Glossary
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
Admission controller
A plugin that intercepts API requests after authentication and authorization to validate or mutate objects before persistence.
Affinity
Rules defining pod placement preferences or requirements based on node or pod labels.
API group
A logical grouping of related Kubernetes REST resources and versions.
API server
Control plane component exposing the Kubernetes API and processing object requests.
Annotation
Key/value metadata attached to Kubernetes objects for non-identifying information.
B
Binding
An internal object representing assignment of a pod to a specific node.
C
Certificate authority (CA)
Authority that signs and validates TLS certificates to secure communication.
Cluster
A collection of nodes and control plane components managed together.
ConfigMap
Object used to store non-sensitive configuration data as key/value pairs.
Container
A runnable application environment packaged with dependencies.
Controller manager
Control plane component running background controllers to maintain cluster desired state.
CronJob
A workload object that schedules Jobs to run on a recurring time schedule.
D
DaemonSet
Ensures that a copy of a pod runs on every node or selected nodes.
Deployment
Workload controller managing ReplicaSets and enabling rollout/rollback of stateless applications.
E
EndpointSlice
API resource storing network endpoint references for scalable Service networking.
etcd
Distributed key/value store used by Kubernetes to persist cluster state.
Eviction
Termination or removal of pods in response to resource pressure or defined policy.
F
Feature gate
A mechanism for enabling or disabling Kubernetes features.
Finalizer
Metadata preventing deletion of an object until cleanup logic completes.
H
Helm
A package manager for deploying applications described using charts.
I
Image
A static template for creating containers, containing code and dependencies.
Ingress
Configuration object defining external HTTP/HTTPS access to Services.
Init container
A container that must run successfully before normal application containers start in a pod.
J
Job
A workload resource that runs pods to completion one or more times.
K
K0s
A lightweight, minimal Kubernetes distribution.
K3s
A lightweight Kubernetes distribution for resource-limited environments.
Kubernetes (K8s)
An open-source platform for automating deployment, scaling, and management of containerized workloads.
kubelet
Node-level agent ensuring containers defined in pod specifications are running.
kube-proxy
Component managing network rules and routing for Kubernetes Services.
kubectl
Command-line tool used to interact with the Kubernetes API server.
L
Label
A key/value metadata pair used to identify and select Kubernetes objects.
M
Multi-tenancy (vCluster)
A model providing logical isolation of user workloads within a shared Kubernetes host cluster.
N
Namespace
A virtual cluster partition providing workload and resource isolation.
Network policy
Rules describing allowed or denied network traffic between pods and endpoints.
Node
A machine that runs workloads and communicates with cluster control plane components.
O
Object
A persisted record in the Kubernetes API representing desired state.
Operator
A software component extending Kubernetes to automate application operations.
OwnerReference
Metadata linking dependent objects to parent objects for cascading actions.
P
PersistentVolume (PV)
Cluster-level storage abstraction independent of pods.
PersistentVolumeClaim (PVC)
A storage request resource that binds to an available PersistentVolume.
Pod
The smallest deployable compute resource in Kubernetes representing one or more containers.
PodDisruptionBudget (PDB)
A policy specifying minimum pod availability during voluntary disruptions.
Q
Quality of Service (QoS) class
Pod scheduling classification based on CPU and memory requests and limits.
R
ReplicaSet
Controller ensuring a specified number of pod replicas are running.
ResourceQuota
Policy limiting namespace resource consumption.
Role
An RBAC permission set scoped to a namespace.
RoleBinding
Grants policies in a Role to subjects within a namespace.
ClusterRole
A permission policy applicable cluster-wide.
ClusterRoleBinding
Grants a ClusterRole to subjects at cluster scope.
S
Scheduler
Control plane component assigning pods to nodes according to constraints and resources.
Secret
Object storing sensitive credentials or configuration data.
Service
Abstraction exposing a set of pods under a stable network identity.
ServiceAccount
Identity used by workloads to interact with the Kubernetes API.
StatefulSet
Workload controller maintaining stable identities and storage for stateful applications.
StorageClass
Configuration defining dynamic storage provisioning behavior.
Syncer (vCluster)
Component responsible for synchronizing resources between virtual and host clusters.
T
Taint
A node condition preventing scheduling of pods without matching tolerations.
Team (vCluster)
A logical grouping of users associated with a virtual cluster.
Template (vCluster)
Reusable configuration blueprint for generating virtual clusters.
Toleration
Pod specification permitting scheduling on tainted nodes.
U
Upstream Kubernetes
Canonical open-source Kubernetes maintained by the community.
User
An identity representing humans or systems interacting with the API.
V
vCluster
A virtual Kubernetes control plane running inside a namespace of a host cluster.
Virtual cluster
An independent logical Kubernetes environment nested inside a host cluster.
Volume
A directory available to containers in a pod for persistent or ephemeral data.
W
Watch
A mechanism that streams changes to resources via API notification.
Workload
Units of compute work performed by Kubernetes (Deployments, Jobs, StatefulSets, etc.).