其他分享
首页 > 其他分享> > Kubernetes架构图 Architecture Workload Networking Storage RBAC

Kubernetes架构图 Architecture Workload Networking Storage RBAC

作者:互联网

一、Basic Architecture

图片

control plane: 控制平面

optional component: 可选组件

 

API server: tracking state of all cluster components and managing interactions between them

API服务器:跟踪所有集群组件的状态并管理它们之间的交互

 

Cloud Controller Manager: runs cloud controller processes that take care of e.g. Load Balancer endpoint or storage volume allocation

云控制器管理器:运行云控制器进程,负责负载平衡器端点或存储卷分配

 

Controller manager: runs all built-in controllers, like Node or Replication Controller

控制器管理器:运行所有内置控制器,如节点或复制控制器

 

Scheduler: distributes unscheduled workloads across the available worker nodes

调度器:在可用的工作节点上分配未计划的工作负载

 

Cluster NDS: provides in-cluster DNS for Pods and Services, usually provided using CoreDNS's K8s plugin

集群NDS:为pod和服务提供集群内DNS,通常使用CoreDNS的K8s插件提供

 

etcd: key value store for all cluster configuration data

etcd:所有集群配置数据的键值存储

 

Cloud provider API: API to manage cloud(AWS, Azure, GCP, ...) resources

云提供商API:管理云(AWS、Azure、GCP等)资源的API

 

worker Nodes: 工作节点

 

kube代理:管理到节点pod的网络连接,例如使用iptables规则

kube-proxy: manages network connections to the node's Pods, e.g. using iptables rules

 

kubelet: manages container based on incoming Pod specifications

kubelet:根据传入的Pod规范管理容器

 

Container Runtime: runtime that implements the CRI, like CRI-O or containerd

容器运行时:实现CRI的运行时,如CRI-O或containerd

 

 

 

二、Workload

图片

Pod: smallest K8s compute resource containing 1...containers

Pod:最小的K8s计算资源,包含1…个容器

 

init container: container executing startup tasks, like e.g.database migration

init container:执行启动任务的容器,例如数据库迁移

 

container: container with main or sidecar application

容器:主要或侧车应用的容器

 

Horizontal Pod autoscaler: scales the number of Pods based on various metrics

Horizontal Pod autoscaler:根据各种度量标准缩放Pod的数量

 

ReplicationController: predecessor of deployment, don't use it anymore

ReplicationController:部署的前身,不要再使用它了

 

StatefulSet: creates Pods while handling the needs of stateful applications

StatefulSet:在处理有状态应用程序的需求时创建pod

 

Deployment: creates a ReplicaSet and takes care of rollouts and rollbacks

部署:创建复制集并负责卷展和回滚

 

ReplicaSet: creates the desired amount of Pod instances

ReplicaSet:创建所需数量的Pod实例

 

CronJob: creates Jobs based on a time schedule

CronJob:根据时间表创建作业

 

 

Job: creates short living Pods for one time executions

工作:为一次性执行创建短期生存Pods

 

DaemonSet: creates exactly one Pod per Node

守护程序集:每个节点只创建一个Pod

 

 

 

三、Networking

图片

 

Pod: exposes ports and communicates with other internal or external entities

Pod:暴露端口并与其他内部或外部实体通信

 

Network Policy: allows to whitelist ingress and egress traffic from and to Pods based on IP addresses, namespaces and pods

网络策略:允许根据IP地址、名称空间和POD将进出POD的流量列入白名单

 

Endpoint: holds information about IP addresses of Pods and open ports they expose

Endpoint:保存有关pod的IP地址及其公开的开放端口的信息

 

Endpoint Slice: successor of Endpoint, provides functional and scalability improvements

端点切片:端点的继承者,提供功能和可伸缩性改进

 

Ingress: makes a Service accessible from the outside of the cluster

入口:使服务可以从集群外部访问

 

Ingress Class: allows to specify which Ingress controller should implement an Ingress.

入口类:允许指定哪个入口控制器应该实现入口。

 

Ingress Controller: implements specifications of Ingress resources

入口控制器:实现入口资源的规范

 

Service: load balances traffic between a number of selected Pods

服务:负载平衡多个选定Pods之间的流量

 

Cluster IP: makes the service accessible only from within the cluster

集群IP:使服务只能从集群内访问

 

Node Port: exposes the Service at each node's IP at a static port

节点端口:在静态端口公开每个节点的IP上的服务

 

Load Balancer: exposes the Service using an external load balancer

负载平衡器:使用外部负载平衡器公开服务

 

External Name: maps the service to an existing DNS FQDN

外部名称:将服务映射到现有DNS FQDN

 

 

 

四、Storage

图片

Pod: compute unit that reads/writes from/to the filesystem

Pod:从文件系统读写文件的计算单元

 

ConfigMap/Secret: contains data that can be read-only mounted to a filesystem

ConfigMap/Secret:包含可只读装入文件系统的数据

 

emptyDir: acts as temporary local storage during the lifespan of a Pod

emptyDir:在Pod的寿命期间充当临时本地存储

 

Generic Ephemeral Volumes: creates temporary PVCs using already existing Storage Classes

通用临时卷:使用现有的存储类创建临时pvc

 

Volume Snapshot: requests to create a snapshot from a PVC with the given VSC

卷快照:请求从具有给定VSC的PVC创建快照

 

Volume Snapshot Class: same as Storage Class but for Volume Snapshots

卷快照类:与存储类相同,但用于卷快照

 

Volume Snapshot Content: a snapshot containing existing PVC or pre-provisioned data

卷快照内容:包含现有PVC或预配置数据的快照

 

Persistent volume claim: requests storage from a PV including required amount and access mode

持久卷声明:从PV请求存储,包括所需数量和访问模式

 

persistent Volume: abstraction of a storage container including size and capabilities

持久卷:存储容器的抽象,包括大小和功能

 

Storage Class: configuration for different types of storage, e.g. Local, NFS, GlusterFs, ...

存储类:针对不同类型存储的配置,例如本地、NFS、GlusterFs等。。。

 

Storage Class Provisioner: service that creates PVs for a certain SC

存储类Provisioner:为特定SC创建PV的服务

 

 

 

 

 

五、RBAC

图片

 

Pod: compute unit that can interact with the Kubernetes API server

Pod:可以与kubernetesapi服务器交互的计算单元

 

Service Account: namespaced Kubernetes managed user that is intended to be used by in-cluster processes

服务帐户:名称空间的Kubernetes托管用户,用于集群内进程

 

Role Binding: attaches rules from one Role or Cluster Role to users, Groups or SAs

角色绑定:将一个角色或群集角色中的规则附加到用户、组或SA

 

User: a User that authenticates against the kubernetes API server

用户:对kubernetesapi服务器进行身份验证的用户

 

 

Group: a collection of Users

组:用户的集合

 

Cluster Role Binding: attaches rules from one Cluster Role to Users, Groups or SAs

集群角色绑定:将一个集群角色的规则附加到用户、组或sa

 

(Aggregated) Cluster Role: a collection of cluster global rules

(聚合的)集群角色:集群全局规则的集合

 

 

Role: a collection of namespace scoped rules

角色:命名空间作用域规则的集合

 

Rule: Resources(Pod, Serivce, ...) and Verbs(Get, List, ...)

规则:资源(Pod,Serivce,…)和动词(Get,List,…)

 

 

 

 

 

原文链接:https://brennerm.github.io/posts/kubernetes-overview-diagrams.html

 

 

标签:Workload,Networking,架构图,creates,API,集群,container,Pod,Pods
来源: https://blog.51cto.com/u_15077160/2914930