Key Takeaways
- âś“60+ Kubernetes terms organized by category: architecture, networking, security, storage
- âś“70% of Kubernetes organizations use Helm for deployment management (Orca Security 2025)
- âś“Reference for CKA/CKAD/CKS training and production projects
The glossary is your quick reference tool for mastering Kubernetes vocabulary. Each term below helps you precisely understand the concepts you encounter in your projects, training, and certifications. With 82% of container users running Kubernetes in production, this vocabulary now constitutes an essential foundation for your career.
TL;DR: This glossary gathers 60+ essential Kubernetes terms, organized by category. Use it as a reference during your training, CKA/CKAD/CKS review, or production projects. Each definition gives you the practical context you need.
To deepen these concepts in real conditions, discover Kubernetes Fundamentals training.
Why master Kubernetes vocabulary?
When you work on a Kubernetes cluster, you manipulate dozens of interconnected concepts. A Pod depends on a Node, a Service exposes a Deployment, a ConfigMap configures your containers. Without precise vocabulary, you risk configuration errors that directly impact your production.
Key takeaway: Invest time in vocabulary. You'll avoid hours of debugging and communicate more effectively with your teams.
For a structured introduction, consult the Kubernetes fundamentals for beginners guide.
What are the fundamental Kubernetes concepts?
Cluster
A Cluster is all the machines (physical or virtual) that run your containerized applications under Kubernetes. Your cluster includes a Control Plane and Worker Nodes. When you administer a cluster, you manage both infrastructure and workloads.
Control Plane
The Control Plane is your cluster's brain. It makes all global decisions: Pod scheduling, failure detection, event response. You interact with it via the API Server. To learn more, consult Kubernetes Cluster Administration.
Node
A Node is a worker machine in your cluster. Each Node runs Pods and provides the execution environment (kubelet, container runtime). You can have dozens or thousands of Nodes depending on your load. According to PhoenixNAP, Kubernetes scales to thousands of containers where Docker Swarm suits more modest workloads.
Namespace
A Namespace is a logical partition of your cluster. Use Namespaces to isolate your environments (dev, staging, prod) or your teams. You can apply resource quotas and network policies per Namespace.
kubectl
kubectl is the command-line tool for interacting with your cluster. You use it to deploy applications, inspect resources, and manage your workloads' lifecycle. Consult the kubectl cheatsheet for essential commands.
# Example: list all Pods in a namespace
kubectl get pods -n your-namespace
What Kubernetes objects should you know?
Pod
A Pod is the smallest deployment unit in Kubernetes. Your Pod contains one or more containers that share storage and network. You never deploy a container alone: you always deploy a Pod.
Deployment
A Deployment is the object that manages your Pods declaratively. When you create a Deployment, you specify the image, number of replicas, and update strategy. Kubernetes automatically maintains the desired state. For advanced strategies, see Kubernetes Deployment and Production.
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-app
spec:
replicas: 3
selector:
matchLabels:
app: your-app
ReplicaSet
A ReplicaSet ensures a specified number of Pod replicas run at all times. You generally don't create ReplicaSets directly: your Deployment manages them for you.
StatefulSet
A StatefulSet is designed for your stateful applications (databases, caching systems). Unlike a Deployment, it guarantees deployment order and stable network identities for each Pod.
DaemonSet
A DaemonSet ensures a Pod runs on each Node in your cluster. Use it for your monitoring agents, log collectors, or network plugins.
Job and CronJob
A Job creates one or more Pods and ensures their execution until completion. A CronJob schedules Jobs according to a calendar. You use them for your batch tasks and periodic processing.
Key takeaway: Choose the right object for your use case. Deployment for stateless apps, StatefulSet for databases, DaemonSet for system agents.
How does Kubernetes networking work?
Service
A Service is an abstraction that defines a logical set of Pods and an access policy. Your Service provides a stable IP and DNS, even when your Pods are recreated. Main types: ClusterIP, NodePort, LoadBalancer.
| Type | Usage | Accessibility |
|---|---|---|
| ClusterIP | Internal communication | Cluster only |
| NodePort | Simple external exposure | Node IP + fixed port |
| LoadBalancer | Cloud production | Dedicated external IP |
Ingress
An Ingress manages external HTTP/HTTPS access to your Services. You configure routing rules based on hosts and paths. The Ingress Controller (Nginx, Traefik) implements these rules.
NetworkPolicy
A NetworkPolicy specifies how your Pods communicate with each other and other endpoints. By default, all traffic is allowed. You must create NetworkPolicies to secure your cluster. Consult Kubernetes Security for best practices.
CNI (Container Network Interface)
CNI is the standard for configuring your container network. Your cluster uses a CNI plugin (Calico, Cilium, Flannel) to assign IPs and manage routing.
How to manage configuration and secrets?
ConfigMap
A ConfigMap stores your non-sensitive configuration data as key-value pairs. You inject this data into your Pods via environment variables or volumes. Always separate your configuration from your code.
apiVersion: v1
kind: ConfigMap
metadata:
name: your-config
data:
DATABASE_HOST: "postgres.default.svc"
LOG_LEVEL: "info"
Secret
A Secret stores your sensitive data (passwords, tokens, keys). Kubernetes encodes this data in base64. For enhanced security, you should enable at-rest encryption and use solutions like Vault.
Environment Variables
Environment Variables inject your configuration into containers at runtime. You can define them directly, via ConfigMaps, or via Secrets.
How to manage storage in Kubernetes?
Volume
A Volume is a directory accessible to containers in a Pod. Unlike ephemeral container storage, a Volume persists for the Pod's lifetime.
PersistentVolume (PV)
A PersistentVolume is a storage resource provisioned by the administrator or dynamically via a StorageClass. Your PV exists independently of Pods.
PersistentVolumeClaim (PVC)
A PersistentVolumeClaim is a storage request by a user. You specify size and access mode. Kubernetes binds your PVC to an available PV.
StorageClass
A StorageClass defines the "classes" of storage available in your cluster. You use it for dynamic provisioning of PersistentVolumes.
What security terms should you master?
With 70% of organizations using Kubernetes in the cloud and most using Helm, security becomes critical. The LFS460 Kubernetes Security training prepares you for CKS.
RBAC (Role-Based Access Control)
RBAC is Kubernetes' authorization system. You define Roles (permissions) and RoleBindings (assignment to users/services). Always apply the principle of least privilege.
ServiceAccount
A ServiceAccount provides identity to processes in your Pods. Each Namespace has a default ServiceAccount. Create dedicated ServiceAccounts with minimal permissions.
PodSecurityPolicy / Pod Security Standards
Pod Security Standards (successors to deprecated PodSecurityPolicies) define security levels for your Pods: Privileged, Baseline, Restricted. You apply them via labels on your Namespaces.
Admission Controller
An Admission Controller intercepts requests to the API Server before persistence. Use controllers like OPA Gatekeeper to validate your security policies.
Key takeaway: Kubernetes security is not optional. Start with RBAC, then add NetworkPolicies and Pod Security Standards.
What observability tools to use?
Prometheus
Prometheus is the monitoring standard for Kubernetes. You collect metrics from your Pods and Nodes, define alerts, and visualize via Grafana. To learn more, consult Kubernetes Monitoring and Troubleshooting.
Grafana
Grafana is the visualization platform that integrates with Prometheus. You create dashboards to monitor your clusters and applications.
Loki
Loki is the log aggregation system inspired by Prometheus. You collect and query your logs without full indexing, reducing storage costs.
Jaeger / Zipkin
Jaeger and Zipkin are distributed tracing systems. You trace requests across your microservices to identify bottlenecks.
What are scaling-related terms?
According to Spectro Cloud, 82% of Kubernetes workloads are over-provisioned. Master these concepts to optimize your resources.
HPA (Horizontal Pod Autoscaler)
The HPA automatically adjusts the number of Pod replicas based on metrics (CPU, memory, custom). You define thresholds and Kubernetes scales horizontally.
VPA (Vertical Pod Autoscaler)
The VPA recommends or automatically adjusts CPU and memory requests/limits for your Pods. You optimize resource utilization without changing replica count.
Cluster Autoscaler
The Cluster Autoscaler adds or removes Nodes in your cluster based on demand. When your Pods can't be scheduled, it provisions new Nodes.
| Autoscaler | What it scales | Metric |
|---|---|---|
| HPA | Number of Pods | CPU, memory, custom |
| VPA | Resources per Pod | Historical usage |
| Cluster | Number of Nodes | Pending pods |
How do Kubernetes certifications work?
Kubernetes certifications CKA CKAD CKS validate your practical skills. As feedback on TechiesCamp confirms: "The CKA exam tested practical, useful skills. It wasn't just theory: it matched real-world situations you'd actually run into when working with Kubernetes."
CKA (Certified Kubernetes Administrator)
The CKA validates your Kubernetes cluster administration skills. You take a 2-hour practical exam. Validity: 2 years (official source). The LFS458 training prepares you in 4 days.
CKAD (Certified Kubernetes Application Developer)
The CKAD validates your application development skills on Kubernetes. 2-hour practical exam. The LFD459 training covers the program in 3 days. For details, consult pass the CKAD.
CKS (Certified Kubernetes Security Specialist)
The CKS validates your Kubernetes security skills. Prerequisite: valid CKA. 2-hour practical exam. Validity: 2 years.
What deployment tools should you know?
Helm
Helm is the package manager for Kubernetes. You install applications via Charts, which encapsulate YAML manifests. With 70% of Kubernetes organizations using Helm, it's an essential tool.
Kustomize
Kustomize customizes your Kubernetes manifests without templates. You apply overlays to adapt your configurations per environment. Natively integrated in kubectl.
ArgoCD
ArgoCD is a GitOps tool for Kubernetes. You declare desired state in Git, ArgoCD automatically synchronizes your cluster. Consult GitOps and Kubernetes to implement this approach.
Flux
Flux is the CNCF alternative to ArgoCD for GitOps. You synchronize your clusters with your Git repositories declaratively.
Which Kubernetes distributions to choose?
The Kubernetes market reaches $2.57 billion USD in 2025 with 21.85% CAGR growth. Several distributions are available. Consult Kubernetes Comparisons and Alternatives for a complete guide.
Vanilla Kubernetes
Vanilla Kubernetes refers to upstream Kubernetes without modifications. You deploy it yourself and manage all infrastructure.
Managed Kubernetes (EKS, GKE, AKS)
Managed services (Amazon EKS, Google GKE, Azure AKS) manage the Control Plane for you. You focus on your workloads.
k3s
k3s is a lightweight Kubernetes distribution from Rancher. You use it for edge computing, IoT, or constrained environments.
OpenShift
OpenShift is Red Hat's Kubernetes distribution with enterprise features (integrated registry, CI/CD, advanced web console).
Where to find resources to learn more?
Official documentation
The official Kubernetes documentation remains your primary reference. You'll find concepts, tutorials, and API references.
CNCF Landscape
The CNCF Landscape maps the cloud native ecosystem. You discover projects by category.
SFEIR Training
For structured skills development, explore the complete Kubernetes Training guide and Kubernetes tutorials and practical guides.
As The Enterprisers Project reminds us: "Anybody can learn Kubernetes. With abundant documentation and development tools available online, teaching yourself Kubernetes is very much within reach."
Take action
You now have the vocabulary to navigate the Kubernetes ecosystem. Put this knowledge into practice with official Linux Foundation training:
- Kubernetes Fundamentals: discover Kubernetes in 1 day
- LFS458 Kubernetes Administration: prepare for CKA in 4 days
- LFD459 Kubernetes for Developers: prepare for CKAD in 3 days
- LFS460 Kubernetes Security: prepare for CKS in 4 days
To explore containerization best practices, consult Containerization and Docker Best Practices.
Contact our advisors to identify the training suited to your path.