| All-in-one | AIO | Kubernetes and openFuyao components such as fuyao-system are deployed on the same node. |
| API gateway | APIG | A single entry point between clients and APIs. It acts as a reverse proxy that routes client requests to a group of backend APIs. |
| Application Programming Interface | API | A set of predefined functions that allow applications and developers to access routines based on some software or hardware without accessing the source code or understanding internal mechanisms. |
| blackbox_exporter | - | One of the official Prometheus exporters. It enables network probing over HTTP, HTTPS, DNS, TCP, and ICMP. |
| cAdvisor | - | A container monitoring tool developed by Google, which is embedded in Kubernetes as a monitoring component. |
| Cloud Native Computing Foundation | CNCF | An open-source software foundation. |
| ConfigMap | - | An API object used to store non-sensitive data in key-value pairs. |
| Console | - | The frontend web-based control interface. |
| Container | - | A runtime instance created based on an image. Containers can be started, stopped, and removed. Each container is an isolated and secure platform. |
| CronJob | - | Jobs are created on a repeating schedule. |
| Custom resource definition | CRD | A Kubernetes extension mechanism that allows users to define custom resources. |
| DaemonSet | - | A DaemonSet ensures that all (or some) nodes run a copy of a pod. |
| Deployment | - | A Deployment provides declarative updates for pods and ReplicaSets. |
| Domain Name System | DNS | A service that maps domain names to IP addresses for easier network access. |
| Dubbo | - | An open-source, high-performance service framework from Alibaba that delivers transparent RPC remote invocation and service governance. |
| Fully qualified domain name | FQDN | An FQDN contains both hostname and domain name in the format of hostname.domain-name |
| Gigabyte | GB | A decimal unit of information measurement, which is commonly used to denote the storage capacity of disks or memory. |
| Helm | - | A package manager for Kubernetes that simplifies the deployment and management of applications in a Kubernetes cluster. |
| Helm chart | - | A core concept in Helm, which is a pre-configured package of application resources. |
| High availability | HA | The ability of a system or service to run reliably and remain continuously available, even during hardware failures or unexpected issues. |
| Horizontal pod autoscaler | HPA | Workload resources (such as Deployments or StatefulSets) are automatically updated to scale them up or down based on demand. |
| Hypertext Transfer Protocol Secure | HTTPS | A secure version of HTTP that ensures security during transmission through encryption and authentication. |
| Ingress | - | An API object that manages external access to the services in a cluster. Ingress may provide load balancing, SSL termination, and name-based virtual hosting. |
| Job | - | A Job represents a one-off task in a cluster. It focuses on running a task once rather than maintaining a specified number of running instances. A Job creates one or more pods to run a specified task. The pods are removed by the Job after the task is complete. |
| kube-apiserver | - | It validates and configures data for the API objects which include pods, services, and ReplicationControllers. The API server services REST operations and provides the frontend to the cluster's shared state through which all other components interact. |
| kubectl | - | A command-line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API. |
| kubelet | - | A critical Kubernetes component running on each node in a cluster, responsible for managing containers on that node. It is a node agent in the Kubernetes system and communicates with the controller on the main control plane to ensure that containers run on nodes as expected. |
| Kube-rbac-proxy | - | A lightweight HTTP proxy service designed for Kubernetes, utilizing Kubernetes' SubjectAccessReview feature to enforce RBAC authorization. Its goal is to restrict communication between pods, allowing only pods with valid and RBAC-authorized tokens to access other pods. |
| Kubernetes | K8s | A portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. |
| kube-state-metrics | - | It listens to the Kubernetes API server and generates metrics about the state of the objects, such as Deployments, nodes, and pods. |
| metrics-server | - | A core component for the Kubernetes monitoring system. It collects resource metrics from Kubelet, aggregates them (relying on kube-aggregator), and exposes them in the Kubernetes API server through Metrics API (/apis/metrics.k8s.io/). It only stores the most recent metric data (CPU/Memory). |
| Mutual TLS | mTLS | A two-way encrypted channel is used between a server and a client. |
| Namespace | - | A Kubernetes namespace is an isolated resource space within a project on the platform, serving as the user's workspace for production. A project can create multiple namespaces, with the sum of their allocated resource quotas not exceeding the project's quota. Namespaces provide finer-grained resource quota division and also limit container sizes (CPU and memory) within the namespace, effectively improving resource utilization. |
| Nginx | - | A high-performance HTTP and reverse proxy web server. It also provides IMAP, POP3, and SMTP services. |
| Node | - | Depending on the cluster configuration, a node can be a virtual or physical machine. |
| node_exporter | - | It collects and exposes host metrics, such as CPU usage, disk usage, memory usage, and network activities. It can be used with Prometheus or other monitoring tools and supports various collectors and custom metrics. |
| OAuth2-Server | - | A server providing the OAuth 2.0 protocol implementation in openFuyao. |
| Oauth-proxy | - | It provides OAuth2-based authentication and authorization functionality. It helps protect web applications or APIs, ensuring that only authenticated users can access protected content. |
| Open Authorization 2.0 | OAuth2.0 | The industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. |
| Operating system | OS | A built-in program that coordinates various computer hardware components and interacts with the user. Commonly used OSs include Windows, macOS, and open-source Linux. |
| Pod | - | The smallest deployable unit of computing that users can create and manage in Kubernetes. |
| Prometheus | - | An open-source system monitoring and alerting toolkit used to collect and process real-time metrics. It periodically pulls monitoring data from the target service or agent through HTTP and stores the data in a highly available time series database. Users can query, aggregate, and visualize the data using the PromQL query language and trigger alerts based on predefined rules. |
| Resource | - | Built-in and custom resources within Kubernetes. |
| Role-based access control | RBAC | An access control method that manages access to system resources based on user roles. In RBAC, permissions are associated with roles, and users acquire permissions through their assigned roles. |
| Scheduler | - | A scheduler makes sure that pods are matched to nodes so that Kubelet can run them. |
| Secret | - | An object that contains a small amount of sensitive data such as a password, a token, or a key. |
| Service | - | In Kubernetes, a Service is a method for exposing a web application that is running as one or more pods in your cluster. |
| ServiceMonitor | - | A core abstraction of the Prometheus Operator for the monitoring system. ServiceMonitors can facilitate metric monitoring. |
| Silence | - | A basic capability provided by alerting components. It matches alerts based on configured silence rules. Any matching alert is silenced, meaning it is not pushed for notification. |
| Spring Cloud | - | A complete microservices solution suite based on the Spring Boot framework. |
| StatefulSet | - | A workload API object used to manage stateful applications. |
| vCPU | - | A processor resource used in virtual environments. It represents a portion of a physical CPU and be used independently by a virtual machine. Unlike physical CPUs, vCPUs utilize hyper-threading technology to divide a physical processor into multiple virtual processor cores, enabling resource sharing and dynamic allocation. |
| Volume | - | An abstraction in Kubernetes that provides persistent storage for containers within a pod. |
| Kunpeng Accelerator Engine | KAE | A hardware acceleration solution based on the Kunpeng 920 processor. |
| High Performance RSA Engine | HPRE | The high-performance RSA acceleration engine module of the KAE. |
| High Performance ZIP Engine | ZIP | The high-performance zlib/gzlib compression engine module of the KAE |
| Security Engine | SEC | The hardware security acceleration engine module of the KAE. |
| Node Feature Discovery | NFD | The node feature discovery function in Kubernetes. NFD detects the hardware features that are available on each node in a Kubernetes cluster and advertises them using node labels, annotations, and taints. |
| Custom resource | CR | A custom resource in Kubernetes. |
| Custom resource definition | CRD | A custom resource definition in Kubernetes. |
| Monitoring instance | - | The smallest monitorable object in Kubernetes. Each monitoring instance is uniquely identified by a set of key-value pair labels. |
| Monitoring metric | - | A metric supported by a data collection system (for example, Prometheus) for user monitoring. One monitoring metric can contain data from multiple instances. |
| Monitoring component | - | A component containing a name and a data chart, which is displayed in a card format. |
| Monitoring dashboard | - | Consists of multiple user-defined monitoring components, allowing users to monitor various metrics according to their needs. |
| Coordinated Universal Time | UTC | A time standard used to synchronize time globally. |
| Universally Unique Identifier | UUID | A standard identifier used in software construction, which is composed of a timestamp, clock sequence, and a globally unique node identifier (such as a hash of the hostname). |
| Non-uniform memory access | NUMA | A memory architecture in modern multi-core and multi-processor systems that optimizes memory access speed by allocating processors and memory to multiple nodes. |
| Cloud Native Colocation | - | A deployment method that uses cloud-native approaches to co-locate online and offline services within the same cluster. It improves overall cluster resource utilization by adjusting the resource usage of online services during their peaks and troughs. |
| Online service | - | Workloads with high requirements for QoS and sensitivity to response latency, such as web services and e-commerce. |
| Offline service | - | Workloads with relatively lower requirements for QoS and insensitivity to response latency, such as big data analysis, transcoding, and AI training. |
| Resource overselling | - | The practice of dynamically allocating the surplus resources requested by online services during their trough periods to offline services in a colocation scenario. |
| RayCluster | - | A basic Ray cluster, consisting of one head node and zero to several worker nodes to form an application cluster. |
| RayService | - | It deploys Ray Serve. During deployment, it creates an independent Ray cluster and supports features like hot updates and high availability for the service. |
| RayJob | - | It submits and executes a single job. Each submitted job independently creates a Ray cluster, executes the task once the cluster is ready, and automatically destroys the cluster upon task completion, achieving cluster-level isolation. |
| Multi-core | - | Multi-core architecture refers to systems that integrate a large number of processing cores on a single chip. The multi-core scenario specifically refers to nodes within a cluster where the number of CPU cores is greater than 256. |
| Quality of service | QoS | Kubernetes classifies pods into three QoS levels (Guaranteed, Burstable, and BestEffort) based on their resource requests and limits. These QoS levels are used to determine resource allocation and eviction priority. In addition, workloads can define custom QoS policies to differentiate priorities and resource guarantees across services or tasks. QoS helps improve the stability of critical services and optimize resource utilization. |