Kubernetes架构图 Architecture Workload Networking Storage RBAC
作者:互联网
control plane: 控制平面
optional component: 可选组件
API server: tracking state of all cluster components and managing interactions between them
API服务器:跟踪所有集群组件的状态并管理它们之间的交互
Cloud Controller Manager: runs cloud controller processes that take care of e.g. Load Balancer endpoint or storage volume allocation
云控制器管理器:运行云控制器进程,负责负载平衡器端点或存储卷分配
Controller manager: runs all built-in controllers, like Node or Replication Controller
控制器管理器:运行所有内置控制器,如节点或复制控制器
Scheduler: distributes unscheduled workloads across the available worker nodes
调度器:在可用的工作节点上分配未计划的工作负载
Cluster NDS: provides in-cluster DNS for Pods and Services, usually provided using CoreDNS's K8s plugin
集群NDS:为pod和服务提供集群内DNS,通常使用CoreDNS的K8s插件提供
etcd: key value store for all cluster configuration data
etcd:所有集群配置数据的键值存储
Cloud provider API: API to manage cloud(AWS, Azure, GCP, ...) resources
云提供商API:管理云(AWS、Azure、GCP等)资源的API
worker Nodes: 工作节点
kube代理:管理到节点pod的网络连接,例如使用iptables规则
kube-proxy: manages network connections to the node's Pods, e.g. using iptables rules
kubelet: manages container based on incoming Pod specifications
kubelet:根据传入的Pod规范管理容器
Container Runtime: runtime that implements the CRI, like CRI-O or containerd
容器运行时:实现CRI的运行时,如CRI-O或containerd
二、Workload
Pod: smallest K8s compute resource containing 1...containers
Pod:最小的K8s计算资源,包含1…个容器
init container: container executing startup tasks, like e.g.database migration
init container:执行启动任务的容器,例如数据库迁移
container: container with main or sidecar application
容器:主要或侧车应用的容器
Horizontal Pod autoscaler: scales the number of Pods based on various metrics
Horizontal Pod autoscaler:根据各种度量标准缩放Pod的数量
ReplicationController: predecessor of deployment, don't use it anymore
ReplicationController:部署的前身,不要再使用它了
StatefulSet: creates Pods while handling the needs of stateful applications
StatefulSet:在处理有状态应用程序的需求时创建pod
Deployment: creates a ReplicaSet and takes care of rollouts and rollbacks
部署:创建复制集并负责卷展和回滚
ReplicaSet: creates the desired amount of Pod instances
ReplicaSet:创建所需数量的Pod实例
CronJob: creates Jobs based on a time schedule
CronJob:根据时间表创建作业
Job: creates short living Pods for one time executions
工作:为一次性执行创建短期生存Pods
DaemonSet: creates exactly one Pod per Node
守护程序集:每个节点只创建一个Pod
三、Networking
Pod: exposes ports and communicates with other internal or external entities
Pod:暴露端口并与其他内部或外部实体通信
Network Policy: allows to whitelist ingress and egress traffic from and to Pods based on IP addresses, namespaces and pods
网络策略:允许根据IP地址、名称空间和POD将进出POD的流量列入白名单
Endpoint: holds information about IP addresses of Pods and open ports they expose
Endpoint:保存有关pod的IP地址及其公开的开放端口的信息
Endpoint Slice: successor of Endpoint, provides functional and scalability improvements
端点切片:端点的继承者,提供功能和可伸缩性改进
Ingress: makes a Service accessible from the outside of the cluster
入口:使服务可以从集群外部访问
Ingress Class: allows to specify which Ingress controller should implement an Ingress.
入口类:允许指定哪个入口控制器应该实现入口。
Ingress Controller: implements specifications of Ingress resources
入口控制器:实现入口资源的规范
Service: load balances traffic between a number of selected Pods
服务:负载平衡多个选定Pods之间的流量
Cluster IP: makes the service accessible only from within the cluster
集群IP:使服务只能从集群内访问
Node Port: exposes the Service at each node's IP at a static port
节点端口:在静态端口公开每个节点的IP上的服务
Load Balancer: exposes the Service using an external load balancer
负载平衡器:使用外部负载平衡器公开服务
External Name: maps the service to an existing DNS FQDN
外部名称:将服务映射到现有DNS FQDN
四、Storage
Pod: compute unit that reads/writes from/to the filesystem
Pod:从文件系统读写文件的计算单元
ConfigMap/Secret: contains data that can be read-only mounted to a filesystem
ConfigMap/Secret:包含可只读装入文件系统的数据
emptyDir: acts as temporary local storage during the lifespan of a Pod
emptyDir:在Pod的寿命期间充当临时本地存储
Generic Ephemeral Volumes: creates temporary PVCs using already existing Storage Classes
通用临时卷:使用现有的存储类创建临时pvc
Volume Snapshot: requests to create a snapshot from a PVC with the given VSC
卷快照:请求从具有给定VSC的PVC创建快照
Volume Snapshot Class: same as Storage Class but for Volume Snapshots
卷快照类:与存储类相同,但用于卷快照
Volume Snapshot Content: a snapshot containing existing PVC or pre-provisioned data
卷快照内容:包含现有PVC或预配置数据的快照
Persistent volume claim: requests storage from a PV including required amount and access mode
持久卷声明:从PV请求存储,包括所需数量和访问模式
persistent Volume: abstraction of a storage container including size and capabilities
持久卷:存储容器的抽象,包括大小和功能
Storage Class: configuration for different types of storage, e.g. Local, NFS, GlusterFs, ...
存储类:针对不同类型存储的配置,例如本地、NFS、GlusterFs等。。。
Storage Class Provisioner: service that creates PVs for a certain SC
存储类Provisioner:为特定SC创建PV的服务
五、RBAC
Pod: compute unit that can interact with the Kubernetes API server
Pod:可以与kubernetesapi服务器交互的计算单元
Service Account: namespaced Kubernetes managed user that is intended to be used by in-cluster processes
服务帐户:名称空间的Kubernetes托管用户,用于集群内进程
Role Binding: attaches rules from one Role or Cluster Role to users, Groups or SAs
角色绑定:将一个角色或群集角色中的规则附加到用户、组或SA
User: a User that authenticates against the kubernetes API server
用户:对kubernetesapi服务器进行身份验证的用户
Group: a collection of Users
组:用户的集合
Cluster Role Binding: attaches rules from one Cluster Role to Users, Groups or SAs
集群角色绑定:将一个集群角色的规则附加到用户、组或sa
(Aggregated) Cluster Role: a collection of cluster global rules
(聚合的)集群角色:集群全局规则的集合
Role: a collection of namespace scoped rules
角色:命名空间作用域规则的集合
Rule: Resources(Pod, Serivce, ...) and Verbs(Get, List, ...)
规则:资源(Pod,Serivce,…)和动词(Get,List,…)
原文链接:https://brennerm.github.io/posts/kubernetes-overview-diagrams.html
标签:Workload,Networking,架构图,creates,API,集群,container,Pod,Pods 来源: https://blog.51cto.com/u_15077160/2914930