k8s术语汇编(来自kubernetes官网)

官方来源英文地址: https://kubernetes.io/docs/reference/glossary/?fundamental=true

官方k8s术语汇编中文地址: https://kubernetes.io/zh/docs/reference/glossary

kubenetes 集群工作模型

本翻译是aozhejin翻译的原创性，如果转载请跟本人沟通,
此博文，你会发现有诸多好处.

1.中英文结合之后，对中文的资料和英文的资料会进行一些比较，这样能快速的纠正一些错误的理解．
2.在查看一些k8s环境的输出内容，规则可以对照着看,容易对应去理解．
3.特别对于代码层面的理解有好处，因为有的term(术语)直接就对应的代码中的文件夹(对二次开发有好处),k8s注解也非常的丰富，但是很多术语也是夹杂在英文里面．
4.涉及的内容在k8s的各个层面，包括网络，设计，对象，架构，安全，交互，工具，资源等等．
5.对官方和非官方的有关k8s github项目阐述的信息可结合着看英文的term，也比较好结合着代码对应去理解.
6.翻看代码以及运维环境的输出结果非常有帮助.
7.其他人也可以尝试翻译，这样对一个概念,不同人有不同的理解和解释.
注：如果英文能力比较差，这个就比较麻烦，因为很多概念也是要有一个的实验和实践的基础.

另外，网上翻译的也是五花八门，而且也不完整，同时也容易误导，这里您认为我翻译的不对，你可以直接按照你的理解再去纠正．毕竟是中英文对照的

当然有些部分也加入了很多运维结果输出也方便理解的.

Glossary(term术语汇编)

本词汇表旨在成为Kubernetes术语的全面、标准化列表。它包括Kubernetes特有的技术术语，以及提供有用上下文的更一般的术语。

1、Add-ons(插件)

Resources that extend the functionality of Kubernetes.

扩展 Kubernetes功能的资源。

Installing addons explains more about using add-ons with your cluster, and lists some popular add-ons.

Installing addons(安装插件)详细介绍了如何在集群中使用插件，并列出了一些流行的插件。

安装插件(第三方)请参看: https://kubernetes.io/docs/concepts/cluster-administration/addons/

插件列表查看本地源码：

E:\k8s源码\kubernetes-1.10.13\kubernetes-1.10.13\cluster\addons 会发现都是yaml部署文件或者是dockerfile
他们的镜像都需要单独下载，因为有的需要越狱下载。

2、Admission Controller(准入控制器,是非常重要的APIserver扩展的方式)

A piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object.

在对象持久化之前拦截对Kubernetes API服务器的请求的一段代码。

Admission controllers are configurable for the Kubernetes API server and may be "validating", "mutating", or both.

Admission controllers(准入控制器)可为Kubernetes API server配置，可以是“validating”、“mutating”或两者兼而有之。

Any admission controller may reject the request.

任何 admission controller 都可以拒绝该请求。

Mutating controllers may modify the objects they admit; validating controllers may not.

Mutating controllers 可能会修改它们允许的对象；validating controllers可能不会。

Admission controllers in the Kubernetes documentation
代码部分

kubernetes /plugin/pkg/admission/alwayspullimages/admission.go

3、Affinity(亲和力)

In Kubernetes, affinity is a set of rules that give hints to the scheduler about where to place pods.

在Kubernetes中，affinity是一组规则，为scheduler(调度器)提供place pod的提示。

There are two kinds of affinity: 有两种亲和力：

node affinity (node 亲和力)
pod-to-pod affinity (pod之间的亲和力)

The rules are defined using the Kubernetes labels, and selectors specified in pods, and they can be either required or preferred, depending on how strictly you want the scheduler to enforce them.

这些规则是使用Kubernetes标签和pods中指定的选择器定义的，它们可以是必需的，也可以是首选的，具体取决于您希望 scheduler 执行它们的严格程度。

4、 Aggregation Layer

The aggregation layer lets you install additional Kubernetes-style APIs in your cluster.
聚合层允许您在集群中安装其他k8s风格的API。
When you've configured the Kubernetes API Server to support additional APIs, you can add APIService objects to "claim" a URL path in the Kubernetes API.

当你将Kubernetes API Server配置为支持其他API(support additional APIs)后，可以添加 APIService 对象以“声明” 在Kubernetes API中的URL路径。

5、Annotation(注解)

A key-value pair that is used to attach arbitrary non-identifying metadata to objects.

用于将任意非标识元数据附加到对象的( key-value)键值对。

The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels. Clients such as tools and libraries can retrieve this metadata.

注解中的metadata(元数据)可以是小的或大的，也可以是结构化的或非结构化的，并且可以包含标签不允许的字符。工具和库等客户端可以检索此metadata(元数据)。

6、 API Group

A set of related paths in Kubernetes API.

一组Kubernetes API中的相关路径。

You can enable or disable each API group by changing the configuration of your API server(kube-apiserver). You can also disable or enable paths to specific resources.

您可以通过更改API server(kube-apiserver)的配置来启用或禁用每个API组。您还可以禁用或启用特定资源的路径。

API group makes it easier to extend the Kubernetes API. The API group is specified in a REST path and in the apiVersion field of a serialized object.

API组使扩展Kubernetes API变得更容易。API组在REST路径和序列化对象的apiVersion字段中指定。

Read API Group for more information.
运维命令: kubectl api-versions //可以查看相关的api组的组名和版本信息.

1.详细参考一
https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups-and-versioning

There are several API groups in Kubernetes: Kubernetes中有几个API组：

The core (also called legacy) group is found at REST path /api/v1. The core group is not specified as part of the apiVersion field, for example, apiVersion: v1.
核心（也称为遗留）组位于REST path/api/v1。核心组未指定为apiVersion字段的一部分，例如apiVersion:v1。
The named groups are at REST path /apis/$GROUP_NAME/$VERSION and use apiVersion:
命名组位于静态路径/API/$GROUP_NAME/$VERSION和use APIVSION：
$GROUP_NAME/$VERSION (for example, apiVersion: batch/v1). You can find the full list of supported API groups in Kubernetes API reference
$GROUP_NAME/$VERSION（例如，apiVersion:batch/v1）。您可以在Kubernetes API参考中找到受支持的API组的完整列表

2.详细参考二
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#-strong-api-groups-strong-
The API Groups and their versions are summarized in the following table.

这个表在实际环境中可以通过 kubectl api-versions命令来查看当前的开放的组和版本号

Group	Version
`admissionregistration.k8s.io`	`v1`
`apiextensions.k8s.io`	`v1`
`apiregistration.k8s.io`	`v1`
`apps`	`v1`
`authentication.k8s.io`	`v1`
`authorization.k8s.io`	`v1`
`autoscaling`	`v2, v1, v2beta2, v2beta1`
`batch`	`v1, v1beta1`
`certificates.k8s.io`	`v1`
`coordination.k8s.io`	`v1`
`core`	`v1`
`discovery.k8s.io`	`v1, v1beta1`
`events.k8s.io`	`v1, v1beta1`
`flowcontrol.apiserver.k8s.io`	`v1beta2, v1beta1`
`internal.apiserver.k8s.io`	`v1alpha1`
`networking.k8s.io`	`v1`
`node.k8s.io`	`v1, v1beta1`
`policy`	`v1, v1beta1`
`rbac.authorization.k8s.io`	`v1`
`scheduling.k8s.io`	`v1`
`storage.k8s.io`	`v1, v1beta1`

API server(kube-apiserver即二进制程序)

Also known as: kube-apiserver 也称为：kube-apiserver

The API server is a component of the Kubernetes control plane that exposes the Kubernetes API. The API server is the front end for the Kubernetes control plane.

API server是公开Kubernetes API的Kubernetes control plane(控制平面)的一个组件。API server是Kubernetes control plane的前端。

The main implementation of a Kubernetes API server is kube-apiserver.
Kubernetes API服务器的主要实现是kube-apiserver.。

kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances.
kube-apiserver设计为水平扩展，也就是说，它通过部署更多实例来扩展。

You can run several instances of kube-apiserver and balance traffic between those instances.
你可以运行几个kube-apiserver,从而平衡服务器实例之间运行的流量。

//k8s API Server提供了k8s各类资源对象（pod,RC,Service等）的增删改查及watch等HTTP Rest接口，是整个系统的数据总线和数据中心

这里更详细的参考:

https://kubernetes.io/docs/reference/generated/kube-apiserver/ (包括各种的启动参数设置)

The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others. The API Server services REST operations and provides the frontend to the cluster's shared state through which all other components interact.

Kubernetes API server验证和配置API对象的数据，包括POD、服务、ReplicationController等。API server为REST操作提供服务，并为集群的共享状态提供前端，所有其他组件通过该状态进行交互。

kube-apiserver [flags]   
//解释下kube-apiserver这个就是一个二进制程序,有非常多的可选的参数
//例如:kube-apiserver --advertise-address string
//我下载的v1.13.1 server包内有kube-apiserver
E:\k8s源码\v1.13.1\server\kubernetes-server-linux-amd64\kubernetes\server\bin\kube-apiserver

API-initiated eviction(驱逐)

API-initiated eviction is the process by which you use the Eviction API to create an Eviction object that triggers graceful pod termination.

API-initiated eviction 是使用逐出API创建触发终止的驱逐对象的过程。

You can request eviction either by directly calling the Eviction API using a client of the kube-apiserver, like the kubectl drain command.

您可以通过使用kube-apiserver的客户端直接调用Eviction API(驱逐API) 来请求逐出，比如kubectl drain命令

When an Eviction object is created, the API server terminates the Pod.

创建 Eviction 对象时，API服务器终止Pod。

API-initiated evictions respect your configured PodDisruptionBudgets and terminationGracePeriodSeconds.

API发起的逐出，遵守您配置　的PodDisruptionBudgets和TerminationGracePeriods。

API-initiated eviction is not the same as node-pressure eviction.

API-initiated发起的驱逐与node-pressure eviction 驱逐不同。

See API-initiated eviction for more information.　参看API-initiated eviction

参考:
https://kubernetes.io/docs/concepts/scheduling-eviction/api-eviction/

App Container

Application containers (or app containers) are the containers in a pod that are started after any init containers have completed.
在pod里面的应用程序容器（或称为app containers）启动在任何 init containers 完成之后开始

简单说就是init containers先于所有容器都启动，业务容器后启动.

An init containers lets you separate initialization details that are important for the overall workload, and that don't need to keep running once the application container has started.
init容器允许您分离对整个 workload 很重要的初始化细节，并且在应用程序容器启动后不需要继续运行

If a pod doesn't have any init containers configured, all the containers in that pod are app containers .init 。

如果一个pod没有配置任何init容器，那么该pod中的所有容器都是应用容器

Application Architect(应用程序设计师)

A person responsible for the high-level design of an application.
负责应用程序高级设计的人员。
An architect ensures that an app's implementation allows it to interact with its surrounding components in a scalable, maintainable way.

架构师确保应用程序的实现允许它以可伸缩、可维护的方式与其周围的组件进行交互。

Surrounding components include databases, logging infrastructure, and other microservices.

周围的components 包括数据库、日志基础设施和其他微服务。

Application Developer(应用程序开发人员)

A person who writes an application that runs in a Kubernetes cluster.
编写在Kubernetes cluster中运行的应用程序的人。

An application developer focuses on one part of an application. The scale of their focus may vary significantly in size.

应用程序开发人员关注应用程序的一部分。他们关注的范围在大小上可能会有很大差异。

Applications

The layer where various containerized applications run.
运行各种容器化应用程序的层

Approver(审批者)

A person who can review and approve Kubernetes code contributions.
可以审查和批准Kubernetes代码贡献的人员。
While code review is focused on code quality and correctness, approval is focused on the holistic acceptance of a contribution.

虽然代码审查的重点是代码质量和正确性，但批准的重点是对贡献的整体接受。

Holistic acceptance includes backwards/forwards compatibility, adhering to API and flag conventions, subtle performance and correctness issues, interactions with other parts of the system, and others.

整体接受包括向后/向前兼容性、遵守API和标志约定、微妙的性能和正确性问题、与系统其他部分的交互等。

Approver status is scoped to a part of the codebase. Approvers were previously referred to as maintainers.

审批人状态的范围是代码库的一部分。批准者以前被称为维护者。

cAdvisor(cadvisor是一个谷歌开发的容器监控工具,它被内嵌到k8s中作为k8s的监控组件)

cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers.

cAdvisor（容器监控）让(使用)容器的用户了解其运行容器的资源使用情况和性能特征。

It is a running daemon that collects, aggregates, processes, and exports information about running containers.

它是一个正在运行的daemon (守护进程)，用于收集、聚合、处理和导出有关正在运行的容器的信息。

Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.

具体来说，对于每个容器，它都会保存资源隔离参数、历史资源使用情况、完整历史资源使用情况的直方图和网络统计信息。这些数据通过容器和机器范围导出。

详细查看官方:github地址:

https://github.com/google/cadvisor

cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.
cAdvisor让容器用户了解其运行容器的资源使用情况和性能特征。它是一个正在运行的守护进程，用于收集、聚合、处理和导出有关正在运行的容器的信息。具体来说，对于每个容器，它都会保存资源隔离参数、历史资源使用情况、完整历史资源使用情况的直方图和网络统计信息。这些数据通过容器和机器范围导出。

cAdvisor has native support for Docker containers and should support just about any other container type out of the box. We strive for support across the board so feel free to open an issue if that is not the case. cAdvisor's container abstraction is based on lmctfy's so containers are inherently nested hierarchically.

cAdvisor本机支持Docker容器，并且应该支持几乎任何其他现成的容器类型。我们努力争取全方位的支持，如果不是这样的话，请随时提出问题。cAdvisor的容器抽象基于lmctfy，因此容器本质上是分层嵌套的。

Certificate(证书)

A cryptographically secure file used to validate access to the Kubernetes cluster.
用于验证对Kubernetes cluster的访问的加密安全文件。
Certificates enable applications within a Kubernetes cluster to access the Kubernetes API securely. Certificates validate that clients are allowed to access the API.
证书使Kubernetes群集中的应用程序能够安全地访问Kubernetes API。证书验证是否允许客户端访问API。

cgroup (control group)

A group of Linux processes with optional resource isolation( 隔离), accounting and limits.
一组具有可选资源隔离、资源统计和(资源)限制的Linux进程
cgroup is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.

cgroup是一个Linux内核功能，它限制、解释并隔离一组进程的资源的使用（CPU、内存、磁盘I/O、网络）。

CIDR(无类域间路由)

CIDR (Classless Inter-Domain Routing) is a notation for describing blocks of IP addresses and is used heavily in various networking configurations.
CIDR（无类域间路由）是一种描述IP地址块的符号，在各种网络配置中大量被使用
In the context of Kubernetes, each Node is assigned a range of IP addresses through the start address and a subnet mask using CIDR.

在Kubernetes的上下文中，每个节点通过起始地址和使用CIDR的子网掩码分配一系列IP地址。

This allows Nodes to assign each Pod a unique IP address. Although originally a concept for IPv4, CIDR has also been expanded to include IPv6.

在Kubernetes的上下文中，每个节点通过起始地址和使用CIDR的子网掩码分配一系列IP地址。这允许节点为每个Pod分配一个唯一的IP地址。虽然CIDR最初是IPv4的一个概念，但它也扩展到了IPv6。

参考

https://kubernetes.io/docs/concepts/architecture/nodes/

CLA (Contributor License Agreement)

Terms under which a contributor grants a license to an open source project for their contributions.

贡献者为其贡献向开源项目授予许可证的条款。

CLAs help resolve legal disputes involving contributed material and intellectual property (IP).

CLAs帮助解决涉及捐赠材料和知识产权（IP）的法律纠纷。

Cloud Controller Manager(云控制管理组件)

A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster.

Kubernetes控制平面组件，嵌入特定于云的控制逻辑。cloud controller manager允许您将集群链接到云提供商的API，并将与该云平台交互的组件与仅与集群交互的组件区分开来。

//云平台与k8s交互的组件单独出来(区别于kubectl于集群的交互)

//这里k8s把 control plane 当做component

By decoupling the interoperability logic between Kubernetes and the underlying cloud infrastructure, the cloud-controller-manager component enables cloud providers to release features at a different pace compared to the main Kubernetes project.

通过分离Kubernetes和底层云基础设施之间的互操作性逻辑，cloud controller manager component 使云提供商(比如微软，亚马逊等云商)能够以与主要Kubernetes项目不同的速度发布功能。

Cloud Native Computing Foundation (CNCF基金会)

The Cloud Native Computing Foundation (CNCF) builds sustainable ecosystems and fosters a community around projects that orchestrate containers as part of a microservices architecture.

云原生计算基金会（CNCF）构建可持续的生态系统，并围绕将容器作为微服务体系结构的一部分进行协调的项目建立社区。

Kubernetes is a CNCF project. Kubernetes是CNCF的一个项目。

The CNCF is a sub-foundation of the Linux Foundation. Its mission is to make cloud native computing ubiquitous.

CNCF是Linux基金会的一个子基金会。它的使命是让云计算无处不在。

Cloud Provider(云服务提供商)

Also known as:Cloud Service Provider 也称为：云服务提供商

A business or other organization that offers a cloud computing platform. 提供云计算平台的企业或其他组织。

Cloud providers, sometimes called Cloud Service Providers (CSPs), offer cloud computing platforms or services.

云提供商，有时被称为云服务提供商（CSP），提供云计算平台或服务。

Many cloud providers offer managed infrastructure (also called Infrastructure as a Service or IaaS). With managed infrastructure the cloud provider is responsible for servers, storage, and networking while you manage layers on top of that such as running a Kubernetes cluster.

许多云提供商提供托管基础设施（也称基础设施即服务或IaaS）。通过托管基础设施，云提供商负责服务器、存储和网络，而您则负责管理基础设施之上的层，例如运行Kubernetes群集。

You can also find Kubernetes as a managed service; sometimes called Platform as a Service, or PaaS. With managed Kubernetes, your cloud provider is responsible for the Kubernetes control plane as well as the nodes and the infrastructure they rely on: networking, storage, and possibly other elements such as load balancers.

你也可以找到Kubernetes作为一种托管服务；有时被称为平台即服务，或PaaS。使用托管Kubernetes，您的云提供商负责Kubernetes控制平面以及它们所依赖的节点和基础设施：网络、存储，可能还有负载平衡器等其他元素。

Cluster

A set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.

一组工作机器，称为nodes，运行容器化应用程序。每个集群至少有一个工作节点

The worker node(s) host the Pods that are the components of the application workload.

工作节点(node)承载作为应用程序workload组件的Pods 。

The control plane manages the worker nodes and the Pods in the cluster. In production environments, the control plane usually runs across multiple computers and a cluster usually runs multiple nodes, providing fault-tolerance and high availability.

control plane管理集群中的工作节点和POD。在生产环境中，控制平面通常跨多台计算机运行，集群通常运行多个节点，从而提供容错性和高可用性。

Cluster Architect(集群架构师)

A person who designs infrastructure that involves one or more Kubernetes clusters.
设计涉及一个或多个Kubernetes集群的基础架构的人员。

Cluster architects are concerned with best practices for distributed systems, for example: high availability and security.

集群架构师们关注分布式系统的最佳实践，例如：高可用性和安全性。

Cluster Infrastructure(集群基础设施)

The infrastructure layer provides and maintains VMs, networking, security groups and others.

基础设施层提供并维护虚拟机、网络、安全组等。

Cluster Operations(集群操作概念)

The work involved in managing a Kubernetes cluster: managing day-to-day operations, and co-ordinating upgrades.
管理Kubernetes集群所涉及的工作：管理日常运营和协调升级。
Examples of cluster operations work include: deploying new Nodes to scale the cluster; performing software upgrades; implementing security controls; adding or removing storage; configuring cluster networking; managing cluster-wide observability; and responding to events.

集群操作工作的例子包括：部署新节点以扩展集群；执行软件升级；实施安全控制；添加或删除存储；配置集群网络；管理集群范围的可观测性；以及对事件的反应。

//集群操作具体做哪些内容.

Cluster Operator(集群操作人员)

A person who configures, controls, and monitors clusters.

配置、控制和监视集群的人员。

Their primary responsibility is keeping a cluster up and running, which may involve periodic maintenance activities or upgrades.

他们的主要职责是保持集群正常运行，这可能涉及定期维护活动或升级。

Note: Cluster operators are different from the Operator pattern that extends the Kubernetes API.

注意：集群操作符不同于扩展Kubernetes API的操作符模式。

Code Contributor(代码贡献)

A person who develops and contributes code to the Kubernetes open source codebase.

为开发Kubernetes开源代码库贡献代码的人。

They are also an active community member who participates in one or more Special Interest Groups (SIGs).

他们也是积极的community member，参与一个或多个Special Interest Groups (SIGs)。

//kubenetes sig兴趣工作小组.

ConfigMap

An API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

用于以键值对存储非机密性数据的API对象。POD可以将ConfigMaps用作环境变量、命令行参数或volume中的配置文件。

A ConfigMap allows you to decouple environment-specific configuration from your container images, so that your applications are easily portable.

ConfigMap允许您将特定于环境的配置与container images(容器映像)分离，以便您的应用程序易于移植。

Container(容器)

A lightweight and portable executable image that contains software and all of its dependencies.
Container定义为一个轻量级、可移植的可执行映像，包含软件及其所有依赖项。
Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.

容器将应用程序与底层主机基础设施分离，以便在不同的云或操作系统环境中更容易部署，并更容易扩展。

Container Environment Variables(容器环境变量)

Container environment variables are name=value pairs that provide useful information into containers running in a pod
容器环境变量是名称=值对，它们为pod中运行的容器提供有用的信息
Container environment variables provide information that is required by the running containerized applications along with information about important resources to the containers. For example, file system details, information about the container itself, and other cluster resources such as service endpoints.

容器环境变量提供正在运行的容器化应用程序所需的信息，以及有关容器的重要资源的信息。例如，文件系统详细信息、关于containers本身的信息以及其他集群资源，如服务端点。

Container Lifecycle Hooks(钩子)

The lifecycle hooks expose events in the Container management lifecycle and let the user run code when the events occur.

生命周期 hooks 公开Container 管理生命周期中的事件，并允许用户在事件发生时运行代码。//hooks类似监控回调

Two hooks are exposed to Containers: 两个hook与容器接触

1.PostStart which executes immediately after a container is created

创建容器后立即执行的 PostStart

2.PreStop which is blocking and is called immediately before a container is terminated.

PreStop，它是阻塞的，在容器终止之前立即调用。

Two hooks are exposed to Containers:
1.PostStart which executes immediately after a container is created
2.PreStop which is blocking and is called immediately before a container is terminated.

Container network interface (CNI)

Container network interface (CNI) plugins are a type of Network plugin that adheres to the appc/CNI specification.

容器网络接口（CNI）插件是一种遵循appc/CNI规范的网络插件(coreos公司出品的,像calico,flannel都是cni插件)

For information on Kubernetes and CNI refer to this.
有关Kubernetes和CNI的信息，请参阅此。
For information on Kubernetes and CNI, see "Network plugins".
有关Kubernetes和CNI的信息，请参阅“网络插件”。
//docker用的是自己的cnm网络模型

Container Runtime

The container runtime is the software that is responsible for running containers.
容器运行时是负责运行容器的软件(例如:docker,rkt,containerd,cri-o等,这些实际都是容器运行时的一种)。
//目前k8s已把默认的容器运行时从docker改为了containerd
Kubernetes supports container runtimes such as containerd, CRI-O, and any other implementation of the Kubernetes CRI (Container Runtime Interface).

Kubernetes支持容器运行时，如containerd、CRI-O，以及Kubernetes CRI (Container Runtime Interface)（容器运行时接口）的任何其他实现。

Container runtime interface (CRI)

The container runtime interface (CRI) is an API for container runtimes to integrate with kubelet on a node.

容器运行时接口(cri)是容器运行时与节点上的kubelet集成的API

For more information, see the CRI API and specifications.

有关更多信息，请参阅CRI API和规范。

//cri负责与容器运行时交互

//以docker为例: kubelet-->grpc-->cri--->docker引擎(引擎是包括很多组件docker cli,dockerd等 )

Container Storage Interface (CSI标准)

The Container Storage Interface (CSI) defines a standard interface to expose storage systems to containers.

容器存储接口（CSI）定义了一个标准接口，用于将存储系统暴露给容器。

CSI allows vendors to create custom storage plugins for Kubernetes without adding them to the Kubernetes repository (out-of-tree plugins).

CSI允许供应商为Kubernetes创建自定义存储插件，而无需将其添加到Kubernetes存储库（树外插件）。

To use a CSI driver from a storage provider, you must first deploy it to your cluster. You will then be able to create a Storage Class that uses that CSI driver.

要使用存储提供商提供的CSI驱动程序，必须首先将其部署到集群。然后，您将能够创建一个使用该CSI驱动程序的存储类。

containerd(一种容器运行时，类似docker)

A container runtime with an emphasis on simplicity, robustness and portability

强调简单性、健壮性和可移植性的容器运行时

containerd is a container runtime that runs as a daemon on Linux or Windows. containerd takes care of fetching and storing container images, executing containers, providing network access, and more.

containerd是在Linux或Windows上作为守护进程运行的container 。containerd负责获取和存储容器图像、执行容器、提供网络访问等等。

Contributor(贡献开源代码的人)

Someone who donates code, documentation, or their time to help the Kubernetes project or community.

捐出代码、文档或时间来帮助Kubernetes项目或社区的人。

Contributions include pull requests (PRs), issues, feedback, special interest groups (SIG) participation, or organizing community events.

贡献包括拉请求（PRs）、问题、反馈、特殊利益团体（SIG）参与或组织社区活动。

Control Plane(控制平面)

The container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers.

容器编排层，公开用于定义、部署和管理容器生命周期的API和接口。

This layer is composed by many different components, such as (but not restricted to):

该层由许多不同的组件组成，例如（但不限于）：

These components can be run as traditional operating system services (daemons) or as containers. The hosts running these components were historically called masters.

这些组件可以作为传统的操作系统服务（守护进程）或容器运行。运行这些组件的主机在历史上被称为masters。

控制平台组件具体还包括内容请参看: https://kubernetes.io/docs/concepts/overview/components/

Controller

In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.
在Kubernetes中，controllers是监视cluster状态的控制循环，然后在需要时进行更改或请求更改。每个controller都会尝试将当前群集状态移近所需状态。
Controllers watch the shared state of your cluster through the apiserver (part of the Control Plane).

Controllers 通过apiserver （控制平面的一部分）监视集群的共享状态。

Some controllers also run inside the control plane, providing control loops that are core to Kubernetes' operations. For example:
一些controllers也在控制平面内运行，提供库伯内特斯操作的核心控制回路。例如
the deployment controller, the daemonset controller, the namespace controller, and the persistent volume controller (and others) all run within the kube-controller-manager.
部署controller、守护程序controller、命名空间controller和持久卷controller（以及其他）都在 kube-controller-manager 中运行。

1.Kubernetes Components介绍参考

https://kubernetes.io/docs/concepts/overview/components/#kube-apiserver

2. kube-controller-manager 介绍参考:

https://kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-controller-manager/ 中文地址
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/ 英文地址

CRI-O

A tool that lets you use OCI container runtimes with Kubernetes CRI.

这是一个工具，可以将OCI容器运行时与Kubernetes CRI一起使用。

CRI-O is an implementation of the Container runtime interface (CRI) to enable using container runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.

CRI-O是Container runtime interface (CRI) 的一个实现，支持使用 container 兼容与开放容器标准（OCI） runtime spec　。

Deploying CRI-O allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods, and to fetch OCI container images from remote registries.

CronJob

Manages a Job that runs on a periodic schedule.
管理按定期计划运行的Job
Similar to a line in a crontab file, a CronJob object specifies a schedule using the cron format.
与crontab文件中的一行类似，CronJob对象使用cron 格式指定计划

CustomResourceDefinition

Custom code that defines a resource to add to your Kubernetes API server without building a complete custom server.
自定义代码，用于定义要添加到Kubernetes API服务器的资源，而无需构建完整的自定义服务器。
Custom Resource Definitions let you extend the Kubernetes API for your environment if the publicly supported API resources can't meet your needs.

如果公共支持的API资源不能满足您的需求，自定义资源定义允许您为您的环境扩展Kubernetes API。

DaemonSet

Ensures a copy of a Pod is running across a set of nodes in a cluster.
确保Pod的副本在cluster中的一组节点上运行
Used to deploy system daemons such as log collectors and monitoring agents that typically must run on every Node.

Data Plane

The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network. [-]

The layer that provides capacity such as CPU, memory, network, and storage so that the containers can run and connect to a network.

Deployment

An API object that manages a replicated application, typically by running Pods with no local state.

Each replica is represented by a Pod, and the Pods are distributed among the nodes of a cluster. For workloads that do require local state, consider using a StatefulSet.

Developer (disambiguation)

May refer to: Application Developer, Code Contributor, or Platform Developer.

This overloaded term may have different meanings depending on the context

Device Plugin

Device plugins run on worker Nodes and provide Pods with access to resources, such as local hardware, that require vendor-specific initialization or setup steps.

设备插件在工作Nodes 上运行，并为Pods 提供对资源（如本地硬件）的访问，这些资源需要特定于供应商的初始化或设置步骤。

Device plugins advertise resources to the kubelet, so that workload Pods can access hardware features that relate to the Node where that Pod is running. You can deploy a device plugin as a DaemonSet, or install the device plugin software directly on each target Node.

See Device Plugins for more information.

设备插件向kubelet公开资源，以便workload pod可以访问与该pod运行的node相关的硬件功能。您可以将设备插件部署为DaemonSet，或者直接在每个目标node上安装设备插件软件。

详细关于关于Device Plugins

请看地址 https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/

该页介绍如何实现设备插件，以及如何注册，即Device Plugins可以通过gRPC服务向kubelet注册。

Kubernetes provides a device plugin framework that you can use to advertise system hardware resources to the Kubelet.

Kubernetes提供了一个设备插件框架，可用于向Kubelet公布系统硬件资源。

Instead of customizing the code for Kubernetes itself, vendors can implement a device plugin that you deploy either manually or as a DaemonSet. The targeted devices include GPUs, high-performance NICs, FPGAs, InfiniBand adapters, and other similar computing resources that may require vendor specific initialization and setup

查看下device plugin framework
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/resource-management/device-plugin.md

Disruption

Disruptions are events that lead to one or more Pods going out of service. A disruption has consequences for workload resources, such as Deployment, that rely on the affected Pods.
[+]

Docker

Docker (specifically, Docker Engine) is a software technology providing operating-system-level virtualization also known as containers.

Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent containers to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines (VMs).

Dockershim

The dockershim is a component of Kubernetes version 1.23 and earlier. It allows the kubelet to communicate with Docker Engine.

dockershim是Kubernetes 1.23及更早版本的一个组件。它允许kubelet与Docker引擎通信

Starting with version 1.24, dockershim has been removed from Kubernetes. For more information, see Dockershim FAQ.

从1.24版开始，dockershim已从Kubernetes中删除。有关更多信息，请参阅Dockershim FAQ。

Downstream (disambiguation消除歧义)

May refer to: code in the Kubernetes ecosystem that depends upon the core Kubernetes codebase or a forked repo.

可能指的是：Kubernetes生态系统中依赖于核心Kubernetes代码库或forked repo的代码。

In the Kubernetes Community: Conversations often use downstream to mean the ecosystem, code, or third-party tools that rely on the core Kubernetes codebase. For example, a new feature in Kubernetes may be adopted by applications downstream to improve their functionality.
在Kubernetes社区中：对话通常使用“downstream ”来表示依赖于核心Kubernetes代码库的生态系统、代码或第三方工具。例如，downstream 应用程序可能会采用Kubernetes中的一个新特性来改进其功能。
In GitHub or git: The convention is to refer to a forked repo as downstream, whereas the source repo is considered upstream.
在GitHub或git中：惯例是将upstream称为下游，而downstream被视为上游
//也就是说upstream代表核心代码，downstream代表非核心代码

Dynamic Volume Provisioning

Allows users to request automatic creation of storage Volumes.
允许用户请求自动创建存储Volumes
Dynamic provisioning eliminates the need for cluster administrators to pre-provision storage. Instead, it automatically provisions storage by user request. Dynamic volume provisioning is based on an API object, StorageClass, referring to a Volume Plugin that provisions a Volume and the set of parameters to pass to the Volume Plugin.

动态资源调配消除了群集管理员预先调配存储的需要。相反，它会根据用户请求自动提供存储。动态卷资源调配基于一个API对象StorageClass，它指的是一个Volume Plugin，提供一个Volume 和一组要传递给卷插件的参数。

Endpoints

Endpoints track the IP addresses of Pods with matching selectors.

端点使用匹配的selectors跟踪Pods 的IP地址。

Endpoints can be configured manually for Services without selectors specified. The EndpointSlice resource provides a scalable and extensible alternative to Endpoints.

可以为Services 手动配置端点，而无需指定选择器。EndpointSlice 资源提供了一种可扩展的端点替代方案。

EndpointSlice

A way to group network endpoints together with Kubernetes resources.
一种将网络端点与Kubernetes资源组合在一起的方法。
A scalable and extensible way to group network endpoints together. These can be used by kube-proxy to establish network routes on each node.

一种可扩展的网络端点分组方式。 kube-proxy可以使用它们在每个node上建立网络路由。

Ephemeral Container

A Container type that you can temporarily run inside a Pod.
一种Container 类型，可以暂时在Pod内运行。

If you want to investigate a Pod that's running with problems, you can add an ephemeral container to that Pod and carry out diagnostics. Ephemeral containers have no resource or scheduling guarantees, and you should not use them to run any part of the workload itself.

如果你想调查一个有问题的Pod ，你可以在该pod中添加一个临时容器并进行诊断。临时容器没有资源或调度保证，您不应该使用它们来运行workload本身的任何部分。

etcd

Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data.

一致且高度可用的键值存储，用作Kubernetes对所有群集数据的备份存储。

If your Kubernetes cluster uses etcd as its backing store, make sure you have a back up plan for those data.

You can find in-depth information about etcd in the official documentation.

如果Kubernetes集群使用etcd作为其备份存储，请确保为这些数据制定了备份计划。

你可以在官方documentation中找到关于etcd的详细信息。

Event

Each Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system.

每个事件都是集群中某个地方事件的报告。它通常表示系统中的一些状态变化

Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given reason reflecting a consistent underlying trigger, or the continued existence of events with that reason.

事件的保留时间有限，触发器和消息可能会随着时间的推移而变化。事件消费者不应依赖于某个事件的时间安排，该事件的特定原因反映了一致的潜在触发因素，或者该事件的持续存在。

Events should be treated as informative, best-effort, supplemental data.

事件应被视为信息丰富、尽最大努力的补充数据。

In Kubernetes, auditing generates a different kind of Event record (API group audit.k8s.io).

在Kubernetes中，审计生成一种不同类型的事件记录（API group audit.k8s.io）

Eviction

Eviction is the process of terminating one or more Pods on Nodes.

驱逐是终止节点上一个或多个POD的过程。

There are two kinds of eviction: 驱逐有两种

Extensions

Extensions are software components that extend and deeply integrate with Kubernetes to support new types of hardware.

扩展是一种软件组件，可扩展并与Kubernetes深度集成，以支持新型硬件。

Many cluster administrators use a hosted or distribution instance of Kubernetes. These clusters come with extensions pre-installed. As a result, most Kubernetes users will not need to install extensions and even fewer users will need to author new ones.

许多集群管理员使用Kubernetes的托管或分发实例。这些集群预装了扩展。因此，大多数Kubernetes用户将不需要安装扩展，甚至更少的用户需要编写新的扩展。

Finalizer

Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion. Finalizers alert controllers to clean up resources the deleted object owned.

终结器是带名称空间的键，告诉Kubernetes在完全删除标记为删除的资源之前，要等待特定条件得到满足。终结器提醒控制器清理已删除对象所拥有的资源。

When you tell Kubernetes to delete an object that has finalizers specified for it, the Kubernetes API marks the object for deletion by populating .metadata.deletionTimestamp, and returns a 202 status code (HTTP "Accepted"). The target object remains in a terminating state while the control plane, or other components, take the actions defined by the finalizers. After these actions are complete, the controller removes the relevant finalizers from the target object. When the metadata.finalizers field is empty, Kubernetes considers the deletion complete and deletes the object.

当告诉Kubernetes删除指定了Finalizer的对象时，Kubernetes API会通过填充来标记要删除的对象。元数据。deletionTimestamp，并返回202状态码（HTTP“已接受”）。当控制平面或其他组件执行终结器定义的操作时，目标对象仍处于终止状态。这些操作完成后，控制器将从目标对象中删除相关的终结器。当元数据。finalizers字段为空，Kubernetes认为删除已完成并删除对象。

You can use finalizers to control garbage collection of resources. For example, you can define a finalizer to clean up related resources or infrastructure before the controller deletes the target resource.

您可以使用终结器来控制资源的garbage collection。例如，可以定义终结器，以便在控制器删除目标资源之前清理相关资源或基础结构。

FlexVolume

FlexVolume is a deprecated interface for creating out-of-tree volume plugins. The Container Storage Interface is a newer interface that addresses several problems with FlexVolume.

FlexVolume是一个不推荐使用的接口，用于创建树外卷插件。容器存储接口是一个更新的接口，它解决了FlexVolume的几个问题

FlexVolumes enable users to write their own drivers and add support for their volumes in Kubernetes. FlexVolume driver binaries and dependencies must be installed on host machines. This requires root access. The Storage SIG suggests implementing a CSI driver if possible since it addresses the limitations with FlexVolumes.

FlexVolumes允许用户编写自己的驱动程序，并在Kubernetes中添加对卷的支持。FlexVolume驱动程序二进制文件和依赖项必须安装在主机上。这需要根访问权限。存储SIG建议尽可能实现CSI驱动程序，因为它解决了FlexVolumes的限制。

Garbage Collection

Garbage collection is a collective term for the various mechanisms Kubernetes uses to clean up cluster resources.

垃圾收集是Kubernetes用来清理集群资源的各种机制的统称。

Kubernetes uses garbage collection to clean up resources like unused containers and images, failed Pods, objects owned by the targeted resource, completed Jobs, and resources that have expired or failed.

Kubernetes使用垃圾收集来清理资源，如未使用的容器和图像、失败的pod、目标资源拥有的对象、已完成的作业以及已过期或失败的资源。

Helm Chart

A package of pre-configured Kubernetes resources that can be managed with the Helm tool.

一组预先配置的Kubernetes资源，可以使用Helm工具进行管理。

Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.

图表提供了一种创建和共享Kubernetes应用程序的可复制方式。单个图表可以用来部署简单的东西，比如memcached Pod，或者复杂的东西，比如一个包含HTTP服务器、数据库、缓存等的完整web应用程序堆栈。

Horizontal Pod Autoscaler

Also known as:HPA (也称为HPA)

An API resource that automatically scales the number of Pod replicas based on targeted CPU utilization or custom metric targets
一种API资源，可根据目标CPU利用率或自定义指标目标自动扩展Pod副本的数量
HPA is typically used with ReplicationControllers, Deployments, or ReplicaSets. It cannot be applied to objects that cannot be scaled, for example DaemonSets.
HPA通常与ReplicationController、部署或ReplicateSet一起使用。它不能应用于无法缩放的对象，例如守护程序。

HostAliases

A HostAliases is a mapping between the IP address and hostname to be injected into a Pod's hosts file.
HostAlias是IP地址和主机名之间的映射，将被注入Pod的主机文件。
HostAliases is an optional list of hostnames and IP addresses that will be injected into the Pod's hosts file if specified. This is only valid for non-hostNetwork Pods.

HostAlias是一个可选的主机名和IP地址列表，如果指定，将被注入Pod的主机文件。这仅对非主机网络 pos 有效。

Image

Stored instance of a Container that holds a set of software needed to run an application.

容器的存储实例，其中包含运行应用程序所需的一组软件。

A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.

一种打包软件的方法，允许它存储在容器注册表中，拉到本地系统，并作为应用程序运行。图像中包含元数据，可以指示要运行的可执行文件、谁构建了它以及其他信息。

Ingress

An API object that manages external access to the services in a cluster, typically HTTP.

Ingress may provide load balancing, SSL termination and name-based virtual hosting.

Init Container

One or more initialization containers that must run to completion before any app containers run.
在任何应用程序容器运行之前，必须运行到完成的一个或多个初始化 containers 。
Initialization (init) containers are like regular app containers, with one difference: init containers must run to completion before any app containers can start. Init containers run in series: each init container must run to completion before the next init container begins.

初始化（Initialization，init）容器与常规应用程序容器类似，但有一个区别：init容器必须运行到完成，才能启动任何应用程序容器。

Init容器串联运行：在下一个Init容器开始之前，每个Init容器必须运行到完成。

Istio(服务网格即service mesh技术实现)

An open platform (not Kubernetes-specific) that provides a uniform way to integrate microservices, manage traffic flow, enforce policies, and aggregate telemetry data.

一个开放的平台（不是Kubernetes特有的），它提供了一种统一的方式来集成微服务、管理交通流、执行策略和聚合遥测数据。

Adding Istio does not require changing application code. It is a layer of infrastructure between a service and the network, which when combined with service deployments, is commonly referred to as a service mesh. Istio's control plane abstracts away the underlying cluster management platform, which may be Kubernetes, Mesosphere, etc.

添加Istio不需要更改应用程序代码。它是服务和网络之间的基础设施层，当与服务部署结合使用时，通常被称为服务网格。Istio的控制平面抽象出了底层的集群管理平台，可能是Kubernetes、中间层等。

参看服务网格技术：

什么是服务网格: https://www.cnblogs.com/aozhejin/p/16270173.html

管理微服务用Istio service mesh : https://kubernetes.io/blog/2017/05/managing-microservices-with-istio-service-mesh/

介绍　: https://istio.io/latest/blog/2020/istiod/

可以看下infoq上的介绍　https://www.infoq.cn/article/microservices-post-kubernetes

代码地址：https://github.com/istio/istio

官方: https://istio.io/

Job

A finite or batch task that runs to completion.

运行到完成的有限任务或批处理任务。

Creates one or more Pod objects and ensures that a specified number of them successfully terminate. As Pods successfully complete, the Job tracks the successful completions.

创建一个或多个Pod 对象，并确保指定数量的Pod对象成功终止。Pods成功完成后，作业将跟踪成功完成的情况。

Kops

A CLI tool that helps you create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters.
一个CLI工具，可帮助您创建、销毁、升级和维护生产级、高可用的Kubernetes群集。
Note: kops has general availability support only for AWS. Support for using kops with GCE and VMware vSphere are in alpha.

注：kops仅对AWS提供通用性支持。alpha支持将KOP与GCE和VMware vSphere一起使用。

kops provisions your cluster with:

kops为您的集群提供：
- Fully automated installation 全自动安装
- DNS-based cluster identification 基于DNS的集群识别
- Self-healing: everything runs in Auto-Scaling Groups Self-healing:一切都在自动缩放组中运行
- Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
- 操作系统支持有限（首选Debian，支持Ubuntu 16.04，早期支持CentOS和RHEL）
- High availability (HA) support 高可用性（HA）支持
- The ability to directly provision, or to generate Terraform manifests 直接供应或生成地形manifests的能力
You can also build your own cluster using Kubeadm as a building block. kops builds on the kubeadm work.

您还可以使用Kubeadm作为构建块来构建自己的集群。kops建立在kubeadm工作的基础上。

kube-controller-manager

Control plane component that runs controller processes. 运行控制器进程的控制平面组件

Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process.
从逻辑上讲，每个控制器都是一个单独的进程，但为了降低复杂性，它们都被编译成一个二进制文件，并在一个进程中运行。

kube-proxy

kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.

kube proxy是在集群中的每个node 上运行的网络代理，它实现了Kubernetes服务概念的一部分。

kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.

kube-proxy 维护节点上的网络规则。这些网络规则允许通过集群内外的网络会话与POD进行网络通信。

kube-proxy uses the operating system packet filtering layer if there is one and it's available. Otherwise, kube-proxy forwards the traffic itself.

kube proxy使用操作系统包过滤层（如果有且可用）。否则，kube代理将转发流量本身。

kube-scheduler

Control plane component that watches for newly created Pods with no assigned node, and selects a node for them to run on.
控制平面组件，用于监视新创建的没有指定节点的吊舱，并为其选择要在其上运行的节点。
Factors taken into account for scheduling decisions include: individual and collective resource requirements, hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, and deadlines.
调度决策考虑的因素包括：个人和集体资源需求、硬件/软件/策略约束、关联和反关联规范、数据局部性、工作负载间干扰和截止日期。

Kubeadm

A tool for quickly installing Kubernetes and setting up a secure cluster.

用于快速安装Kubernetes和设置安全群集的工具。

You can use kubeadm to install both the control plane and the worker node components.

可以使用kubeadm安装控制平面和工作节点组件。

Kubectl

Also known as:kubectl (也被称为：kubectl)

Command line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API.
用于使用Kubernetes API与Kubernetes群集的控制平面通信的命令行工具
You can use kubectl to create, inspect, update, and delete Kubernetes objects.

你可以使用kubectl创建、检查、更新和删除Kubernetes对象。

Kubelet

An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
在群集中的每个node 上运行的代理。它确保containers 在Pod中运行。
The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn't manage containers which were not created by Kubernetes.

kubelet采用了一套通过各种机制提供的PodSpecs ，并确保这些PodSpecs 中描述的容器运行正常。

kubelet不管理非Kubernetes创建的容器。

Kubernetes API

The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.

通过RESTful接口提供Kubernetes功能并存储集群状态的应用程序。

Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like kubectl. The core Kubernetes API is flexible and can also be extended to support custom resources.

Kubernetes资源和“意图记录”都存储为API对象，并通过对API的RESTful调用进行修改。API允许以声明方式管理配置。用户可以直接与Kubernetes API交互，也可以通过kubectl等工具进行交互。核心Kubernetes API非常灵活，还可以扩展以支持自定义资源。

Label

Tags objects with identifying attributes that are meaningful and relevant to users.
标记具有标识属性的对象，这些属性对用户有意义且相关
Labels are key/value pairs that are attached to objects such as Pods. They are used to organize and to select subsets of objects.
标签是附加到对象（如吊舱）的键/值对。它们用于组织和选择对象的子集。

LimitRange

Provides constraints to limit resource consumption per Containers or Pods in a namespace.

LimitRange limits the quantity of objects that can be created by type, as well as the amount of compute resources that may be requested/consumed by individual Containers or Pods in a namespace.

LimitRange限制可以按类型创建的对象数量，以及命名空间中单个容器或吊舱可能请求/消耗的计算资源量。

Logging

Logs are the list of events that are logged by cluster or application.

Logs 是按群集或应用程序记录的事件列表。

Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity.

应用程序和系统日志可以帮助您了解集群内发生的事情。这些日志对于调试问题和监视集群活动特别有用。

Managed Service

A software offering maintained(维护) by a third-party provider.
由第三方提供商维护的软件产品。
Some examples of Managed Services are AWS EC2, Azure SQL Database, and GCP Pub/Sub, but they can be any software offering that can be used by an application. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.
托管服务的一些示例包括AWS EC2、Azure SQL数据库和GCP Pub/Sub，但它们可以是应用程序可以使用的任何软件产品。服务目录提供了列出、提供和绑定服务代理提供的托管服务的方法。

Manifest

Specification of a Kubernetes API object in JSON or YAML format.
JSON或YAML格式的Kubernetes API对象规范。
A manifest specifies the desired state of an object that Kubernetes will maintain when you apply the manifest. Each configuration file can contain multiple manifests.

manifest 指定应用清单时Kubernetes将维护的对象的所需状态。每个配置文件可以包含多个manifest 。

从代码层面来说,解析yaml文件是在

E:\k8s源码\kubernetes-1.10.13\kubernetes-1.10.13\vendor\k8s.io\apimachinery\pkg\util\yaml\包中

Master

Legacy term, used as synonym for nodes hosting the control plane.

遗留术语，用作承载控制平面的节点的同义词。

The term is still being used by some provisioning tools, such as kubeadm, and managed services, to label nodes with kubernetes.io/role and control placement of control plane pods.

一些资源调配工具（如kubeadm和托管服务）仍在使用该术语来label node的kubernetes.io/role 控制placement of control plane pods.。

Member

A continuously active contributor in the K8s community.
K8s社区中持续活跃的contributor (贡献者)。
Members can have issues and PRs assigned to them and participate in special interest groups (SIGs) through GitHub teams. Pre-submit tests are automatically run for members' PRs. A member is expected to remain an active contributor to the community.

成员可以将问题和PRs分配给他们，并通过GitHub团队参与special interest groups (SIGs)。预提交测试会自动为成员的PRs运行。一名成员将继续为社区做出积极贡献。

Minikube

A tool for running Kubernetes locally

用于在本地运行Kubernetes的工具

Minikube runs a single-node cluster inside a VM on your computer. You can use Minikube to try Kubernetes in a learning environment

Minikube在计算机上的VM内运行单节点群集。您可以使用Minikube尝试Kubernetes in a learning environment

Mirror Pod

A pod object that a kubelet uses to represent a static pod
kubelet用来表示static pod的pod对象
When the kubelet finds a static pod in its configuration, it automatically tries to create a Pod object on the Kubernetes API server for it. This means that the pod will be visible on the API server, but cannot be controlled from there.

当kubelet在其配置中发现一个静态pod时，它会自动尝试在Kubernetes API server上为其创建一个pod对象。这意味着pod将在API server上可见，但无法从那里控制。

(For example, removing a mirror pod will not stop the kubelet daemon from running it).

（例如，移除 mirror pod不会阻止kubelet daemon 运行它）。

Name

A client-provided string that refers to an object in a resource URL, such as /api/v1/pods/some-name.
客户端提供的字符串，它引用资源URL中的对象，例如/api/v1/pods/some-name。
Only one object of a given kind can have a given name at a time. However, if you delete the object, you can make a new object with the same name.

一次只能有一个给定类型的对象具有给定的名称。但是，如果删除该对象，则可以使用相同的名称创建新对象。

Namespace

An abstraction used by Kubernetes to support isolation of groups of resources within a single cluster.

Kubernetes使用的一种抽象，用于支持单个cluster内资源组的隔离。

Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).

命名空间用于组织集群中的对象，并提供一种划分集群资源的方法。资源的名称在一个名称空间内必须是唯一的，但不能跨命名空间。基于命名空间的范围界定仅适用于命名空间对象（例如Deployments、Services等），而不适用于集群范围内的对象（例如StorageClass、Nodes、PersistentVolumes等）。

Network Policy

A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.

关于如何允许多组Pods 相互通信以及与其他network endpoints通信的规范。

Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. NetworkPolicy resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider.

Be aware that creating a network resource without a controller to implement it will have no effect.

Network Policies 可以帮助您声明性地配置允许哪些Pods 相互连接、允许哪些名称空间进行通信，更具体地说，还可以配置要在哪些端口号上实施每个策略。NetworkPolicy资源使用标签选择播客，并定义规则，这些规则指定允许哪些流量进入所选pods。网络策略由网络提供商提供的受支持的网络插件实现。请注意，在没有控制器的情况下创建网络资源不会产生任何效果。

Node

A node is a worker machine in Kubernetes.

node 是Kubernetes中的工作机器。

A worker node may be a VM or physical machine, depending on the cluster. It has local daemons or services necessary to run Pods and is managed by the control plane. The daemons on a node include kubelet, kube-proxy, and a container runtime implementing the CRI such as Docker.

工作节点可以是VM或物理机器，具体取决于集群。它具有运行Pods 所需的本地守护进程或服务，并由控制平面管理。节点上的守护进程包括kubelet、kube-proxy和实现CRI 的容器运行时，如Docker。

In early Kubernetes versions, Nodes were called "Minions".

在Kubernetes 早期的版本中，节点被称为“下属”。

Node-pressure eviction

Also known as:kubelet eviction 也被称为：kubelet 驱逐

Node-pressure eviction is the process by which the kubelet proactively terminates pods to reclaim resources on nodes

Node-pressure eviction是kubelet主动终止POD以回收节点上资源的过程

The kubelet monitors resources like CPU, memory, disk space, and filesystem inodes on your cluster's nodes. When one or more of these resources reach specific consumption levels, the kubelet can proactively fail one or more pods on the node to reclaim resources and prevent starvation.

kubelet监控集群节点上的CPU、内存、磁盘空间和文件系统inode等资源。当这些资源中的一个或多个达到特定消耗水平时，kubelet可以主动使节点上的一个或多个POD失效，以回收资源并防止饥饿。

Node-pressure eviction is not the same as API-initiated eviction.

Node-pressure eviction 与API-initiated eviction 不同

Object

An entity in the Kubernetes system. The Kubernetes API uses these entities to represent the state of your cluster.

Kubernetes 体系中的一个实体。Kubernetes API使用这些实体来表示集群的状态

A Kubernetes object is typically a “record of intent”—once you create the object, the Kubernetes control plane works constantly to ensure that the item it represents actually exists. By creating an object, you're effectively telling the Kubernetes system what you want that part of your cluster's workload to look like; this is your cluster's desired state.

Kubernetes对象通常是“record of intent”——旦创建了对象，Kubernetes控制平面就会不断工作，以确保它所代表的项目实际存在。通过创建一个对象，您实际上是在告诉Kubernetes系统您希望集群的这部分worload是什么样子；这是你的集群所需的状态。

Operator pattern

The operator pattern is a system design that links a Controller to one or more custom resources.

操作员模式是将控制器链接到一个或多个自定义资源的系统设计

You can extend Kubernetes by adding controllers to your cluster, beyond the built-in controllers that come as part of Kubernetes itself.

除了Kubernetes本身的内置控制器之外，您还可以通过向集群添加控制器来扩展Kubernetes。

If a running application acts as a controller and has API access to carry out tasks against a custom resource that's defined in the control plane, that's an example of the Operator pattern.

如果一个正在运行的应用程序充当控制器，并且具有API访问权限，可以对控制平面中定义的自定义资源执行任务，这就是操作符模式的一个示例。

Persistent Volume

An API object that represents a piece of storage in the cluster. Available as a general, pluggable resource that persists beyond the lifecycle of any individual Pod.

一个API对象，表示群集中的一个存储。作为一种通用的、可插拔的资源，可在任何单个Pod的生命周期之外持续使用

PersistentVolumes (PVs) provide an API that abstracts details of how storage is provided from how it is consumed. PVs are used directly in scenarios where storage can be created ahead of time (static provisioning). For scenarios that require on-demand storage (dynamic provisioning), PersistentVolumeClaims (PVCs) are used instead.

PersistentVolumes（PVs）提供了一个API，它从存储的使用方式中抽象出存储提供方式的细节。PVs直接用于可以提前创建存储的场景（静态资源调配）。对于需要按需存储（动态资源调配）的场景，将使用PersistentVolumeClaims（PVC）。

Persistent Volume Claim

Claims storage resources defined in a PersistentVolume so that it can be mounted as a volume in a container.
声明PersistentVolume中定义的存储资源，以便将其作为卷装入容器中
Specifies the amount of storage, how the storage will be accessed (read-only, read-write and/or exclusive) and how it is reclaimed (retained, recycled or deleted). Details of the storage itself are described in the PersistentVolume object.

指定存储量、访问存储的方式（只读、读写和/或独占）以及回收存储的方式（保留、回收或删除）。存储本身的详细信息在PersistentVolume对象中描述。

Platform Developer

A person who customizes the Kubernetes platform to fit the needs of their project.
定制Kubernetes平台以满足其项目需求的人员。

A platform developer may, for example, use Custom Resources or Extend the Kubernetes API with the aggregation layer to add functionality to their instance of Kubernetes, specifically for their application. Some Platform Developers are also contributors and develop extensions which are contributed to the Kubernetes community. Others develop closed-source commercial or site-specific extensions.
例如，平台开发人员可以使用自定义资源，或使用聚合层扩展Kubernetes API，以向其Kubernetes实例添加功能，特别是针对其应用程序。一些平台开发人员也为Kubernetes社区贡献了力量并开发了扩展。其他人开发封闭源代码的商业或特定于站点的扩展。

Pod

The smallest and simplest Kubernetes object. A Pod represents a set of running containers on your cluster.

最小最简单的Kubernetes object。Pod表示集群上一组正在运行的容器。

A Pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a Deployment.

Pod通常设置为运行单个主容器。它还可以运行可选的sidecar容器，添加日志记录等补充功能。POD通常由部署管理

Pod Disruption

Pod disruption is the process by which Pods on Nodes are terminated either voluntarily or involuntarily.

Pod中断是节点上的Pod自愿或非自愿终止的过程。

Voluntary disruptions are started intentionally by application owners or cluster administrators. Involuntary disruptions are unintentional and can be triggered by unavoidable issues like Nodes running out of resources, or by accidental deletions.

自愿中断是由应用程序所有者或群集管理员故意启动的。非自愿中断是无意的，可以由不可避免的问题（如节点资源耗尽）或意外删除触发。

Pod Disruption Budget

Also known as:PDB 也被称为：PDB

A Pod Disruption Budget allows an application owner to create an object for a replicated application, that ensures a certain number or percentage of Pods with an assigned label will not be voluntarily evicted at any point in time.
Pod Disruption Budget 允许应用程序所有者为复制的应用程序创建一个对象，以确保一定数量或百分比的具有指定标签的Pod不会在任何时间点被自动逐出。

Involuntary disruptions cannot be prevented by PDBs; however they do count against the budget.

PDB无法防止非自愿中断；然而，它们确实会计入budget。

Pod Lifecycle

The sequence of states through which a Pod passes during its lifetime.

pods 在其生命周期内经过的一系列状态。

The Pod Lifecycle is defined by the states or phases of a Pod. There are five possible Pod phases: Pending, Running, Succeeded, Failed, and Unknown.

Pod Lifecycle由Pod的状态或阶段定义。有五个可能的Pod阶段：挂起、运行、成功、失败和未知。

A high-level description of the Pod state is summarized in the PodStatus phase field.

PodStatus phase field中总结了Pod状态的高级描述。

Pod Priority

Pod Priority indicates the importance of a Pod relative to other Pods.
Pod优先级表示一个Pod相对于其他Pod的重要性
Pod Priority gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.

Pod Priority 可以将Pod的调度优先级设置为高于或低于其他Pod，这是生产集群workload的一个重要特性。

Pod Security Policy

Enables fine-grained authorization of Pod creation and updates.

启用Pod 创建和更新的细粒度授权

A cluster-level resource that controls security sensitive aspects of the Pod specification. The PodSecurityPolicy objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
控制Pod规范安全敏感方面的群集级资源。PodSecurityPolicy对象定义了一组Pod运行时必须遵守的条件，以便被系统接受，以及相关字段的默认值。Pod安全策略控制作为可选的准入控制器实现。

PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25. We recommend migrating to Pod Security Admission, or a 3rd party admission plugin.

PodSecurityPolicy从Kubernetes v1.21开始就被弃用。v1.21，并将在v1.25中被删除.我们建议迁移到Pod Security Admission或第三方admission 插件。

Preemption

Preemption logic in Kubernetes helps a pending Pod to find a suitable Node by evicting low priority Pods existing on that Node.
Kubernetes中的抢占逻辑通过驱逐节点上存在的低优先级Pod ，帮助挂起的Pod找到合适的Node
If a Pod cannot be scheduled, the scheduler tries to preempt lower priority Pods to make scheduling of the pending Pod possible.

如果一个Pod无法被调度，scheduler 将尝试preempt 优先级较低的Pod，以便能调度挂起的Pod

Proxy

In computing, a proxy is a server that acts as an intermediary for a remote service.

在计算中，代理是充当远程服务媒介的服务器

A client interacts with the proxy; the proxy copies the client's data to the actual server; the actual server replies to the proxy; the proxy sends the actual server's reply to the client.

客户端与代理交互；代理将客户端的数据复制到实际服务器；实际服务器回复代理；代理将实际服务器的回复发送给客户端。

kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.

kube-proxy是在集群中的每个节点上运行的网络代理，它实现了Kubernetes服务概念的一部分。

You can run kube-proxy as a plain userland proxy service. If your operating system supports it, you can instead run kube-proxy in a hybrid mode that achieves the same overall effect using less system resources.

您可以将kube-proxy作为普通的userland代理服务运行。如果您的操作系统支持kube proxy，您可以改为以混合模式运行kube-proxy，使用更少的系统资源实现相同的总体效果

QoS Class

QoS Class (Quality of Service Class) provides a way for Kubernetes to classify Pods within the cluster into several classes and make decisions about scheduling and eviction.
QoS类（Quality of Service Class）为Kubernetes提供了一种方法，可以将集群中的POD分类为几个类，并对调度和驱逐做出决策。

QoS Class of a Pod is set at creation time based on its compute resources requests and limits settings. QoS classes are used to make decisions about Pods scheduling and eviction.

Pod的QoS等级在创建时根据其计算资源请求和限制设置进行设置。QoS类用于决定POD的调度和驱逐。

Kubernetes can assign one of the following QoS classes to a Pod: Guaranteed, Burstable or BestEffort.

Kubernetes可以为Pod分配QoS classes 类中的一个：Guaranteed, Burstable or BestEffor。

Quantity

A whole-number representation of small or large numbers using SI suffixes.
用SI 后缀表示小数字或大数字的整数。
Quantities are representations of small or large numbers using a compact, whole-number notation with SI suffixes. Fractional numbers are represented using milli units, while large numbers can be represented using kilo, mega, or giga units.

数量是使用带有SI后缀的紧凑整数表示法来表示小的或大的数字。小数可以用毫单位表示，而大数可以用千、兆或千兆单位表示。

For instance, the number 1.5 is represented as 1500m, while the number 1000 can be represented as 1k, and 1000000 as 1M. You can also specify binary-notation suffixes; the number 2048 can be written as 2Ki.

例如，数字1.5表示为1500m，数字1000表示为1k，1000000表示为1M。还可以指定二进制表示法后缀；2048这个数字可以写成2Ki。

The accepted decimal (power-of-10) units are m (milli), k (kilo, intentionally lowercase), M (mega), G (giga), T (tera), P (peta), E (exa).

公认的十进制（10的幂次方）单位为m（毫）、k（千、有意小写）、m（兆）、G（千兆）、T（兆）、P（千兆）、E（兆）。

The accepted binary (power-of-2) units are Ki (kibi), Mi (mebi), Gi (gibi), Ti (tebi), Pi (pebi), Ei (exbi).

可接受的二进制（2次幂）单位是Ki（kibi）、Mi（mebi）、Gi（gibi）、Ti（tebi）、Pi（pebi）、Ei（exbi）。

RBAC (Role-Based Access Control)

Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
管理授权决策，允许管理员通过Kubernetes API动态配置访问策略
RBAC utilizes roles, which contain permission rules, and role bindings, which grant the permissions defined in a role to a set of users.
RBAC 利用角色（包含权限规则）和角色绑定（将角色中定义的权限授予一组用户）。

ReplicaSet

A ReplicaSet (aims to) maintain(维护) a set of replica Pods running at any given time.

ReplicaSet（旨在）维护一组在任何给定时间运行的复制pod。

Workload objects such as Deployment make use of ReplicaSets to ensure that the configured number of Pods are running in your cluster, based on the spec of that ReplicaSet.

部署等Workload对象利用ReplicaSet，根据ReplicaSet的spec ，确保集群中运行的Pods 的配置数量。

ReplicationController

A workload resource that manages a replicated application, ensuring that a specific number of instances of a Pod are running.
管理复制应用程序的工作负载资源，确保Pod的特定数量的实例正在运行。
The control plane ensures that the defined number of Pods are running, even if some Pods fail, if you delete Pods manually, or if too many are started by mistake.

控制平面确保定义数量的pod正在运行，即使某些pod出现故障，或者手动删除pod，或者错误启动了太多pod。

Note: ReplicationController is deprecated. See Deployment, which is similar.

注意：不推荐使用ReplicationController。请参阅类似的Deployment。

Resource Quotas

Provides constraints that limit aggregate resource consumption per Namespace.

提供限制每个Namespace的聚合资源消耗的约束。

Limits the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that project.

按类型限制namespace 中可以创建的对象数量，以及该项目中的resources 可能消耗的计算资源总量。

Reviewer

A person who reviews code for quality and correctness on some part of the project.
审查项目某一部分代码的质量和正确性的人员。

Reviewers are knowledgeable about both the codebase and software engineering principles. Reviewer status is scoped to a part of the codebase.

评审人员对代码库和软件工程原理都很了解。审阅者状态的范围是代码库的一部分

Secret

Stores sensitive information, such as passwords, OAuth tokens, and ssh keys.

存储敏感信息，例如密码、OAuth令牌和ssh密钥

Allows for more control over how sensitive information is used and reduces the risk of accidental exposure. Secret values are encoded as base64 strings and stored unencrypted by default, but can be configured to be encrypted at rest. A Pod references the cas a file in a volume mount or by the kubelet pulling images for a pod. Secrets are great for confidential data and ConfigMaps for non-confidential data.

允许对敏感信息的使用进行更多控制，并降低意外暴露的风险。Secret 值编码为base64字符串，默认情况下未加密存储，但可以配置为在encrypted at rest.。Pod将该Secrets 引用为卷装载中的文件，或由kubelet为Pod拉取镜像。Secrets 对于机密数据和ConfigMaps 非常重要，而非机密数据则非常重要。

Security Context

The securityContext field defines privilege and access control settings for a Pod or container.

securityContext 字段定义Pod 或container的权限和访问控制设置。

In a securityContext, you can define: the user that processes run as, the group that processes run as, and privilege settings. You can also configure security policies (for example: SELinux, AppArmor or seccomp).

在securityContext中，您可以定义：处理作为运行的用户、处理作为运行的组以及权限设置。您还可以配置安全策略（例如：SELinux、AppArmor或seccomp）

The PodSpec.securityContext setting applies to all containers in a Pod.

PodSpec.securityContext 设置适用于Pod中的所有容器。

Selector

Allows users to filter a list of resources based on labels.
允许用户根据labels（标签）筛选资源列表。
Selectors are applied when querying lists of resources to filter them by labels.

查询资源列表时会应用选择器，以按标签进行筛选。

Service

An abstract way to expose an application running on a set of Pods as a network service.

将运行在一组pod上的应用程序作为网络服务公开的抽象方法

The set of Pods targeted by a Service is (usually) determined by a selector. If more Pods are added or removed, the set of Pods matching the selector will change. The Service makes sure that network traffic can be directed to the current set of Pods for the workload.

服务的目标 Pods （通常）由选择器确定。如果添加或删除更多的Pods ，则与selector匹配的Pods将发生更改。该服务确保网络流量可以定向到workload的当前Pods 。

Service Broker

An endpoint for a set of Managed Services offered and maintained by a third-party.
由第三方提供和维护的一组托管服务的端点。
Service Brokers implement the Open Service Broker API spec and provide a standard interface for applications to use their Managed Services. Service Catalog provides a way to list, provision, and bind with Managed Services offered by Service Brokers.

Service Brokers实现开放式ServiceBroker API规范，并为应用程序使用其托管服务提供标准接口。 Service Catalog(服务目录)提供了列出、提供和绑定服务代理提供的托管服务的方法。

Service Catalog

An extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider.

一种扩展API，使运行在Kubernetes集群中的应用程序能够轻松使用外部托管软件产品，例如云提供商提供的数据存储服务。

It provides a way to list, provision, and bind with external Managed Services from Service Brokers without needing detailed knowledge about how those services are created or managed.

它提供了一种方法，可以列出、提供并绑定来自Service Brokers的外部Managed Services，而无需详细了解这些服务是如何创建或管理的。

ServiceAccount

Provides an identity for processes that run in a Pod.
为在Pod中运行的进程提供标识
When processes inside caccess the cluster, they are authenticated by the API server as a particular service account, for example, default.

当Service Brokers中的进程访问集群时，API服务器会将它们作为特定的服务帐户（例如，默认帐户）进行身份验证

When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same Namespace

创建Pod时，如果未指定服务帐户，则会在同一Namespace中自动为其分配默认服务帐户

Shuffle-sharding

API 优先级与公平性（APF）特性由特性门控控制，默认情况下启用。有关特性门控的一般性描述以及如何启用和禁用特性门控，请参见特性门控

APF 的特性门控称为 APIPriorityAndFairness。此特性也与某个 API 组相关： (a) v1alpha1 版本，默认被禁用； (b) v1beta1 和 v1beta2 版本，默认被启用。你可以在启动 kube-apiserver 时，添加以下命令行标志来禁用此功能门控及 API Beta 组：

kube-apiserver \
--feature-gates=APIPriorityAndFairness=false \
--runtime-config=flowcontrol.apiserver.k8s.io/v1beta1=false,flowcontrol.apiserver.k8s.io/v1beta2=false \
  # ...其他配置不变

APF和Shuffle-sharding联系紧密，所以有上面一段的阐述,来自
https://kubernetes.io/zh/docs/reference/command-line-tools-reference/feature-gates/
Shuffle-sharding解释:
A technique for assigning requests to queues that provides better isolation than hashing modulo the number of queues.
将请求分配给队列的一种技术，它提供了比按队列数进行散列(来说)更好的隔离
We are often concerned with insulating different flows of requests from each other, so that a high-intensity flow does not crowd out low-intensity flows. A simple way to put requests into queues is to hash some characteristics of the request, modulo the number of queues, to get the index of the queue to use.

我们通常关心的是将不同的请求流彼此隔离，以便高强度的流不会排挤低强度的流。将请求放入队列的一种简单方法是对请求的某些特征进行散列，

The hash function uses as input characteristics of the request that align with flows.

对队列的数量进行模化，以获得要使用的队列索引。哈希函数使用与流对齐的请求的输入特征。
For example, in the Internet this is often the 5-tuple of source and destination address, protocol, and source and destination port.
例如，在Internet中，这通常是源和目标地址、协议、源和目标端口的t-tuple(5元组)。

That simple hash-based scheme has the property that any high-intensity flow will crowd out all the low-intensity flows that hash to the same queue.

这种简单的基于散列的方案的特性是，任何高强度流都会挤出散列到同一队列的所有低强度流
Providing good insulation for a large number of flows requires a large number of queues, which is problematic.
为大量流提供良好的隔离需要大量队列，这是有问题的。
Shuffle-sharding is a more nimble technique that can do a better job of insulating the low-intensity flows from the high-intensity flows.

Shuffle sharding是一种更灵活的技术，可以更好地隔离低强度流和高强度流

The terminology of shuffle-sharding uses the metaphor of dealing a hand from a deck of cards; each queue is a metaphorical card.
shuffle-sharding的专门用语使用了一副扑克牌中打手势的比喻；每个队列都是被比喻为一张卡。
The shuffle-sharding technique starts with hashing the flow-identifying characteristics of the request, to produce a hash value with dozens or more of bits. Then the hash value is used as a source of entropy to shuffle the deck and deal a hand of cards (queues). All the dealt queues are examined, and the request is put into one of the examined queues with the shortest length. With a modest hand size, it does not cost much to examine all the dealt cards and a given low-intensity flow has a good chance to dodge the effects of a given high-intensity flow. With a large hand size it is expensive to examine the dealt queues and more difficult for the low-intensity flows to dodge the collective effects of a set of high-intensity flows. Thus, the hand size should be chosen judiciously.

shuffle sharding技术首先对识别请求特征的流进行散列，以产生一个包含几十位或更多位的散列值。然后，散列值被用作熵源，用于洗牌和发牌（队列）。对所有处理过的队列进行检查，并将请求放入长度最短的一个检查过的队列中。手牌大小适中，检查所有已发牌的成本不高，给定的低强度流很有可能避开给定的高强度流的影响。由于手的尺寸较大，检查处理的队列成本较高，而低强度流更难避开一组高强度流的集体效应。因此，应该明智地选择手的大小。

SIG (special interest group 专门的兴趣小组)

Community members who collectively manage an ongoing piece or aspect of the larger Kubernetes open source project.
社区成员，他们共同管理大型Kubernetes开源项目的一部分或方面
Members within a SIG have a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. SIGs must follow the SIG governance guidelines, but can have their own contribution policy and channels of communication.

SIG成员在推进特定领域（如架构、API machinery或文档）方面有共同的兴趣。SIG必须遵守SIG治理指南，但可以有自己的贡献政策和沟通渠道。

For more information, see the kubernetes/community repo and the current list of SIGs and Working Groups.

StatefulSet

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

If you want to use storage volumes to provide persistence for your workload, you can use a StatefulSet as part of the solution. Although individual Pods in a StatefulSet are susceptible to failure, the persistent Pod identifiers make it easier to match existing volumes to the new Pods that replace any that have failed.

Static Pod

A pod managed directly by the kubelet daemon on a specific node,

由特定节点上的kubelet守护程序直接管理的pod，

without the API server observing it.

没有API server的观察

Storage Class

A StorageClass provides a way for administrators to describe different available storage types.

StorageClass为管理员提供了描述不同可用存储类型的方法。

StorageClasses can map to quality-of-service levels, backup policies, or to arbitrary policies determined by cluster administrators.

StorageClass可以映射到服务质量级别、备份策略或群集管理员确定的任意策略.

Each StorageClass contains the fields provisioner, parameters, and reclaimPolicy, which are used when a Persistent Volume belonging to the class needs to be dynamically provisioned. Users can request a particular class using the name of a StorageClass object.

每个StorageClass都包含provisioner、parameters和RecoverPolicy字段，当需要动态配置属于该类的Persistent Volume时，将使用这些字段。用户可以使用StorageClass对象的名称请求特定类。

sysctl

sysctl is a semi-standardized interface for reading or changing the attributes of the running Unix kernel.
sysctl是一个半标准化的接口，用于读取或更改正在运行的Unix内核的属性
On Unix-like systems, sysctl is both the name of the tool that administrators use to view and modify these settings, and also the system call that the tool uses.

在类Unix系统上，sysctl既是管理员用来查看和修改这些设置的工具的名称，也是该工具使用的系统调用。

Container runtimes and network plugins may rely on sysctl values being set a certain way.
容器运行时和网络插件可能依赖于以某种方式设置的sysctl值

Taint

A core object consisting of three required properties: key, value, and effect. Taints prevent the scheduling of Pods on nodes or node groups.

一个核心对象由三个必需属性组成的即：key、value和effect。污染会阻止在nodes 或节点组上调度Pods 。

Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. A node should only schedule a Pod with the matching tolerations for the configured taints.

Taints (污染)和tolerations 共同确保POD不会被安排到不适当的节点上。一个或多个污点应用于一个节点。节点应该只调度一个Pod，该Pod具有与配置的污染相匹配的容差。

Toleration

A core object consisting of three required properties: key, value, and effect. Tolerations enable the scheduling of pods on nodes or node groups that have matching taints.

由三个必需属性组成的核心对象：键、值和效果。允许在具有匹配污染的节点或节点组上调度POD。

Tolerations and taints work together to ensure that pods are not scheduled onto inappropriate nodes. One or more tolerations are applied to a pod. A toleration indicates that the pod is allowed (but not required) to be scheduled on nodes or node groups with matching taints.

UID

A Kubernetes systems-generated string to uniquely identify objects.
Kubernetes系统生成的字符串，用于唯一标识对象。
Every object created over the whole lifetime of a Kubernetes cluster has a distinct UID. It is intended to distinguish between historical occurrences of similar entities.

在Kubernetes 集群的整个生命周期中创建的每个对象都有一个独特的UID。其目的是区分类似实体的历史事件。

Upstream (disambiguation 消除歧义)

May refer to: core Kubernetes or the source repo from which a repo was forked.
可能指的是：核心Kubernetes 源代码仓库来自分支的仓库
- In the Kubernetes Community: Conversations often use upstream to mean the core Kubernetes codebase, which the general ecosystem, other code, or third-party tools rely upon. For example, community members may suggest that a feature is moved upstream so that it is in the core codebase instead of in a plugin or third-party tool.
- 在Kubernetes社区中：惯例通常使用 upstream 来表示核心Kubernetes代码库，通常这是生态系统、其他代码或第三方工具所依赖的。例如，社区成员可能会建议将某个功能向upstream移动，使其位于核心代码库中，而不是插件或第三方工具中。
- In GitHub or git: The convention is to refer to a source repo as upstream, whereas the forked repo is considered downstream.
- 在GitHub或git中：惯例是将源 repo 称为upstream，而分支 repo则被视为downstream
//简单说就是upstream代表核心代码库代码,downstream代表非核心代码库代码

user namespace（用户命名空间）

A kernel feature to emulate root. Used for "rootless containers".
模拟根目录的内核功能。用于“无根容器”。
User namespaces are a Linux kernel feature that allows a non-root user to emulate superuser ("root") privileges, for example in order to run containers without being a superuser outside the container.

用户命名空间是Linux内核的一项功能，它允许非root用户模拟超级用户（“root”）权限，例如，为了运行容器而不成为容器外的超级用户。

User namespace is effective for mitigating damage of potential container break-out attacks.

用户命名空间对于减轻潜在的容器突发攻击的损害是有效的。

In the context of user namespaces, the namespace is a Linux kernel feature, and not a namespace in the Kubernetes sense of the term.

注意:在用户命名空间的上下文中，命名空间是Linux内核的一个特性，而不是Kubernetes意义上的命名空间。

Volume

A directory containing data, accessible to the containers in a Pod.

包含数据的目录，可供Pod中的containers访问。

A Kubernetes volume lives as long as the Pod that encloses it. Consequently, a volume outlives any containers that run within the Pod, and data in the volume is preserved across container restarts.

Kubernetes 卷的存活时间与装入它的Pod一样长。因此，卷比Pod中运行的任何容器都要长，卷中的数据会在容器重新启动时保留。

See storage for more information.

storage 参看:

https://kubernetes.io/zh/docs/concepts/storage/

https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/

Volume Plugin

A Volume Plugin enables integration of storage within a Pod.
一个卷插件可以在一个Pod中集成存储。

A Volume Plugin lets you attach and mount storage volumes for use by a Pod. Volume plugins can be in tree or out of tree. In tree plugins are part of the Kubernetes code repository and follow its release cycle. Out of tree plugins are developed independently.

卷插件允许您连接和装载存储卷，以供Pod使用。卷插件可以是树内插件，也可以是树外插件。树内插件是Kubernetes代码库的一部分，遵循其发布周期。树外插件是独立开发的。

WG (working group)

Facilitates the discussion and/or implementation of a short-lived, narrow, or decoupled project for a committee, SIG, or cross-SIG effort.

为委员会、SIG或跨SIG工作的短期、狭窄或非耦合项目的讨论和/或实施提供便利

Working groups are a way of organizing people to accomplish a discrete task.

工作组是组织人们完成互不相连的任务的一种方式。

For more information, see the kubernetes/community repo and the current list of SIGs and working groups.

有关更多信息，请参阅kubernetes/community repo以及当前的 SIGs and working groups列表

Workload

A workload is an application running on Kubernetes.

workload 是在Kubernetes上运行的应用程序

Various core objects that represent different types or parts of a workload include the DaemonSet, Deployment, Job, ReplicaSet, and StatefulSet objects.

代表不同类型或部分的workload的各种核心对象包括DaemonSet、Deployment、Job、ReplicaSet和StatefulSet 对象。

For example, a workload that has a web server and a database might run the database in one StatefulSet and the web server in a Deployment.

例如，具有web服务器和数据库的workload可能在一个StatefulSet 中运行数据库，在Deployment中运行web服务器

posted @ 2023-02-16 21:15 jinzi 阅读(188) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部