Advanced 10 terms

Kubernetes Operators & CRDs

Vocabulary for Kubernetes operator pattern: Custom Resource Definitions, reconciliation loops, admission webhooks, and operator frameworks.

  • CRD (Custom Resource Definition) /siː ɑː diː/

    A Kubernetes API extension that defines a new resource type with a custom schema — enabling users to create and manage custom objects using kubectl and the Kubernetes API.

    "We defined a CRD called DatabaseCluster with fields for replicas, storageClass, and version — after applying the CRD, users can create DatabaseCluster objects just like they create Deployments."
  • Custom resource /ˈkʌstəm rɪˈsɔːs/

    An instance of a custom resource definition — a Kubernetes object of a user-defined type, stored in etcd and managed through the Kubernetes API.

    "After deploying the Postgres operator and its CRD, we created a custom resource: kind: PostgresCluster with 3 replicas and 100Gi storage — the operator reads this and provisions the actual infrastructure."
  • Operator pattern /ˈɒpəreɪtər ˈpætən/

    A Kubernetes extension pattern where a custom controller watches custom resources and continuously reconciles the cluster's actual state to match the desired state declared in the resource spec.

    "The Prometheus Operator implements the operator pattern: you declare a ServiceMonitor custom resource describing what to scrape, and the operator automatically configures Prometheus without manual config file management."
  • Reconciliation loop /ˌrekənsɪliˈeɪʃən luːp/

    The core logic of a Kubernetes controller — a control loop that watches resources, detects drift between desired and actual state, and takes corrective actions to converge them.

    "The operator's reconciliation loop runs every 30 seconds: compare desired replica count from the custom resource spec against actual pods running, then scale up or down to match."
  • Admission webhook /ədˈmɪʃən ˈwebhʊk/

    An HTTP callback invoked by the Kubernetes API server before persisting a resource — used to validate or mutate API requests. Comes in two types: mutating (can modify) and validating (can reject).

    "Our mutating admission webhook automatically injects a sidecar container into every Pod with a specific annotation — developers just add the annotation, the webhook handles the rest."
  • Mutating webhook /ˈmjuːteɪtɪŋ ˈwebhʊk/

    An admission webhook that can modify the incoming Kubernetes resource before it is stored — used for automatic injection of sidecars, default values, or policy-required labels.

    "The Istio mutating webhook intercepts every new Pod and adds the Envoy sidecar container automatically — without it, developers would have to manually add the sidecar to every deployment."
  • Validating webhook /ˈvælɪdeɪtɪŋ ˈwebhʊk/

    An admission webhook that can inspect and approve or reject a Kubernetes resource, but cannot modify it — used to enforce policies like required labels, resource limits, or security standards.

    "Our validating webhook rejects any Deployment without resource limits defined — it returns a 400 with a clear error message: 'All containers must specify requests and limits for cpu and memory.'"
  • Kubebuilder /ˈkjuːbˌbɪldər/

    A Go SDK and code generator for building Kubernetes operators — providing scaffolding, controller-runtime integration, and code generation for CRDs and webhooks.

    "We used Kubebuilder to scaffold our caching operator: kubebuilder init && kubebuilder create api generated 80% of the boilerplate, letting us focus on the reconciliation business logic."
  • controller-runtime /kənˈtrəʊlər ˈrʌntaɪm/

    The Go library (used by Kubebuilder and Operator SDK) that provides the base controller framework — including the manager, reconciler interface, caching, and event watching for Kubernetes operators.

    "controller-runtime's manager starts all controllers, shares an informer cache to reduce API server load, and handles leader election — letting us focus on implementing the Reconcile() function."
  • Desired state vs actual state /dɪˈzaɪəd steɪt æktʃuəl steɪt/

    The core Kubernetes declarative model: desired state is what the resource spec declares should exist; actual state is what currently exists in the cluster. The controller's job is to reconcile the difference.

    "The custom resource says 3 replicas (desired state), but only 2 pods are running (actual state). The operator detects the difference and creates a third pod to converge to desired state."

Ready to practice?

Test your knowledge of these terms in the interactive exercise.

Start exercise →