Kubernetes Glossary

A set of nodes managed by a control plane that run containerized workloads together.

A physical or virtual machine in a Kubernetes cluster that runs Pods under the direction of the control plane.

The smallest deployable unit in Kubernetes — one or more containers that share a network namespace and storage volumes.

A virtual partition within a cluster that isolates resources, access control, and networking between teams or environments.

A lightweight, portable execution environment that packages an application with its dependencies using OS-level virtualization.

The set of components that store cluster state, schedule workloads, and run controllers to maintain desired state.

A controller that manages a ReplicaSet to keep a specified number of identical Pod replicas running and handles rolling updates.

A controller for stateful applications that provides stable Pod identities, ordered deployment, and per-Pod PersistentVolumeClaims.

A controller that ensures one Pod runs on every node (or every node matching a selector), used for node-level infrastructure agents.

A workload controller that runs one or more Pods to completion, guaranteeing that a specified number of completions succeed.

A controller that creates Jobs on a repeating schedule defined by a cron expression.

A controller that ensures a specified number of Pod replicas are running at any given time.

An API object that stores non-sensitive configuration data as key-value pairs, injected into Pods as env vars or mounted files.

An API object for storing sensitive data such as passwords, tokens, and TLS certificates, base64-encoded in etcd.

Per-container declarations of guaranteed CPU/memory (requests) and hard maximums (limits) that drive scheduling and enforcement.

Health checks that tell Kubernetes when to restart a container (liveness) or remove it from load balancing (readiness).

A cluster-scoped storage resource provisioned by an administrator or dynamically by a StorageClass, independent of any Pod lifecycle.

A namespaced request for persistent storage that binds to a PersistentVolume and mounts it into a Pod.

A cluster resource that defines a storage provisioner and parameters, enabling dynamic PV provisioning on demand.

A stable network endpoint that load-balances traffic to a dynamic set of Pods selected by label.

An API object that configures HTTP/HTTPS routing rules from a single external load balancer to multiple backend Services.

A namespaced resource that defines firewall rules controlling which Pods can send and receive traffic.

Role-Based Access Control — Kubernetes's authorization mechanism that grants permissions through role bindings.

RBAC objects that define a set of permitted API verbs on specified resources, scoped to a namespace (Role) or cluster-wide (ClusterRole).

An identity for Pods to authenticate to the Kubernetes API and cloud provider services, with tokens automatically mounted.

Kubernetes controls that restrict what Pods can do at the OS level — capabilities, root access, host namespaces, and file system permissions.

A controller that automatically scales the replica count of a Deployment or StatefulSet based on observed metrics.

A controller that recommends or automatically adjusts CPU and memory resource requests for Pods based on observed usage.

A component that automatically adds nodes when Pods are unschedulable and removes nodes when they are underutilized.

An open-source Kubernetes node provisioner that launches the optimal nodes for pending Pods in seconds, without pre-configured node groups.

The official Kubernetes command-line tool for interacting with the cluster API — deploying, inspecting, and managing resources.

The Kubernetes package manager that bundles resource manifests into versioned, configurable charts installable with a single command.

A Kubernetes-native configuration management tool that customizes base manifests for different environments without templating.

A custom controller that encodes operational knowledge for a specific application, extending Kubernetes with domain-specific automation.

An API extension mechanism that lets you define new resource types in Kubernetes, treated like built-in objects by the API server.

A policy object that limits how many Pods of a deployment can be simultaneously unavailable during voluntary disruptions.

Node taints repel Pods from scheduling on a node; tolerations in a Pod spec allow it to be scheduled on tainted nodes.

Scheduling rules that attract Pods to specific nodes (node affinity) or co-locate/separate Pods from each other (pod affinity/anti-affinity).

A Kubernetes resource that is no longer referenced by any active workload but continues to exist in the cluster, often incurring cost.

The practice of reducing Kubernetes infrastructure spend while maintaining performance and reliability.

The gap between what Kubernetes workloads reserve in resource requests and what they actually consume at runtime.

A cloud financial management practice that brings engineering, finance, and business together to maximize the value of cloud spending.