Glossary
The following are proprietary terms, terminology, and abbreviations that appear in this document.
| Glossary | Description |
|---|---|
| Cluster | A Kubernetes cluster manages the infrastructure resources needed to run containers in a Kubernetes container platform, and is associated with various resources such as multiple nodes, load balancers, and private networks. A single-point cluster has only one control node, while a highly available cluster has at least 3 control nodes. |
| Node | A node in a cluster is divided into two types: control nodes (Master) and compute nodes (Node). Control nodes are responsible for running kube-apiserver, kube-scheduler, kube-controller-manager, etcd, container networks, and some management components of the platform. Compute nodes are the nodes in a Kubernetes cluster that bear the workload, and can be virtual or physical machines. Compute nodes are responsible for actual Pod scheduling and communication with management nodes. |
| Project | The platform's projects (tenants) can be flexibly divided into independent and isolated resource spaces, and each project has an independent project environment, which can represent different subsidiaries, departments, or project teams within an enterprise. Through project management, it is easy to achieve resource isolation between project teams and quota management within tenants. |
| Namespace | Kubernetes Namespace is a smaller resource space that is isolated from other namespaces in a project on the platform, and is also a workspace for users to implement job production. Multiple namespaces can be created under one project, and the total resource quota that can be occupied cannot exceed the project quota. By subdividing resource quotas into smaller namespaces, the size of containers (CPU, memory) under the namespace is also limited, effectively improving resource utilization. |
| Image | A container image is a standard format for packaging container applications. When deploying containerized applications, images can be specified, which can come from Docker Hub, the company's DevOps platform image repository, or a user's private image repository. The image ID can be uniquely confirmed by the URI of the image repository and the image tag (default is latest). |
| Container | A process that runs on a host, created based on an image. |
| Pod | A Pod is the smallest basic unit for deploying applications or services in Kubernetes. A Pod encapsulates multiple application containers (or only one container), storage resources, an independent network IP, and policy options that control the way containers run. |
| Workload | Components that constitute an application on the platform, and are collectively named programs that can be combined to provide services or run independently, created based on images. |
| Replication Controller | An RC ensures that a specified number of Pod replicas are running in a Kubernetes cluster at all times. By monitoring running Pods, the RC ensures that a specified number of Pod replicas are running in the cluster. The specified number can be multiple or 1. If it is less than the specified number, the RC will start running new Pod replicas. If it is more than the specified number, the RC will terminate the excess Pod replicas. |
| ReplicaSet | ReplicaSet (RS) is an upgraded version of RC, the only difference is the support for selectors. RS supports more types of matching patterns. ReplicaSet objects are generally not used independently, but are used as ideal state parameters for Deployments. |
| Deployment | Deployment provides declarative updates for ReplicaSets (replication controllers) and Pods (container groups). By describing the desired state for Replicas (number of Pods) and Containers (containers), the Deployment controller changes the actual state of Pods and ReplicaSets to the desired state. |
| Configmap | Kubernetes ConfigMap uses key-value pairs to store configuration data, which can store single attributes or configuration files. Configuration management for containerized applications is achieved using configurations, separating configurations from image contents and maintaining the portability of containerized applications. |
| Secret | Kubernetes Secret is used to store sensitive information or configuration in a Kubernetes cluster, such as user passwords, OAuth tokens, SSH private keys, authentication information for accessing image repositories, etc. It is recommended to use Secret to store confidential dictionaries in priority. |
| Service | Kubernetes Service defines a logical collection of Pods and supports setting access policies for computing components within the cluster. It is equivalent to an internal service in the cluster and provides a unified access entry for other computing components or visitors located within the cluster, achieving the function of internal discovery of computing components. |
| CustomResourceDefinition | In the Kubernetes API, a resource is an endpoint used to store a collection of API objects of a certain type. A CRD object defines a new, unique object kind in the cluster and allows the Kubernetes API server to handle the entire lifecycle of the object. Kubernetes supports users to customize Kubernetes extended resources through the CustomResourceDefinition API and ensures that new resources can be registered and used quickly. |
| Domain | Administrators can use the domain name management function to centrally manage enterprise network domain name resources used for this platform, and allocate and manage domain name resources between projects by binding domain names to projects. |
| Role | A role is a collection of operation permissions. The operation permissions for resources on the platform include create, view, update, and delete. The platform classifies and combines the operation permissions for different resources through roles. A role can have one or more operation permissions for one or more types of resources. By assigning specific roles to users, users can quickly open or restrict operation permissions for specified resources. |
| Event | The platform integrates with Kubernetes events, recording important status changes of Kubernetes resources and various runtime status change events. It can analyze the specific reasons for abnormal situations in specific resources such as clusters, applications, tasks, etc. through events. |
| Audit | The platform integrates with Kubernetes audit, providing security-related time-sequenced operation records, including time, source, operation result, user initiating the operation, resources operated, and detailed information of the request/response, etc. Through audit, platform auditors can clearly understand the changes in the Kubernetes cluster. |
| Log | The platform integrates with Kubernetes logs, which can quickly collect container logs in the Kubernetes cluster, including the standard output of containers and text files inside containers. At the same time, it supports collecting logs of Kubelet, Docker, and Kubernetes containerized components. |
| Token | A token issued by the system to a user, carrying information such as the user's identity and permissions. When a user calls an API, the token is added to the request message header, and the permission to call the API operation resource can be obtained through identity authentication. |
| Microservice | Microservices are an architecture and organization method for developing software, consisting of small, independent services. Services on the platform refer to internal routing and its associated computing components. |
| Microservice | Microservices are a software architecture and organizational approach that consists of small, independent services. Services on the platform refer to internal routing and associated computing components. |
| Service Mesh | Service mesh refers to a configurable infrastructure layer for microservices applications. It makes communication between each service instance more fluid, reliable, and rapid. Service mesh provides a range of functions such as service discovery, load balancing, encryption, identity authentication, authorization, support for Circuit Breaker Pattern, and other features. |
| External Service | External service is a relative concept, and for services within the service mesh, all services outside the service mesh are external services. |
| Microservice Gateway | As the entry and exit of microservices architecture, a service gateway (Istio gateway) can provide routing forwarding, API management, permission verification filtering, and other capabilities for microservice governance platforms. The service gateway includes an ingress gateway and an egress gateway. |
| Ingress Gateway | Ingress gateway is one of the important resource objects in Istio, which defines the entry point for all inbound traffic passing through the service mesh. It is used to govern inbound traffic at the edge of the mesh and to route it. |
| Egress Gateway | Egress gateway is one of the important resource objects in Istio, which defines the exit point of the outflow traffic of the service mesh. External services registered in the mesh can be bound to the egress gateway, making the access traffic to the outside sent out from the egress gateway. |
| Tracing | A trace is the chain process of a single request call, and TraceID is the unique identification of this request call. When the call relationship is complicated, multiple call chains have the same TraceID. |
| Sidecar | The sidecar pattern is a design pattern for distributed architectures that separates control and logic by splitting application functions into separate processes. In a microservices system, the service functions integrated in the application are removed to the sidecar, which can be deployed as an independent process in the application, providing service discovery, registration, service call, application authentication, rate limiting, and other functions. |
| Service Topology | Service topology refers to the visualized topology diagram of service call relationships on the platform. By viewing the service topology, you can understand the service calls and their performance on the platform within a specified time range. |
| API Group | API grouping is a dimension for managing services and service APIs in the service gateway management project. It aggregates a group of access resources with common scenarios and uniformly manages and monitors them. |
| Envoy | Envoy is an L7 proxy and communication bus designed for large modern SOA (Service-Oriented Architecture) architecture. It is one of the core components of Istio and runs with services in a sidecar manner to intercept and forward traffic for services. It provides capabilities such as traffic routing and traffic control. Learn more |
| EnvoyFilter | EnvoyFilter provides a mechanism to customize Envoy configuration generated by Istio Pilot. EnvoyFilter can modify the values of specific fields, add special filters, or add entirely new listeners, clusters, and so on. This feature should be used with caution as incorrect configuration may break the entire service mesh. EnvoyFilter resources on the platform are project resources and can be shared among services in multiple service meshes and namespaces within the project. |