DevOps Glossary

A Kubernetes plugin that intercepts API requests before objects are persisted.

Prometheus component that handles alert routing, grouping, and notification delivery.

Agentless configuration management and automation tool using YAML playbooks.

A server that acts as entry point for APIs, handling routing, auth, and rate limiting.

A GitOps continuous delivery tool that syncs Kubernetes clusters from a Git repository.

Automatically adjusting the number of compute resources based on demand.

A release strategy using two identical environments to achieve zero-downtime deploys.

Next-generation Docker image build engine with parallel builds and better caching.

Gradually rolling out a new version to a small percentage of users before full release.

Linux kernel feature that limits and isolates resource usage of process groups.

Deliberately injecting failures into a system to discover weaknesses before they cause incidents.

Continuous Integration and Continuous Delivery — automating build, test, and deploy pipelines.

eBPF-based networking, security, and observability for Kubernetes clusters.

The default Kubernetes Service type that exposes a service on an internal cluster IP.

A specification and plugins for configuring network interfaces in Linux containers.

A Kubernetes object for storing non-sensitive configuration data as key-value pairs.

A lightweight, isolated process that packages code and its dependencies together.

A read-only template with layers used to create containers.

A repository for storing, versioning, and distributing container images.

Kubernetes control plane component running control loops to maintain desired state.

The default DNS server in Kubernetes clusters for service discovery.

A Kubernetes extension mechanism for defining custom object types.

A Kubernetes workload that runs Jobs on a scheduled, cron-like time basis.

A Kubernetes-based framework for managing cloud infrastructure using K8s APIs.

A Kubernetes workload that ensures a pod runs on every (or selected) node.

A Kubernetes workload object that manages stateless application pods with rolling updates.

A culture and practice combining software development and IT operations for faster, reliable delivery.

Integrating security practices into every stage of the DevOps pipeline.

A tool for defining and running multi-container Docker applications using YAML.

A text file with instructions for building a container image layer by layer.

Four key metrics for measuring software delivery performance: deploy frequency, lead time, MTTR, and change failure rate.

A Linux kernel technology for running sandboxed programs without changing kernel source code.

AWS's fully managed container image registry service.

AWS's managed Kubernetes service that runs the K8s control plane for you.

The acceptable amount of downtime or errors before an SLO is breached.

The distributed key-value store that serves as Kubernetes' primary data store.

A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.

AWS serverless compute engine for containers — no node management required.

A configuration mechanism to enable or disable features without redeploying code.

The practice of bringing financial accountability to cloud spending.

A Kubernetes operator automating canary deployments, A/B tests, and blue-green releases.

A GitOps tool that syncs Kubernetes clusters continuously from Git repositories.

The next-generation Kubernetes API for managing ingress and routing, replacing Ingress.

GitHub's built-in CI/CD platform for automating workflows triggered by repository events.

GitLab's integrated CI/CD system defined in a .gitlab-ci.yml file.

An operational framework where Git is the single source of truth for infrastructure and applications.

An open-source analytics and visualization platform for metrics, logs, and traces.

The package manager for Kubernetes — bundles K8s manifests into reusable charts.

A package of pre-configured Kubernetes resources that can be deployed with Helm.

Kubernetes controller that automatically scales pod replicas based on observed metrics.

AWS service for managing user identities and permissions for cloud resources.

An operation that produces the same result no matter how many times it's executed.

Managing and provisioning infrastructure through machine-readable configuration files.

A Kubernetes API object that manages external HTTP/HTTPS access to cluster services.

A container that runs and completes before the main application containers start in a Pod.

EKS feature that allows Kubernetes pods to assume AWS IAM roles without node-level credentials.

A service mesh that adds mTLS, traffic management, and observability to Kubernetes services.

An open-source automation server for building CI/CD pipelines.

A Kubernetes workload that runs one or more pods to completion.

A compact, self-contained token format for transmitting claims between parties.

A Kubernetes node autoscaler that provisions the right nodes for pending pods in seconds.

Kubernetes Event-Driven Autoscaling — scales pods based on external event sources.

A YAML file storing cluster connection details, credentials, and contexts for kubectl.

The command-line tool for interacting with Kubernetes clusters.

The agent running on every Kubernetes worker node that manages pod lifecycle.

An open-source container orchestration platform for automating deployment, scaling, and management.

The central management component of Kubernetes that exposes the Kubernetes API.

Key-value metadata attached to Kubernetes objects for identification and selection.

A Kubernetes health check that restarts a container when it fails.

Grafana's horizontally scalable log aggregation system inspired by Prometheus.

The practice of applying DevOps principles to machine learning model lifecycle management.

A reusable container of Terraform configuration that encapsulates a set of resources.

Two-way TLS authentication where both client and server verify each other's certificates.

A Dockerfile pattern using multiple FROM stages to create smaller, leaner final images.

A virtual cluster within Kubernetes for isolating resources between teams or environments.

Linux kernel isolation mechanism that virtualizes system resources for process groups.

A Kubernetes resource that controls which pods can communicate with each other.

A physical or virtual machine in a Kubernetes cluster that runs pods.

A Kubernetes Service type that exposes a service on a static port on each cluster node.

An authorization framework allowing third-party apps limited access to user accounts.

The ability to understand the internal state of a system from its external outputs.

An identity layer on top of OAuth2 that provides user authentication.

A Kubernetes container termination reason when a container exceeds its memory limit.

A general-purpose policy engine for enforcing authorization decisions across the stack.

An open-source observability framework for generating metrics, logs, and traces.

The open-source fork of Terraform maintained by the Linux Foundation.

A Kubernetes controller that automates the management of complex stateful applications.

A piece of storage in a Kubernetes cluster provisioned for use by pods.

A request for storage by a user that is fulfilled by a PersistentVolume.

Building and maintaining internal developer platforms that accelerate software delivery.

The smallest deployable unit in Kubernetes — one or more containers sharing network and storage.

A Kubernetes policy defining the minimum available pods during voluntary disruptions.

A structured document written after an incident to understand what happened and prevent recurrence.

An open-source monitoring system that scrapes and stores time-series metrics.

The query language for selecting and aggregating time-series data in Prometheus.

An infrastructure as code tool using general-purpose programming languages instead of DSLs.

A security method that restricts system access based on the roles of individual users.

A Kubernetes health check that controls when a pod starts receiving traffic.

A Kubernetes controller that maintains a stable set of replica pods running at any time.

A Kubernetes policy that limits the total resource consumption in a namespace.

A Kubernetes deployment strategy that gradually replaces old pods with new ones.

A documented set of procedures for handling a specific operational task or incident.

A formal record of all components, libraries, and dependencies in a software artifact.

Kubernetes control plane component that assigns pods to nodes based on constraints.

A Kubernetes object for storing sensitive data like passwords, tokens, and keys.

A Kubernetes abstraction that exposes a stable network endpoint to a set of pods.

A Kubernetes identity for processes running in pods to authenticate to the API server.

A dedicated infrastructure layer for managing service-to-service communication in microservices.

Moving testing and security checks earlier in the development lifecycle.

A container that runs alongside the main container in a pod to extend its functionality.

A formal contract between a provider and customer defining expected service levels.

A quantitative measure of a specific aspect of service performance.

An internal target for a service level indicator, defining the goal for reliability.

A security framework for ensuring software supply chain integrity through build levels.

Unused cloud capacity offered at up to 90% discount that can be reclaimed with 2-minute notice.

Google's approach to applying software engineering practices to operations problems.

A Kubernetes workload for stateful applications requiring stable identity and persistent storage.

A Kubernetes resource defining the type and properties of dynamically provisioned storage.

The init system and service manager for Linux, replacing SysVinit.

Kubernetes mechanism to repel pods from nodes unless they explicitly tolerate the taint.

An open-source IaC tool for provisioning and managing infrastructure across cloud providers.

Terraform's record of the real-world resources it manages, stored as JSON.

Cryptographic protocol that provides encrypted communication over a network.

An open-source security scanner for container images, filesystems, and IaC configurations.

A branching strategy where all developers commit frequently to a single main branch.

A secrets management tool for securely storing, accessing, and rotating sensitive data.

A directory accessible to containers in a pod, with lifetime tied to the pod or beyond.

Kubernetes component that automatically adjusts CPU and memory requests for pods.

A logically isolated network in the cloud where you launch your cloud resources.

An HTTP callback triggered by an event, used for real-time notifications and integrations.

A security model that verifies every request regardless of network location.