Kubernetes terminology

This page provides key Kubernetes terms and platform-specific concepts that are commonly used when running Kubernetes-based workloads. While some of these concepts are universal, others are specific to certain cloud providers or Kubernetes distributions.

Universal Kubernetes concepts

These concepts apply to most Kubernetes distributions.

Cluster

Primary control unit managing worker nodes and applications. Includes the control plane and data plane.

Node

A worker machine (physical or virtual) where Pods run.

Pod

The smallest deployable unit in Kubernetes, consisting of one or more containers.

Container

A lightweight package containing application code and dependencies.

Service

Provides stable IP/DNS access to a set of Pods.

Deployment

Manages stateless application Pods, ensuring availability and handling updates.

StatefulSet

Manages stateful applications with stable identities and persistent storage.

PersistentVolume (PV)

A piece of storage in the cluster provisioned manually or dynamically.

PersistentVolumeClaim (PVC)

A request for storage made by an application.

StorageClass

Defines storage classes used for dynamic volume provisioning.

Container Storage Interface (CSI)

A standard API allowing storage vendors to create plugins for Kubernetes.

ConfigMap

Stores non-confidential configuration data for applications.

Secret

Stores sensitive data such as passwords or keys.

Namespace

Partitions cluster resources into logical groups.

Ingress

Manages external HTTP(S) access to Services.

kubectl

Primary CLI tool for interacting with the Kubernetes API server.

Platform-specific concepts and implementations

AWS EKS (Elastic Kubernetes Service)

Managed Control Plane AWS manages the Kubernetes control plane.

Managed Node Groups AWS manages lifecycle of worker nodes.

VPC CNI (Container Network Interface) Assigns VPC IPs directly to Pods.

IAM Roles for Service Accounts (IRSA) Allows Pods to access AWS services securely via IAM roles.

EBS CSI Driver Manages AWS EBS volumes.

AWS Load Balancer Controller (LBC) Provisions AWS ALBs and NLBs for external access.

Red Hat OpenShift (RHOS)

Security Context Constraints (SCCs) Controls Pod security settings.

Routes Provides external HTTP(S) access, similar to Ingress.

OpenShift Storage (e.g., ODF/Ceph) Storage options integrated with OpenShift.

Service Accounts & Permissions Manages Kubernetes Service Accounts and their access permissions.

Google Kubernetes Engine (GKE)

Workload Identity Allows Kubernetes Service Accounts to impersonate Google Cloud Service Accounts.

Persistent Disk CSI Driver Manages GCE Persistent Disks.

GKE Ingress / Cloud Load Balancers Provides external HTTP(S) access using Google Cloud Load Balancers.

Azure Kubernetes Service (AKS)

Workload Identity / Pod Identity Allows Kubernetes Service Accounts to use Azure AD identities.

Azure Disk / Azure File CSI Drivers Manages Azure Disk and Azure File storage.

AKS Ingress Options include AGIC and Nginx-based Ingress controllers.

Other terms

VPC Virtual Private Cloud — defines the network environment for Kubernetes.

Egress Outbound network traffic from the cluster.

Ingress Inbound network traffic to the cluster.

Related topics

• Troubleshooting Kubernetes