not need to install extensions and even fewer users will need to author new ones.
- Feature gateLINK
Feature gates are a set of keys (opaque string values) that you can use to control which Kubernetes features are enabled in your cluster.
[+]You can turn these features on or off using the
--feature-gates
command line flag on each Kubernetes component. Each Kubernetes component lets you enable or disable a set of feature gates that are relevant to that component. The Kubernetes documentation lists all current feature gates and what they control. - FlexVolumeLINK
FlexVolume is a deprecated interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface that addresses several problems with FlexVolume.
[+]FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with FlexVolumes.
- Group Version ResourceLINKまたの名を:GVR
Means of representing unique Kubernetes API resource.
[+]Group Version Resources (GVRs) specify the API group, API version, and resource (name for the object kind as it appears in the URI) associated with accessing a particular id of object in Kubernetes. GVRs let you define and distinguish different Kubernetes objects, and to specify a way of accessing objects that is stable even as APIs change.
- Horizontal Pod AutoscalerLINKまたの名を:HPA
An API resource that automatically scales the number of Pod replicas based on targeted CPU utilization or custom metric targets.
[+]HPA is typically used with ReplicationControllers, Deployments, or ReplicaSets. It cannot be applied to objects that cannot be scaled, for example DaemonSets.
- HostAliasesLINK
A HostAliases is a mapping between the IP address and hostname to be injected into a Pod's hosts file.
[+]HostAliases is an optional list of hostnames and IP addresses that will be injected into the Pod's hosts file if specified. This is only valid for non-hostNetwork Pods.
- Init ContainerLINK
One or more initialization containers that must run to completion before any app containers run.
[+]Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.
- kOps (Kubernetes Operations)LINK
[+]kOps
will not only help you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes cluster, but it will also provision the necessary cloud infrastructure.Note: AWS (Amazon Web Services) is currently officially supported, with DigitalOcean, GCE and OpenStack in beta support, and Azure in alpha.kOps
is an automated provisioning system:- Fully automated installation
- Uses DNS to identify clusters
- Self-healing: everything runs in Auto-Scaling Groups
- Multiple OS support (Amazon Linux, Debian, Flatcar, RHEL, Rocky and Ubuntu)
- High-Availability support
- Can directly provision, or generate terraform manifests
- kube-proxyLINK
kube-proxyはクラスター内の各nodeで動作しているネットワークプロキシで、KubernetesのServiceコンセプトの一部を実装しています。
[+]kube-proxyは、Nodeのネットワークルールをメンテナンスします。これらのネットワークルールにより、クラスターの内部または外部のネットワークセッションからPodへのネットワーク通信が可能になります。
kube-proxyは、オペレーティングシステムにパケットフィルタリング層があり、かつ使用可能な場合、パケットフィルタリング層を使用します。それ以外の場合は自身でトラフィックを転送します。
- KubectlLINKまたの名を:kubectl
Kubernetes APIを使用してKubernetesクラスターのコントロールプレーンと通信するためのコマンドラインツールです。
[+]Kubernetesオブジェクトの作成、検査、更新、削除には
kubectl
を使用することができます。 - Kubernetes APILINK
The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.
[+]Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like
kubectl
. The core Kubernetes API is flexible and can also be extended to support custom resources. - LimitRangeLINK
Provides constraints to limit resource consumption per Containers or Pods in a namespace.
[+]LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual Containers or Pods in a namespace.
- MasterLINK
Legacy term, used as synonym for nodes hosting the control plane.
[+]The term is still being used by some provisioning tools, such as kubeadm, and managed services, to label nodes with
kubernetes.io/role
and control placement of control plane pods. - MinikubeLINK
A tool for running Kubernetes locally.
[+]Minikube runs a single-node cluster inside a VM on your computer. You can use Minikube to try Kubernetes in a learning environment.
- Mixed Version Proxy (MVP)LINKまたの名を:MVP
Feature to let a kube-apiserver proxy a resource request to a different peer API server.
[+]When a cluster has multiple API servers running different versions of Kubernetes, this feature enables resource requests to be served by the correct API server.
MVP is disabled by default and can be activated by enabling the feature gate named
UnknownVersionInteroperabilityProxy
when the API Server is started. - Network PolicyLINK
A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
[+]Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on.
NetworkPolicy
resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect. - Node-pressure evictionLINKまたの名を:kubelet eviction
Node-pressure eviction is the process by which the kubelet proactively terminates pods to reclaim resources on nodes.
[+]The kubelet monitors resources like CPU, memory, disk space, and filesystem inodes on your cluster's nodes. When one or more of these resources reach specific consumption levels, the kubelet can proactively fail one or more pods on the node to reclaim resources and prevent starvation.
Node-pressure eviction is not the same as API-initiated eviction.
- ObjectLINK
An entity in the Kubernetes system. The Kubernetes API uses these entities to represent the state of your cluster.
[+]A Kubernetes object is typically a “record of intent”—once you create the object, the Kubernetes control plane works constantly to ensure that the item it represents actually exists. By creating an object, you're effectively telling the Kubernetes system what you want that part of your cluster's workload to look like; this is your cluster's desired state.
- Operator patternLINK
The operator pattern is a system design that links a Controller to one or more custom resources.
[+]You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.
If a running application acts as a controller and has API access to carry out tasks against a custom resource that's defined in the control plane, that's an example of the Operator pattern.
- PodLINK
一番小さく一番シンプルなKubernetesのオブジェクト。Podとはクラスターで動作しているいくつかのコンテナのまとまりです。
[+]通常、Pod は一つの主コンテナを実行するように設定されます。ロギングなどの補足機能を付加する、取り外し可能なサイドカーコンテナを実行することもできます。Pod は通常 Deployment によって管理されます。
- Pod DisruptionLINK
Pod disruption is the process by which Pods on Nodes are terminated either voluntarily or involuntarily.
[+]Voluntary disruptions are started intentionally by application owners or cluster administrators. Involuntary disruptions are unintentional and can be triggered by unavoidable issues like Nodes running out of resources, or by accidental deletions.
- Pod Disruption BudgetLINKまたの名を:PDB
A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time.
[+]Involuntary disruptions cannot be prevented by PDBs; however they do count against the budget.
- Pod LifecycleLINK
The sequence of states through which a Pod passes during its lifetime.
[+]The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown. A high-level description of the Pod state is summarized in the PodStatus
phase
field. - Pod PriorityLINK
Pod Priority indicates the importance of a Pod relative to other Pods.
[+]Pod Priority gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.
- Pod Security PolicyLINK
Enables fine-grained authorization of Pod creation and updates.
[+]A cluster-level resource that controls security sensitive aspects of the Pod specification. The
PodSecurityPolicy
objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.PodSecurityPolicy was deprecated as of Kubernetes v1.21, and removed in v1.25. As an alternative, use Pod Security Admission or a 3rd party admission plugin.
- ProbeLINK
A check that the kubelet periodically performs against a container that is running in a pod, that will define container's state and health and informing container's lifecycle.
[+]To learn more, read container probes.
- ProxyLINK
In computing, a proxy is a server that acts as an intermediary for a remote service.
[+]A client interacts with the proxy; the proxy copies the client's data to the actual server; the actual server replies to the proxy; the proxy sends the actual server's reply to the client.
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.
- QoS ClassLINK
QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.
[+]QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction. Kubernetes can assign one of the following QoS classes to a Pod:
Guaranteed
,Burstable
orBestEffort
. - QuantityLINK
A whole-number representation of small or large numbers using SI suffixes.
[+]Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.
For instance, the number
1.5
is represented as1500m
, while the number1000
can be represented as1k
, and1000000
as1M
. You can also specify binary-notation suffixes; the number 2048 can be written as2Ki
.The accepted decimal (power-of-10) units are
m
(milli),k
(kilo, intentionally lowercase),M
(mega),G
(giga),T
(tera),P
(peta),E
(exa).The accepted binary (power-of-2) units are
Ki
(kibi),Mi
(mebi),Gi
(gibi),Ti
(tebi),Pi
(pebi),Ei
(exbi). - RBAC (Role-Based Access Control)LINK
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
[+]RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
- ReplicaSetLINK
ReplicaSetは、任意の時点で動作しているレプリカPodの集合を保持します。(保持することを目指します。)
[+]Deploymentなどのワークロードオブジェクトは、ReplicaSetの仕様に基づいて、 設定された数のPodsがクラスターで稼働することを保証するために、 ReplicaSetを使用します。
- ReplicationControllerLINK
A workload resource that manages a replicated application, ensuring that a specific number of instances of a Pod are running.
[+]The control plane ensures that the defined number of Pods are running, even if some Pods fail, if you delete Pods manually, or if too many are started by mistake.
Note: ReplicationController is deprecated. See Deployment, which is similar. - Security ContextLINK
The
[+]securityContext
field defines privilege and access control settings for a Pod or container.In a
securityContext
, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).The
PodSpec.securityContext
setting applies to all containers in a Pod. - ServiceLINK
クラスター内で1つ以上のPodとして実行されているネットワークアプリケーションを公開する方法です。
[+]Serviceが対象とするPodの集合は、(通常)セレクターによって決定されます。 Podを追加または削除するとセレクターにマッチしているPodの集合は変更されます。 Serviceは、ネットワークトラフィックが現在そのワークロードを処理するPodの集合に向かうことを保証します。
Kubernetes Serviceは、IPネットワーキング(IPv4、IPv6、またはその両方)を使用するか、ドメインネームシステム(DNS)でExternal Nameを参照します。
Serviceの抽象化により、IngressやGatewayなどの他のメカニズムを実現することができます。
- ServiceAccountLINK
Provides an identity for processes that run in a Pod.
[+]When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example,
default
. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same Namespace. - Shuffle-shardingLINK
A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.
[+]We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use. The hash function uses as input characteristics of the request that align with flows. For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.
That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue. Providing good insulation for a large number of flows requires a large number of queues, which is problematic. Shuffle-sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows. The terminology of shuffle-sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card. The shuffle-sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.
- SIG (special interest group)LINK
大規模なKubernetesオープンソースプロジェクトにおいて、開発中の部分または側面を集合的に管理するコミュニティメンバー
[+]SIGのメンバーは、アーキテクチャ、API machinery、ドキュメンテーションといった、特定のエリアの改善に共通の関心をもっています。 SIGはガバナンスガイドラインに準拠していなければなりませんが、独自の貢献ポリシーやコミュニケーションのチャンネルを持つことが可能です。
さらなる情報はコミュニティ (kubernetes/community)リポジトリとSIGとワーキンググループを参照して下さい。
- StatefulSetLINK
StatefulSetはDeploymentとPodのセットのスケーリングを管理し、それらのPodの順序と一意性を保証 します。
[+]Deploymentのように、StatefulSetは指定したコンテナのspecに基づいてPodを管理します。Deploymentとは異なり、StatefulSetは各Podにおいて管理が大変な同一性を維持します。これらのPodは同一のspecから作成されますが、それらは交換可能ではなく、リスケジュール処理をまたいで維持される永続的な識別子を持ちます。
ワークロードに永続性を持たせるためにストレージボリュームを使いたい場合は、解決策の1つとしてStatefulSetが利用できます。StatefulSet内の個々のPodは障害の影響を受けやすいですが、永続化したPodの識別子は既存のボリュームと障害によって置換された新しいPodの紐付けを簡単にします。
- Static PodLINK
A pod managed directly by the kubelet daemon on a specific node,
[+]without the API server observing it.
Static Pods do not support ephemeral containers.
- StorageClassLINK
StorageClassは管理者が利用可能なさまざまなストレージタイプを記述する方法を提供します。
[+]StorageClassはサービス品質レベル、バックアップポリシー、クラスター管理者が決定した任意のポリシーにマッピングできます。 各StorageClassには
provisioner
、parameters
、reclaimPolicy
フィールドが含まれています。これらは、対象のStorageClassのPersistentVolumeを動的プロビジョニングする必要がある場合に使用されます。ユーザーはStorageClassオブジェクトの名前を使用して特定のStorageClassを要求できます。 - sysctlLINK
[+]sysctl
is a semi-standardized interface for reading or changing the attributes of the running Unix kernel.On Unix-like systems,
sysctl
is both the name of the tool that administrators use to view and modify these settings, and also the system call that the tool uses.Container runtimes and network plugins may rely on
sysctl
values being set a certain way. - TaintLINK
A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of Pods on nodes or node groups.
[+]Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.
- Upstream (disambiguation)LINK
May refer to: core Kubernetes or the source repo from which a repo was forked.
[+]- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
- user namespaceLINK
A kernel feature to emulate root. Used for "rootless containers".
[+]User namespaces are a Linux kernel feature that allows a non-root user to emulate superuser ("root") privileges, for example in order to run containers without being a superuser outside the container.
User namespace is effective for mitigating damage of potential container break-out attacks.
In the context of user namespaces, the namespace is a Linux kernel feature, and not a namespace in the Kubernetes sense of the term.
- Volume PluginLINK
A Volume Plugin enables integration of storage within a Pod.
[+]A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.
- WG (working group)LINK
Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.
[+]Working groups are a way of organizing people to accomplish a discrete task.
For more information, see the kubernetes/community repo and the current list of SIGs and working groups.
- ワークロードLINK
ワークロードとは、Kubernetes上で実行中のアプリケーションです。
[+]異なる種類のワークロードやその一部を表すコアオブジェクトはさまざまなものがあり、DaemonSet、Deployment、Job、ReplicaSet、StatefulSetオブジェクトなどがあります。
たとえば、ウェブサーバーとデータベースを含むワークロードの場合、データベースを1つのStatefulSetで実行し、ウェブサーバーをDeploymentで実行するという構成が考えられます。
- ガベージコレクションLINK
ガベージコレクションは、Kubernetesがクラスターリソースをクリーンアップするために使用するさまざまなメカニズムの総称です。
[+]Kubernetesはガベージコレクションを使用して、未使用のコンテナとイメージ、失敗したPod、対象リソースが所有するオブジェクト、完了したJob、期限切れまたは失敗したリソースなどのリソースをクリーンアップします。
- クラウドコントローラーマネージャーLINK
クラウド特有の制御ロジックを組み込むKubernetesのcontrol planeコンポーネントです。クラウドコントロールマネージャーは、クラスターをクラウドプロバイダーAPIをリンクし、クラスターのみで相互作用するコンポーネントからクラウドプラットフォームで相互作用するコンポーネントを分離します。
[+]Kubernetesと下のクラウドインフラストラクチャー間の相互運用ロジックを分離することで、cloud-controller-managerコンポーネントはクラウドプロバイダを主なKubernetesプロジェクトと比較し異なるペースで機能をリリース可能にします。
- クラスターLINK
コンテナ化されたアプリケーションを実行する、ノードと呼ばれるワーカーマシンの集合です。すべてのクラスターには少なくとも1つのワーカーノードがあります。
[+]ワーカーノードは、アプリケーションのコンポーネントであるPodをホストします。マスターノードは、クラスター内のワーカーノードとPodを管理します。複数のマスターノードを使用して、クラスターにフェイルオーバーと高可用性を提供します。 ワーカーノードは、アプリケーションワークロードのコンポーネントであるPodをホストします。コントロールプレーンは、クラスター内のワーカーノードとPodを管理します。本番環境では、コントロールプレーンは複数のコンピューターを使用し、クラスターは複数のノードを使用し、耐障害性や高可用性を提供します。
- コンテナストレージインターフェイス(CSI)LINK
コンテナストレージインターフェイス(CSI)はストレージシステムをコンテナに公開するための標準インターフェイスを定義します。
[+]CSIはベンダーがKubernetesリポジトリにコードを追加することなく(Kubernetesリポジトリツリー外のプラグインとして)独自のストレージプラグインを作成することを可能にします。CSIドライバをストレージプロバイダから利用するには、はじめにクラスターにCSIプラグインをデプロイする必要があります。その後のCSIドライバーを使用するためのStorageClassを作成することができます。
- コンテナランタイムLINK
コンテナランタイムは、コンテナの実行を担当するソフトウェアです。
[+]Kubernetesは次の複数のコンテナランタイムをサポートします。 Docker、containerd、CRI-O、 および全ての Kubernetes CRI (Container Runtime Interface) 実装です。
- コントリビューターLINK
Kubernetesプロジェクトやコミュニティのために、コード、ドキュメント、その他に自身の時間を使って貢献している人々
[+]貢献はPull Request(PRs)、Issue、フィードバック、special interest groups (SIG)への参加、またはコミュニティイベントの開催が含まれます。
- ファイナライザーLINK
ファイナライザーは、削除対象としてマークされたリソースを完全に削除する前に、特定の条件が満たされるまでKubernetesを待機させるための名前空間付きのキーです。 ファイナライザーは、削除されたオブジェクトが所有していたリソースをクリーンアップするようにコントローラーに警告します。
[+]Kubernetesにファイナライザーが指定されたオブジェクトを削除するように指示すると、Kubernetes APIはそのオブジェクトに
.metadata.deletionTimestamp
を追加し削除対象としてマークして、ステータスコード202
(HTTP "Accepted")を返します。 コントロールプレーンやその他のコンポーネントがファイナライザーによって定義されたアクションを実行している間、対象のオブジェクトは終了中の状態のまま残っています。 それらのアクションが完了したら、そのコントローラーは関係しているファイナライザーを対象のオブジェクトから削除します。metadata.finalizers
フィールドが空になったら、Kubernetesは削除が完了したと判断しオブジェクトを削除します。ファイナライザーはリソースのガベージコレクションを管理するために使うことができます。 例えば、コントローラーが対象のリソースを削除する前に関連するリソースやインフラをクリーンアップするためにファイナライザーを定義することができます。
- プラットフォーム開発者LINK
自身のプロジェクトの要件に合わせ、Kubernetesプラットフォームをカスタマイズする人
[+]プラットフォーム開発者は、特に自身のアプリケーションのために、例えばカスタムリソースや集約レイヤーを使ったKubernetes APIの拡張を用いて、Kubernetesに機能を追加ことがあるかもしれません。一部のプラットフォーム開発者はまたコントリビューターとして、エクステンションを開発しKubernetesのコミュニティに貢献しています。他の方々は、クローズドソースな商用もしくは、サイト固有なエクステンションを開発しています。
- ミラーPodLINK
kubeletがstatic Podを代表するために使用するPodオブジェクトです。
[+]kubeletが設定の中にstatic Podを発見すると、static Podに対応するPodオブジェクトをKubernetes APIサーバー上に自動的に作成しようとします。つまり、APIサーバーからはPodが見えていますが、制御まではできないということです。
(たとえば、ミラーPodを削除しても、kubeletデーモンが対応するPodの実行を停止することはありません。)
- メンバーLINK
K8sコミュニティの継続的かつアクティブなコントリビューター
[+]メンバーはイシューとPRをアサインすることができ、GitHub teamを通じてspecial interest groups (SIGs)に参加することが可能です。メンバーのPRではPre-submitテストが自動で走ります。メンバーは、アクティブなコントリビューターとしてコミュニティに居続けることを期待されています。
- 永続ボリューム要求LINK
コンテナ内でボリュームとしてマウントするためにPersistentVolume内で定義されたストレージリソースを要求します。
[+]ストレージサイズ、ストレージへのアクセス制御(読み取り専用、読み取り/書き込み、排他的)、および再利用方法(保持、リサイクル、削除)を指定します。ストレージ自体の詳細はPersistentVolumeオブジェクトに記載されています。
フィードバック
このページは役に立ちましたか?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to 問題を報告する or 改善を提案.