Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, K8s)[3] is an open-source container orchestration system for automating software deployment, scaling, and management.

[4][5] Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.

[6] Kubernetes assembles one or more computers, either virtual machines or bare metal, into a cluster which can run workloads in containers.

[7] Its suitability for running and managing workloads of all sizes and styles has led to its widespread adoption in clouds and data centers.

[8] Kubernetes is one of the most widely deployed software systems in the world[9] being used across companies including Google, Microsoft, Cisco, Amazon, Apple, Meta, Nvidia, Reddit and Pinterest.

[10] The project was conceived and created by Google employees Joe Beda, Brendan Burns, and Craig McLuckie.

Others at Google soon joined to help build the project including Ville Aikas, Dawn Chen, Brian Grant, Tim Hockin, and Daniel Smith.

[11][12] Other companies such as Red Hat and CoreOS joined the effort soon after, with notable contributors such as Clayton Coleman and Kelsey Hightower.

[10] The design and development of Kubernetes was inspired by Google's Borg cluster manager and based on Promise Theory.

[13][14] Many of its top contributors had previously worked on Borg;[15][16] they codenamed Kubernetes "Project 7" after the Star Trek ex-Borg character Seven of Nine[17] and gave its logo a seven-spoked ship's wheel (designed by Tim Hockin).

[29] Kubernetes defines a set of building blocks ("primitives") that collectively provide mechanisms that deploy, maintain, and scale applications based on CPU, memory[30] or custom metrics.

[34] Etcd[35] is a persistent, lightweight, distributed, key-value data store (originally developed for Container Linux).

It takes care of starting, stopping, and maintaining application containers organized into pods as directed by the control plane.

[52] Examples of popular container runtimes that are compatible with kubelet include containerd (initially supported via Docker) and CRI-O.

[32] Each pod in Kubernetes is assigned a unique IP address within the cluster, allowing applications to use ports without the risk of conflict.

[38] StatefulSets are controllers that enforce the properties of uniqueness and ordering amongst instances of a pod, and can be used to run stateful applications.

[58] Generally, most workloads scale in response to a desired replica count, depending on the availability and performance requirements as needed by the application.

This is particularly helpful for use cases where the workload has some dependency on the actual node or host machine, such as log collection, ingress controllers, and storage services.

This means that a restart of the pod will wipe out any data on such containers, and therefore, this form of storage is quite limiting in anything but trivial applications.

A common application challenge is deciding where to store and manage configuration information, some of which may contain sensitive data.

Kubernetes provides two closely related mechanisms to deal with this need, known as ConfigMaps and Secrets, both of which allow for configuration changes to be made without requiring an application rebuild.

The data from ConfigMaps and Secrets will be made available to every single instance of the application to which these objects have been bound via the Deployment.

[63] Secrets are often used to store confidential or sensitive data like certificates, credentials to work with image registries, passwords, and ssh keys.

Kubernetes enables clients (users or internal components) to attach keys called labels to any API object in the system, such as pods and nodes.

This capability to dynamically control how services utilize implementing resources provides a loose coupling within the infrastructure.

Implementing persistent storage for containers is one of the top challenges of Kubernetes administrators, DevOps and cloud engineers.

Human operators who look after specific applications and services have deep knowledge of how the system ought to behave, how to deploy it, and how to react if there are problems.

Several notable projects under the Cloud Native Computing Foundation's incubation program follow the operator pattern to extend Kubernetes, including Argo, Open Policy Agent and Istio.

[81] The Kubernetes API server listens on a TCP port that serves HTTPS traffic, in order to enforce transport layer security (TLS) using CA certificates.

[34] Kubernetes is commonly used as a way to host a microservice-based implementation, because it and its associated ecosystem of tools provide all the capabilities needed to address key concerns of any microservice architecture.