DevOps NetworkDevOpsNetwork
HubsModulesRoadmapWhat's NewDaily ChallengeNew
DevOps NetworkDevOpsNetwork

Menu

PlannerLeaderboardInterview PrepModulesProjectsCheatsheetsResourcesEventsTech BlogContact & Suggestions
PlannerTrack weekly learning goals & streak
LeaderboardGlobal ranking & learning scoreboard
Interview PrepSRE & DevOps interview preparation
ProjectsHands-on projects & system designs
CheatsheetsQuick-reference syntax guides
ResourcesCurated learning bookmarks & links
EventsLive sessions & webinars schedule
Tech BlogEngineering deep dives & tutorials
Report Bug & FeedbackReport bugs & share suggestions
DevOps Network

Helping you learn modern infrastructure step-by-step. Join our community of engineers today.

Platform Status: Online

Platform

  • Career Roadmaps
  • Learning Modules
  • Hands-on Projects
  • Developer Hubs

Resources

  • Cheatsheets
  • Interview Prep
  • Concept Guides
  • Technical Glossary
  • Curated Links

Community

  • Engineering Blog
  • Live Events
  • About Us
  • Contact Us
Join the Engineering Core

Join our Newsletter

Master DevOps with 1 high-density email per week.

© 2026 DevOps Network. All rights reserved.

Privacy PolicyTerms of ServiceCookie Policy
Built by Daksh Saini

DevOps Glossary.

A simple, no-jargon dictionary for DevOps and Cloud engineering. Find clear definitions for technical terms, tools, and concepts to help you understand modern infrastructure.

Dictionary Matches

161 Terms found

.dockerignore

docker

A file in the build context directory that lists files and directories Docker should exclude when sending the build context to the daemon. Excluding node_modules, .git, and test fixtures reduces build context from gigabytes to megabytes.

Read Definition

Affinity

kubernetes

A Kubernetes scheduling rule that expresses attraction constraints — directing the scheduler to prefer or require that pods land on specific nodes or near specific other pods. Comes in two forms: Node Affinity (pod-to-node preferences) and Pod Affinity/Anti-Affinity (pod-to-pod co-location or separation rules).

Read Definition

Alertmanager

kubernetes

A Prometheus stack component that receives firing alerts, deduplicates and groups related ones, applies routing rules, and delivers notifications to Slack, PagerDuty, or email. Alertmanager turns raw metric threshold violations into actionable team notifications.

Read Definition

Argo Rollouts

cicd

Argo Rollouts is a Kubernetes controller that extends Deployments with advanced rollout strategies — blue-green, canary with traffic weighting, and automated analysis. It integrates with Prometheus and Istio to automatically promote or roll back based on real-time metrics.

Read Definition

ArgoCD

cicd

ArgoCD is a declarative GitOps continuous delivery tool for Kubernetes that watches a Git repository and automatically synchronises the cluster to match the declared state — providing self-healing, auditable deployments where every change is a Git commit.

Read Definition

Artifact

cicd

A CI/CD artifact is a file or set of files produced by one pipeline job and passed to subsequent jobs or stored for later use. Common artifacts include Docker image references, compiled binaries, test reports, and coverage files that travel through the pipeline.

Read Definition

Artifact Promotion

cicd

Artifact promotion is the practice of building a Docker image or binary exactly once and passing the same immutable artifact through dev, staging, and production — rather than rebuilding for each environment. What was tested is exactly what gets deployed.

Read Definition

Atlantis

terraform

Atlantis is an open-source tool that automates Terraform pull request workflows — running terraform plan automatically when a PR is opened and posting the output as a comment, then running terraform apply when an approved reviewer comments 'atlantis apply'.

Read Definition

Base Image

docker

The starting point of a Dockerfile specified in the FROM instruction. The base image determines the operating system, package manager, and initial filesystem of the final image — and is the single biggest factor in image size and security.

Read Definition

Bash

linux

Bash (Bourne Again Shell) is the default command-line shell on Linux servers. It is both an interactive shell for daily commands and a scripting language for automation. Bash scripts power CI/CD pipelines, deployment scripts, health checks, and server automation across the industry.

Read Definition

BestEffort

kubernetes

A Kubernetes QoS Class assigned to pods that have no resource requests or limits configured at all. BestEffort pods receive whatever CPU and memory is left over on the node, have zero resource guarantees, and are the first pods evicted when a node experiences memory pressure.

Read Definition

Blue-Green Deployment

kubernetes

A release strategy that runs two identical environments simultaneously — blue (live) and green (new version). Traffic switches from blue to green all at once after green is fully tested. Rollback is instant by switching traffic back to blue.

Read Definition

Bridge Network

docker

The default Docker network driver that creates an isolated virtual network on the host, connecting containers via a Linux bridge device. User-defined bridge networks add automatic DNS resolution by container name.

Read Definition

Build Cache

docker

Docker's mechanism for reusing unchanged image layers from previous builds to speed up rebuild time. Each instruction is a cache key — if the instruction and its inputs are unchanged, Docker reuses the cached layer instead of re-executing the instruction.

Read Definition

Burstable

kubernetes

A Kubernetes QoS Class where at least one container has resource requests set but they differ from the limits. Burstable pods can use more resources than requested when the node has spare capacity, and are evicted second after BestEffort during node memory pressure.

Read Definition

CNI

kubernetes

Container Network Interface - a specification and set of plugins that configure network interfaces inside Linux containers, enabling pod-to-pod communication across all nodes in a Kubernetes cluster. Popular implementations include Calico, Cilium, and Flannel. Without a CNI plugin installed, no pods can communicate and all will remain stuck in Pending.

Read Definition

Canary Deployment

kubernetes

A release strategy that sends a small percentage of real user traffic (typically 5-10%) to the new application version while the majority continues on the stable version. If the canary performs well, traffic percentage is gradually increased until full rollout.

Read Definition

Change Failure Rate

cicd

One of the four DORA metrics — measures the percentage of deployments that cause a production incident requiring a hotfix or rollback. Elite performers keep this below 5%. High failure rates indicate insufficient test coverage or inadequate staging environment fidelity.

Read Definition

Cluster Autoscaler

kubernetes

A Kubernetes component that automatically adds worker nodes when pods cannot be scheduled due to insufficient resources, and removes idle nodes when utilisation drops — reducing cloud costs without manual intervention.

Read Definition

ClusterIP

kubernetes

The default Kubernetes Service type that assigns a stable virtual IP address accessible only within the cluster, enabling internal pod-to-pod communication through a consistent endpoint that remains fixed regardless of underlying pod IP changes.

Read Definition

Compose Health Check

docker

A configuration in a Docker Compose service that defines a command Docker runs periodically to determine if a container is healthy. Other services use depends_on with condition: service_healthy to wait until a dependency passes its health check before starting.

Read Definition

Compose Override

docker

A secondary Docker Compose file that extends or modifies the base compose file for specific environments. Docker automatically merges docker-compose.override.yml with docker-compose.yml, allowing environment-specific configuration without duplicating the base file.

Read Definition

Compose Profiles

docker

A Docker Compose feature that tags services with profile names, allowing them to be selectively started. Services without a profile always start — services with a profile only start when that profile is explicitly activated with --profile.

Read Definition

Compose Service

docker

A named container definition in a Docker Compose file that specifies the image, ports, environment, volumes, dependencies, and runtime configuration for one component of a multi-container application.

Read Definition

ConfigMap

kubernetes

A Kubernetes object that stores non-sensitive configuration data as key-value pairs, allowing application configuration to be completely decoupled from container images and injected into pods as environment variables or mounted files at runtime.

Read Definition

Container

docker

A lightweight, isolated process running on a shared Linux kernel using namespaces and cgroups — providing filesystem, network, and process isolation without the overhead of a full virtual machine.

Read Definition

Container Image

docker

A read-only, layered filesystem snapshot containing an application and everything it needs to run — code, runtime, libraries, and configuration. Container images are the templates from which containers are created.

Read Definition

Container Isolation

docker

The security boundaries that Linux namespaces and cgroups create around a container process, limiting its view of the filesystem, network, processes, and system resources. Container isolation is weaker than VM isolation — all containers share the host kernel.

Read Definition

Container Lifecycle

docker

The sequence of states a Docker container moves through from creation to removal — created, running, paused, stopped, and dead — each triggered by specific Docker CLI commands or container exit events.

Read Definition

Container Registry

docker

A service that stores and distributes Docker images. The registry serves as the central repository from which developers push built images and deployment systems pull them to create containers.

Read Definition

Container Runtime Interface

docker

A Kubernetes plugin interface that defines how Kubernetes communicates with container runtimes. CRI allows Kubernetes to work with containerd, CRI-O, and other runtimes — and explains why Kubernetes deprecated Docker as a runtime in version 1.24.

Read Definition

CoreDNS

kubernetes

The default DNS server in Kubernetes that runs as a Deployment inside the cluster, resolving service names to ClusterIP addresses and enabling pods to discover and communicate with each other using human-readable DNS names instead of raw IP addresses.

Read Definition

Count and For Each

terraform

Terraform count and for_each are meta-arguments that create multiple instances of a resource or module from a single block. Count creates N identical copies using a numeric index. For_each creates one instance per item in a map or set, giving each instance a meaningful key instead of a number.

Read Definition

CrashLoopBackOff

kubernetes

A Kubernetes pod status indicating the container repeatedly crashes immediately after starting and the kubelet applies exponential backoff delays before each restart attempt, beginning at 10 seconds and capping at 5 minutes. It signals that something inside the container is fundamentally broken - not a transient network issue.

Read Definition

Daemon

linux

A daemon is a background process that runs continuously without a controlling terminal, typically started at boot and providing a service to other processes or the system. Common daemons include sshd (SSH server), nginx (web server), and cron (job scheduler).

Read Definition

DaemonSet

kubernetes

A Kubernetes controller that ensures exactly one copy of a pod runs on every node in the cluster (or a filtered subset). When new nodes join, the DaemonSet automatically schedules a pod on them. When nodes leave, those pods are garbage collected. Used for infrastructure agents that must run everywhere — log collectors, monitoring exporters, network plugins, and security scanners.

Read Definition

Depends On

terraform

The depends_on meta-argument in Terraform explicitly declares that one resource must be created before another, even when there is no direct reference between them. Terraform normally infers dependencies automatically from references — depends_on handles the rare cases where the dependency is implicit and invisible to Terraform.

Read Definition

Deployment

kubernetes

A Kubernetes controller that manages a set of identical pods — ensuring the desired number of replicas always runs, handling rolling updates to new versions with zero downtime, and automatically replacing crashed or deleted pods.

Read Definition

Deployment Frequency

cicd

One of the four DORA metrics — measures how often an organisation successfully deploys to production. Elite performers deploy multiple times per day. High frequency is only safe with automated testing, fast rollback, and small batch sizes.

Read Definition

Docker BuildKit

docker

The modern Docker build engine that replaces the legacy builder with parallel layer building, better caching, secret mounts, SSH agent forwarding, and multi-platform builds. Enabled by default in Docker 23+.

Read Definition

Docker Buildx

docker

A Docker CLI plugin that extends docker build with BuildKit features including multi-platform image building, advanced cache management, and parallel builds. Buildx enables building images for linux/amd64, linux/arm64, and other architectures from a single machine.

Read Definition

Docker Compose

docker

A tool for defining and running multi-container Docker applications using a YAML file. A single docker compose up command creates and starts all services, networks, and volumes defined in the compose file.

Read Definition

Docker Compose vs Kubernetes

docker

A comparison of two container orchestration approaches. Compose runs multi-container apps on a single host and suits small teams and local development. Kubernetes orchestrates containers across multiple hosts with self-healing, auto-scaling, and rolling deployments.

Read Definition

Docker Content Trust

docker

A Docker security feature that enables cryptographic signing and verification of images using Notary. When enabled, Docker refuses to pull or run images that have not been signed by a trusted key — protecting against image tampering in transit.

Read Definition

Docker Context

docker

The set of files and directories sent to the Docker daemon when building an image. Docker reads everything in the build context directory and sends it to the daemon — making a small, well-scoped context essential for fast builds.

Read Definition

Docker DNS

docker

Docker's embedded DNS server (127.0.0.11) that runs inside every container on a user-defined network, resolving container names and network aliases to IP addresses without any manual configuration.

Read Definition

Docker Daemon

docker

The background service (dockerd) that manages Docker objects — images, containers, networks, and volumes. The Docker CLI communicates with the daemon via a REST API over a Unix socket at /var/run/docker.sock.

Read Definition

Docker Health Check

docker

A Dockerfile instruction or docker run flag that defines a command Docker runs periodically inside a container to determine if it is healthy. Containers can be starting, healthy, or unhealthy — used by orchestrators for traffic routing decisions.

Read Definition

Docker Image

docker

A read-only, layered filesystem snapshot that serves as the template for creating containers. Each layer represents a Dockerfile instruction and is cached and reused across builds to speed up image creation.

Read Definition

Docker Logging Driver

docker

The mechanism Docker uses to capture and route container stdout and stderr output. The default json-file driver writes to the host filesystem — production systems typically use awslogs, fluentd, or splunk drivers to ship logs to centralised aggregation systems.

Read Definition

Docker Network

docker

A virtual network that Docker creates to enable communication between containers and between containers and the host. Docker provides several network drivers (bridge, host, overlay, none) for different connectivity requirements.

Read Definition

Docker Non-Root

docker

The practice of configuring Docker containers to run as a non-root user (UID > 0) to limit the damage a compromised container process can do to the host system and other containers.

Read Definition

Docker Prune

docker

A family of Docker commands that remove unused objects — stopped containers, dangling images, unused volumes, unused networks — to recover disk space on the host. Essential maintenance on build machines where layers accumulate over time.

Read Definition

Docker Restart Policy

docker

A configuration that tells Docker what to do when a container exits. The four policies — no, always, on-failure, and unless-stopped — determine whether Docker automatically restarts a container and under what conditions.

Read Definition

Docker Secrets

docker

Sensitive data (passwords, tokens, certificates) that must be available to containers at runtime without being stored in image layers, environment variables, or compose files in plaintext. Docker provides BuildKit secret mounts for build-time and file-based secrets for runtime.

Read Definition

Docker Stats

docker

Docker's built-in runtime resource monitoring command that shows real-time CPU, memory, network I/O, and block I/O usage for running containers. Used for capacity planning and detecting runaway containers before formal monitoring is in place.

Read Definition

Docker Swarm

docker

Docker's built-in container orchestration mode that turns a group of Docker hosts into a cluster. Swarm provides service scaling, rolling updates, secrets management, and overlay networking — a simpler alternative to Kubernetes for teams not ready for its complexity.

Read Definition

Docker Volume

docker

A Docker-managed persistent storage location on the host filesystem that exists outside the container's union filesystem. Volumes persist beyond container lifetime, can be shared between containers, and are the recommended way to store data that must survive container restarts.

Read Definition

Dockerfile

docker

A text file containing ordered instructions that Docker executes to build an image layer by layer. Each instruction creates a new filesystem layer — FROM sets the base, RUN executes commands, COPY adds files, and CMD defines the startup command.

Read Definition

Drift

terraform

Infrastructure drift in Terraform occurs when real cloud resources are changed outside of Terraform — by clicking in the AWS console, running AWS CLI commands, or making emergency fixes — causing the actual infrastructure to no longer match what Terraform expects from its state file.

Read Definition

Environment

cicd

A CI/CD environment is a named deployment target — such as dev, staging, or production — that tracks deployment history, enforces approval requirements, and holds environment-specific secrets. Environments make promotion workflows explicit and auditable.

Read Definition

Environment Variable

linux

An environment variable is a named value stored in a process's environment that child processes inherit. Environment variables configure application behaviour without hardcoding values. They are the standard method for passing configuration, secrets, and runtime settings to processes.

Read Definition

File Descriptor

linux

A file descriptor is a non-negative integer that the Linux kernel assigns to an open file, socket, pipe, or device. Every process has a table of file descriptors. 0 is stdin, 1 is stdout, 2 is stderr. All I/O in Linux happens through file descriptors.

Read Definition

File Permissions

linux

Linux file permissions control which users can read, write, or execute a file using a three-level model: owner, group, and other. Each level has three bits that can be independently set, represented as rwxr-xr-- or in octal as 754.

Read Definition

Filesystem

linux

A filesystem is the method an operating system uses to organise, store, and retrieve files on a storage device. Linux uses ext4 and XFS most commonly in production, plus virtual filesystems like /proc and /sys that exist only in memory.

Read Definition

GitHub Actions

cicd

GitHub Actions is GitHub's built-in CI/CD platform that runs automated workflows in YAML files under .github/workflows/. Workflows trigger on repository events — push, pull request, schedule — and run jobs on GitHub-hosted or self-hosted runners.

Read Definition

GitLab CI

cicd

GitLab CI is GitLab's integrated CI/CD system defined in a .gitlab-ci.yml file at the repository root. It runs jobs on registered runners, tracks deployments to named environments, and integrates tightly with GitLab's merge request workflow for inline pipeline status.

Read Definition

GitOps

cicd

A set of practices where the entire desired state of infrastructure and applications is stored in Git as the single source of truth. Changes are made via Git commits and pull requests — a reconciliation agent (ArgoCD, Flux) automatically applies them to the target environment.

Read Definition

Grafana

kubernetes

An open-source visualisation platform that connects to Prometheus to create real-time dashboards and alert panels. In Kubernetes environments Grafana turns raw PromQL queries into readable charts that make cluster health and pod performance visible across the entire engineering team.

Read Definition

Guaranteed

kubernetes

A Kubernetes QoS Class assigned to pods where every container has CPU and memory requests set exactly equal to their limits. Guaranteed pods receive the highest resource protection and are the last to be evicted when a node runs out of memory.

Read Definition

HCL

terraform

HCL (HashiCorp Configuration Language) is the configuration language Terraform uses to define infrastructure. It is designed to be human-readable and machine-parseable — more readable than JSON and simpler than a full programming language.

Read Definition

HPA

kubernetes

Horizontal Pod Autoscaler - a Kubernetes controller that automatically scales the number of pod replicas in a Deployment or StatefulSet up or down based on observed CPU utilization, memory usage, or custom application metrics. It eliminates the need to manually adjust replica counts during traffic spikes and quiet periods.

Read Definition

Helm

cicd

Helm is the package manager for Kubernetes that bundles manifests into reusable parameterised charts. In CI/CD pipelines, Helm deploys applications with environment-specific values — enabling the same chart to deploy to dev, staging, and production with different configurations.

Read Definition

Helm and Helm Chart

kubernetes

A package manager for Kubernetes that bundles all required Kubernetes manifests into a reusable unit called a chart. Helm templates variables at deploy time, enabling the same chart to deploy consistently across dev, staging, and production environments with different configurations.

Read Definition

Host Network

docker

A Docker network mode where the container shares the host's network namespace directly, using the host's IP address and ports without any NAT. Provides the best network performance but eliminates all network isolation between the container and host.

Read Definition

Image Digest

docker

A content-addressable SHA256 hash that uniquely and immutably identifies a specific version of a Docker image. Unlike tags which can be overwritten, a digest always refers to exactly the same image bytes.

Read Definition

ImagePullBackOff

kubernetes

A Kubernetes pod status indicating the kubelet cannot pull the container image from the registry and is applying exponential backoff delays between retry attempts. It is always caused by one of four things: the image name or tag is wrong, the image does not exist, the registry requires authentication that the cluster does not have, or the registry is unreachable from the node.

Read Definition

Infracost

terraform

Infracost is an open-source tool that estimates the monthly cloud cost of a Terraform plan before you apply it — showing a cost breakdown per resource and the cost difference between your current and proposed infrastructure.

Read Definition

Ingress

kubernetes

An API object that manages external HTTP and HTTPS access to services inside a cluster. Ingress sits in front of multiple services and acts as a smart router — directing traffic based on hostnames, URL paths, or headers without exposing each service directly to the internet.

Read Definition

Inode

linux

An inode is a data structure in a Linux filesystem that stores metadata about a file — its permissions, owner, size, and data block locations — but not its filename. The filename lives in a directory entry that points to the inode number.

Read Definition

Input Variable

terraform

A Terraform input variable is a parameter that makes a module or configuration reusable by letting callers pass in different values at runtime. Variables are declared with a variable block and can have a type, default value, description, and validation rules.

Read Definition

Jenkins

cicd

Jenkins is an open-source automation server widely used in enterprise environments for CI/CD pipelines. It uses a Groovy-based Jenkinsfile to define declarative pipelines with stages, agents, and post-build actions — running on self-hosted infrastructure with full customisation.

Read Definition

Job

cicd

A CI/CD job is a discrete unit of work within a pipeline stage that runs on a runner or agent. Each job runs in isolation, has its own set of steps, and produces a pass or fail result that determines whether dependent jobs can proceed.

Read Definition

Kubelet

kubernetes

The primary node agent in Kubernetes that runs on every worker node, responsible for ensuring containers described in PodSpecs are running, healthy, and reporting status back to the control plane.

Read Definition

Lead Time for Changes

cicd

One of the four DORA metrics — measures the time from a code commit to that code running in production. Elite performers achieve lead times under one hour. Long lead times indicate slow pipelines, large batch sizes, or excessive manual gates.

Read Definition

LimitRange

kubernetes

A namespace-scoped policy that sets default, minimum, and maximum resource constraints for individual containers and pods within a namespace. While ResourceQuota caps the total consumption of a namespace, LimitRange enforces boundaries at the per-container level — automatically injecting default requests/limits into pods that don't specify them.

Read Definition

Linux Capabilities

docker

Granular Linux kernel privileges that can be individually granted or revoked from container processes. Docker drops 14 dangerous capabilities by default — using --cap-drop ALL with selective --cap-add provides the most restrictive security posture.

Read Definition

Linux Firewall

linux

A Linux firewall controls which network packets are allowed into, out of, or through a server using rules evaluated by the kernel's netfilter framework. Tools like iptables, nftables, and ufw write rules into netfilter. The default-deny model blocks all traffic not explicitly permitted.

Read Definition

Linux Kernel

linux

The Linux kernel is the core of the operating system — the software that manages hardware, memory, processes, and system calls. It runs in privileged kernel space while applications run in user space. The kernel is the layer that makes all higher-level Linux functionality possible.

Read Definition

Local Value

terraform

A Terraform local value is a named expression that you compute once and reuse throughout a configuration without repeating the calculation. Locals are like constants or intermediate variables — they are not input parameters and cannot be set by callers.

Read Definition

MTTR

cicd

One of the four DORA metrics — measures the average time to restore service after a production incident. Elite performers restore in under one hour. MTTR is driven by detection speed, rollback speed, and on-call runbook quality.

Read Definition

Module Source

terraform

The source argument in a Terraform module block tells Terraform where to find the module code — a local relative path, a Terraform Registry address, a GitHub URL, or a private registry. The source determines how Terraform downloads and versions the module.

Read Definition

Mount

linux

Mounting in Linux attaches a filesystem (on a disk partition, network share, or virtual source) to a directory in the filesystem tree. After mounting, files on the device appear at that directory path and are accessible through normal file operations.

Read Definition

Multi-Stage Build

docker

A Dockerfile pattern that uses multiple FROM instructions to separate build-time dependencies from runtime artifacts. The final image contains only what is needed to run the application — not the compilers, test frameworks, or build tools used during the build.

Read Definition

Namespace

kubernetes

A Kubernetes mechanism for partitioning cluster resources into isolated virtual segments. Namespaces allow multiple teams, projects, or environments to share the same physical cluster while maintaining logical separation of workloads, access controls, and resource quotas. They do not provide network isolation by themselves — that requires Network Policies.

Read Definition

Network Port

linux

A network port is a 16-bit number (0-65535) that identifies a specific service or process on a host within a TCP/IP connection. Ports allow a single IP address to host multiple services simultaneously. Ports below 1024 are privileged and require root to bind.

Read Definition

OCI Standard

docker

Open Container Initiative — an open industry standard for container image format and runtime specification maintained by the Linux Foundation. OCI ensures that images built with Docker can run on containerd, podman, CRI-O, and any other OCI-compliant runtime.

Read Definition

OIDC for CI/CD

cicd

OIDC (OpenID Connect) for CI/CD allows pipelines to assume cloud provider roles using short-lived tokens instead of long-lived static credentials. GitHub Actions, GitLab CI, and other platforms issue OIDC tokens that AWS, GCP, and Azure accept in exchange for temporary access credentials.

Read Definition

OOMKilled

kubernetes

A pod termination status in Kubernetes that occurs when a container exceeds its configured memory limit, causing the Linux kernel to forcefully terminate the process. Exit code is always 137.

Read Definition

Output Value

terraform

A Terraform output value exposes specific attributes from your infrastructure after an apply — like an EC2 instance's IP address or an S3 bucket's name. Outputs are printed to the terminal after apply and can be read by other Terraform configurations through remote state data sources.

Read Definition

Overlay Network

docker

A multi-host Docker network driver that spans multiple Docker hosts, enabling containers on different machines to communicate as if on the same network. Used in Docker Swarm and as the conceptual foundation for understanding Kubernetes CNI networking.

Read Definition

PATH

linux

PATH is an environment variable containing a colon-separated list of directories the shell searches when you type a command. The shell checks each directory in order and runs the first matching binary found. Commands not in any PATH directory require an absolute path.

Read Definition

PID

linux

PID (Process ID) is a unique integer assigned by the Linux kernel to every running process. PID 1 is always systemd (or init), the first process after the kernel boots. Every other process gets the next available PID number up to the system maximum.

Read Definition

Package Manager

linux

A Linux package manager installs, updates, and removes software packages along with their dependencies. apt manages .deb packages on Debian/Ubuntu. yum and dnf manage .rpm packages on RHEL/CentOS/Amazon Linux. Both verify package integrity with GPG signatures before installation.

Read Definition

PersistentVolumeClaim

kubernetes

A user's formal request for storage in Kubernetes that binds to an available PersistentVolume, abstracting the underlying storage provider and allowing pods to consume durable storage independently of their own lifecycle.

Read Definition

Pipe

linux

A pipe (|) connects the standard output of one command to the standard input of the next, creating a data processing chain. Pipes let you compose simple commands into powerful one-liners without temporary files. The kernel implements pipes as in-memory buffers between processes.

Read Definition

Pipeline

cicd

A CI/CD pipeline is an automated sequence of stages that takes source code from a Git commit through building, testing, scanning, and deploying to production — eliminating manual steps and ensuring every change follows the same verified path to release.

Read Definition

Pod

kubernetes

The smallest deployable unit in Kubernetes — a group of one or more containers that share the same network namespace, storage volumes, and lifecycle. Every container in Kubernetes runs inside a pod, and every pod gets its own unique IP address inside the cluster.

Read Definition

PodDisruptionBudget

kubernetes

A Kubernetes policy object that limits the number of pods of a replicated application that can be simultaneously down during voluntary disruptions like node drains, cluster upgrades, or autoscaling events, ensuring minimum availability is always maintained.

Read Definition

Port Publishing

docker

The mechanism by which Docker exposes a container's internal port to the host network, making the container service accessible from outside using -p host_port:container_port. Docker creates iptables DNAT rules to route traffic from the host port to the container.

Read Definition

Process

linux

A process is a running instance of a program. Linux gives each process a unique PID, its own memory space, and a set of open file descriptors. Every process has a parent — except PID 1 (systemd) — forming a tree of all running processes.

Read Definition

PromQL

kubernetes

Prometheus Query Language — the functional query language used to select, filter, aggregate, and calculate metrics stored in Prometheus. PromQL is used to build Grafana dashboard panels, define alert thresholds in PrometheusRule objects, and explore live metric data in the Prometheus web UI.

Read Definition

Prometheus

kubernetes

An open-source monitoring system that collects time-series metrics by scraping HTTP endpoints every 15 seconds. In Kubernetes it is the standard tool for collecting pod CPU, memory, request rates, and error rates — storing them locally and providing PromQL for querying.

Read Definition

QoS Class

kubernetes

A Quality of Service classification that Kubernetes automatically assigns to every pod based on its resource requests and limits configuration. QoS Class determines the eviction priority when a node runs low on memory — pods with lower QoS Class are evicted first to protect higher-priority pods.

Read Definition

RBAC

kubernetes

Role-Based Access Control — Kubernetes's built-in authorization system that controls who (users, groups, or ServiceAccounts) can perform what actions (get, list, create, delete) on which resources (pods, secrets, deployments) within the cluster. RBAC is enforced through four objects: Role, ClusterRole, RoleBinding, and ClusterRoleBinding.

Read Definition

Redirect

linux

Shell redirection operators control where a command's input comes from and where its output goes. The > operator writes stdout to a file, >> appends, < reads stdin from a file, and 2> captures stderr. Combining them allows precise control over all three standard streams.

Read Definition

Remote State

terraform

Terraform remote state stores the terraform.tfstate file on a shared backend — like AWS S3 or Terraform Cloud — instead of on a local disk. Remote state allows a whole team to share infrastructure state safely and enables one Terraform configuration to read outputs from another.

Read Definition

ResourceQuota

kubernetes

A namespace-scoped Kubernetes object that enforces hard upper limits on the total amount of compute resources (CPU, memory) and API objects (pods, secrets, services) that can exist within a namespace. ResourceQuotas protect shared clusters from a single team or runaway workload consuming all available resources.

Read Definition

Rolling Update

kubernetes

A Kubernetes deployment strategy that replaces old pods with new ones gradually — one at a time or in small batches — ensuring pods are always running and serving traffic throughout the entire update. The default zero-downtime release strategy for Kubernetes Deployments.

Read Definition

Runner

cicd

A CI/CD runner is the machine or container that executes jobs in a pipeline. GitHub-hosted runners are managed ephemeral VMs. Self-hosted runners run on your own infrastructure — giving control over hardware, networking, installed tools, and access to private resources.

Read Definition

SAST

cicd

SAST (Static Application Security Testing) scans source code or compiled binaries for security vulnerabilities without executing the program. Integrated into CI pipelines, tools like Semgrep, SonarQube, and CodeQL catch injection flaws, secrets, and insecure patterns before code reaches production.

Read Definition

SSH

linux

SSH (Secure Shell) is a cryptographic network protocol that provides encrypted remote access to Linux servers. It authenticates using key pairs or passwords and creates an encrypted tunnel for all data, replacing insecure protocols like Telnet and rsh.

Read Definition

SSH Private Key

linux

An SSH private key is the secret half of an asymmetric key pair stored locally at ~/.ssh/id_ed25519. It proves identity during SSH authentication by signing a server challenge. It must never be shared, transmitted, or committed to version control under any circumstances.

Read Definition

SSH Public Key

linux

An SSH public key is the shareable half of an asymmetric key pair used for SSH authentication. It is placed in ~/.ssh/authorized_keys on the server. The server uses it to verify that the connecting client holds the matching private key, without the private key ever being transmitted.

Read Definition

ServiceAccount

kubernetes

A Kubernetes identity assigned to pods that controls what API operations the pod is permitted to perform within the cluster. Every pod runs under a ServiceAccount — if you don't specify one, Kubernetes automatically assigns the `default` ServiceAccount. ServiceAccounts are the foundation of pod-level RBAC: they are bound to Roles and ClusterRoles to grant or restrict cluster API access.

Read Definition

Shell

linux

A shell is a command-line interpreter that reads user input, executes commands, and returns output. Bash is the standard shell on Linux servers. The shell is both an interactive interface and a scripting language for automation.

Read Definition

Signal

linux

A signal is an asynchronous notification sent to a Linux process by the kernel, another process, or the user. Each signal has a number and name. A process can handle signals with custom code, ignore them, or let the default action (often termination) occur.

Read Definition

Stage

cicd

A CI/CD stage is a logical grouping of related jobs within a pipeline representing one phase of delivery — such as Build, Test, Scan, or Deploy. Stages run sequentially and a failed stage blocks all subsequent stages from running.

Read Definition

State Lock

terraform

A Terraform state lock prevents multiple terraform apply operations from running against the same state file simultaneously. When one engineer runs terraform apply, the state is locked — any other apply attempt waits or fails until the lock is released.

Read Definition

StatefulSet

kubernetes

A Kubernetes workload controller designed for applications that require stable, persistent identity across pod restarts — such as databases, message queues, and distributed stores. Unlike Deployments, each StatefulSet pod gets a predictable name, dedicated storage, and starts/stops in a guaranteed sequential order.

Read Definition

Symbolic Link

linux

A symbolic link (symlink) is a special file that contains a path pointing to another file or directory. Accessing the symlink transparently accesses the target. Unlike hard links, symlinks can cross filesystems and point to directories.

Read Definition

Taint

kubernetes

A key-value property applied to a Kubernetes node that repels pods from being scheduled onto it unless the pod explicitly declares a matching Toleration, enabling controlled and dedicated workload placement.

Read Definition

Terraform Apply

terraform

The terraform apply command executes the changes shown in a plan — creating, updating, or destroying real infrastructure to match your Terraform configuration. It updates the state file after each successful change.

Read Definition

Terraform Backend

terraform

A Terraform backend defines where Terraform stores its state file and how operations like plan and apply are executed. The default backend stores state locally on disk — production teams use remote backends like S3 or Terraform Cloud to share state safely across a team.

Read Definition

Terraform Import

terraform

The terraform import command brings an existing cloud resource that was created outside of Terraform under Terraform management by adding it to the state file. After importing, Terraform can plan and apply changes to that resource without recreating it.

Read Definition

Terraform Init

terraform

The terraform init command initialises a Terraform working directory — downloading required provider plugins, configuring the backend, and installing module dependencies. You must run terraform init before any other Terraform command when working in a new directory or after adding a new provider or module.

Read Definition

Terraform Module

terraform

A Terraform module is a container for multiple Terraform resources that are used together. Every Terraform configuration is technically a module — but the term usually refers to reusable child modules that are called from a root module to create a specific piece of infrastructure.

Read Definition

Terraform Plan

terraform

The terraform plan command shows you exactly what Terraform will create, change, or destroy before it does anything. It reads your configuration files, compares them to the current state file, and prints a diff — giving you a safe preview before you apply.

Read Definition

Terraform Provider

terraform

A Terraform provider is a plugin that gives Terraform the ability to create, read, update, and delete resources in a specific platform — such as AWS, GCP, Azure, or GitHub. Each provider translates your HCL configuration into real API calls for that platform.

Read Definition

Terraform Refresh

terraform

Terraform refresh updates the state file to match the current real state of your infrastructure — detecting changes made outside of Terraform. In modern Terraform (1.0+), refresh behaviour is built into every plan and apply by default.

Read Definition

Terraform Resource

terraform

A Terraform resource is a block of HCL configuration that declares one piece of infrastructure — like an EC2 instance, an S3 bucket, or a DNS record. Terraform creates, updates, and deletes the real-world object to match the resource declaration.

Read Definition

Terraform State File

terraform

The terraform.tfstate file is a JSON file that Terraform uses to track the real-world infrastructure it has created. It maps each resource in your configuration to its actual ID in the cloud provider — like an EC2 instance ID or an S3 bucket name.

Read Definition

Terraform Validate and Tflint

terraform

terraform validate checks that a Terraform configuration is syntactically correct and internally consistent — catching errors before plan or apply. Tflint is a Terraform linter that catches additional issues like deprecated syntax, missing required provider version constraints, and provider-specific rule violations.

Read Definition

Terraform Workspace

terraform

A Terraform workspace is a named instance of state within a single backend configuration. Workspaces allow running the same Terraform configuration against separate state files — often used to manage dev, staging, and production environments from one codebase.

Read Definition

Terragrunt

terraform

Terragrunt is a thin wrapper around Terraform that adds features for DRY (Don't Repeat Yourself) configurations — automatically configuring remote state backends, enabling module dependency management, and reducing copy-paste across environments.

Read Definition

Test Coverage Gate

cicd

A test coverage gate is a CI pipeline rule that fails the build if code test coverage drops below a defined threshold. Coverage gates enforce a minimum quality standard and prevent developers from shipping new code without corresponding tests.

Read Definition

Toleration

kubernetes

A pod-level configuration in Kubernetes that allows the scheduler to place a pod onto a node that carries a matching Taint, enabling specific workloads to run on dedicated or restricted nodes.

Read Definition

Trigger

cicd

A CI/CD trigger is the event that starts a pipeline run. Common triggers include a Git push to a branch, a pull request opening, a scheduled cron expression, a manual dispatch, or a webhook from an external system like a monitoring alert.

Read Definition

Union Filesystem (OverlayFS)

docker

The copy-on-write filesystem that Docker uses to layer image layers on top of each other. Each layer is immutable and shared across containers using the same image — only the top read-write layer is unique per container.

Read Definition

Unit File

linux

A systemd unit file is a configuration file that describes a service, socket, timer, or other system resource managed by systemd. Unit files have three sections: [Unit] for metadata and dependencies, [Service] for execution details, and [Install] for boot-time configuration.

Read Definition

Volume Mount

docker

A configuration that connects a directory or file from outside a container into the container's filesystem, making data accessible to the container process. Docker supports three mount types: named volumes, bind mounts, and tmpfs.

Read Definition

awk

linux

awk is a text processing tool that splits each input line into fields and applies pattern-action rules. It excels at extracting specific columns from structured text like logs, CSV files, and command output. awk is indispensable for log analysis and data transformation in shell scripts.

Read Definition

cron

linux

cron is a time-based job scheduler daemon that executes commands at specified intervals. Jobs are defined in crontab files using a five-field time syntax (minute, hour, day, month, weekday). It is the standard mechanism for backups, log rotation, and scheduled maintenance.

Read Definition

etcd

kubernetes

A distributed key-value store that serves as Kubernetes' primary backing store for all cluster state and configuration data, making it the single source of truth for the entire control plane including nodes, pods, secrets, and configs.

Read Definition

grep

linux

grep (Global Regular Expression Print) searches files or stdin for lines matching a pattern and prints matching lines. It is the standard tool for filtering log files, searching code, and extracting information from command output in Linux environments.

Read Definition

iptables

linux

iptables is the user-space command-line tool for configuring the Linux kernel's netfilter packet filtering framework. It organises rules into tables (filter, nat, mangle) and chains (INPUT, OUTPUT, FORWARD) that evaluate every network packet passing through the system.

Read Definition

kube-proxy

kubernetes

A network proxy that runs on every Kubernetes node, maintaining iptables or IPVS rules to enable Service-based load balancing and routing of network traffic to the correct pod endpoints across the cluster.

Read Definition

seccomp Profile

docker

A Linux kernel security feature that filters which system calls a container process is allowed to make. Docker applies a default seccomp profile blocking 44 dangerous syscalls — custom profiles can restrict further for high-security workloads.

Read Definition

sed

linux

sed (Stream Editor) processes text line by line, applying editing commands like substitution, deletion, and insertion. It is the standard tool for find-and-replace operations on files and streams, used in scripts to modify config files, transform log output, and perform batch text transformations.

Read Definition

systemd

linux

systemd is the init system and service manager used by virtually all modern Linux distributions. As PID 1, it is the first process after the kernel boots and the parent of all other processes. It manages service lifecycle, logging, timers, and system state.

Read Definition

tfvars File

terraform

A .tfvars file (terraform.tfvars or *.auto.tfvars) contains values for Terraform input variables, keeping configuration values separate from variable declarations. Different .tfvars files for dev, staging, and production let you reuse the same infrastructure code with environment-specific settings.

Read Definition