VOCABULARY
DevOps Tools Vocabulary
Section titled “DevOps Tools Vocabulary”A comprehensive glossary of terms used in Docker, Kubernetes, Terraform, Ansible, and DevOps practices.
ArgoCD A GitOps continuous delivery tool for Kubernetes that automates the deployment of applications to the cluster based on Git repositories.
Automation Controller See Ansible Automation Platform.
Agent A background process that runs on managed nodes to execute tasks sent by a control node. Unlike Ansible which is agentless, tools like Chef and Puppet require agents.
Ansible Automation Platform Ansible Automation Platform (formerly AWX) provides a web-based UI, REST API, and task engine for Ansible. Enables team collaboration, scheduling, and enterprise-scale automation.
Ansible An open-source automation tool that uses SSH to execute tasks on remote servers. Agentless configuration management and application deployment tool.
AWX The open-source version of Ansible Automation Platform. A web-based UI, REST API, and task engine for Ansible.
AMI (Amazon Machine Image) A pre-configured virtual machine image used to create EC2 instances in AWS. Often used with Packer and Terraform.
API Gateway A server that acts as an API front-end, handling request routing, authentication, and rate limiting. Examples: Kong, AWS API Gateway.
AppArmor A Linux kernel security module that allows the system administrator to restrict programs’ capabilities with per-program profiles.
Base Image
The foundational image used in a Dockerfile’s FROM instruction. Can be official images like ubuntu:20.04 or python:3.9.
Bind Mount A type of Docker volume that mounts a specific host directory into the container. Useful for development environments.
Blue-Green Deployment A deployment strategy that runs two identical production environments (blue and green). Traffic switches from one to the other with zero downtime.
Build Context
The set of files and directories accessible to the Docker daemon during image build. Specified by the PATH or URL in docker build.
Canary Deployment A deployment strategy where new code is gradually rolled out to a small subset of users before being deployed to the entire infrastructure.
CD (Continuous Deployment) An automated process that automatically deploys code changes to production after passing through the CI pipeline.
Checkov An open-source static code analysis tool for infrastructure as code. Detects security and compliance misconfigurations in Terraform, CloudFormation, and other IaC tools.
CI (Continuous Integration) The practice of automatically integrating code changes from multiple contributors into a shared repository, typically with automated builds and tests.
CIDR (Classless Inter-Domain Routing) A method of allocating IP addresses and routing prefixes. Kubernetes uses CIDR notation for pod and service networks.
Cloud-Init A widely used method for cross-platform cloud instance initialization. Used by cloud providers to configure VMs at boot time.
ClusterRole A Kubernetes RBAC resource that defines permissions that can be applied cluster-wide or to specific namespaces through ClusterRoleBinding.
ClusterRoleBinding A Kubernetes RBAC resource that binds a ClusterRole or Role to subjects (users, groups, or service accounts) at the cluster level.
Collection In Ansible, a distribution format for packaging playbooks, roles, modules, and plugins. Can be published to Ansible Galaxy for sharing.
Container A lightweight, standalone, executable package that includes everything needed to run a piece of software (code, runtime, libraries, settings).
Container Orchestration Automated management of containerized applications, including deployment, scaling, networking, and load balancing. Examples: Kubernetes, Docker Swarm.
Container Registry A storage and distribution system for container images. Examples: Docker Hub, Amazon ECR, Google Container Registry, Harbor.
Control Plane The set of components that make global decisions about the cluster (scheduling, API server, etc.). In Kubernetes, also called the master node.
Daemon A background process that runs continuously. Docker daemon (dockerd) is the persistent process that manages containers.
Data Plane The components that handle network traffic between pods and services in a Kubernetes cluster.
DaemonSet A Kubernetes workload that ensures all (or some) nodes run a copy of a specific pod. Useful for log collectors, monitoring agents.
Deployment A Kubernetes resource that provides declarative updates for pods and ReplicaSets. Manages rollout and rollback of applications.
Docker An open platform for developing, shipping, and running applications using containerization technology.
Docker Compose A tool for defining and running multi-container Docker applications using a YAML file (docker-compose.yml).
Dockerfile A text file containing instructions to build a Docker image. Each instruction creates a layer in the image.
Docker Hub A cloud-based registry service for sharing container images. The default registry for Docker.
Docker Swarm Docker’s native container orchestration tool for managing a cluster of Docker engines.
ECR (Elastic Container Registry) AWS-managed container registry service for storing, managing, and deploying container images.
EKS (Elastic Kubernetes Service) AWS-managed Kubernetes service for running Kubernetes on AWS without managing the control plane.
Elastic IP A static IPv4 address designed for dynamic cloud computing. In AWS, associated with an AWS account.
Etcd A distributed, reliable key-value store used as Kubernetes’ backing store for all cluster data.
FinOps Cloud Financial Management discipline that brings financial accountability to cloud spending. Combines finance, technology, and business to optimize cloud costs.
Flannel A simple and easy way to configure a layer 3 network fabric for Kubernetes clusters.
Fluentd An open-source data collector for unified logging layer. Often used for container log aggregation.
Flux A GitOps toolkit for Kubernetes that automates the deployment of applications. Part of the CNCF.
FQCN (Fully Qualified Collection Name) In Ansible, the full name of a module including its namespace and collection name (e.g., amazon.aws.ec2_instance).
Galaxy Ansible Galaxy is a repository for sharing Ansible roles and collections. Users can download and rate community-contributed roles.
GitOps A methodology that uses Git as the single source of truth for infrastructure and application configuration. Changes are made through Git commits, and the system automatically syncs.
GlusterFS A distributed filesystem that can scale out to serve petabytes of data. Often used with Kubernetes for persistent storage.
Helm A package manager for Kubernetes that helps manage Kubernetes applications through Helm charts.
Helm Chart A collection of files that describe a related set of Kubernetes resources.
Horizontal Pod Autoscaler (HPA) A Kubernetes resource that automatically scales the number of pods based on observed CPU utilization or custom metrics.
Host Network A Docker network mode where the container shares the host’s network namespace, bypassing Docker’s network isolation.
IaC (Infrastructure as Code) The practice of managing infrastructure through machine-readable definition files rather than manual configuration.
IDP (Internal Developer Platform) A self-service platform that enables development teams to provision and manage their own infrastructure and services.
Image Layer A modification to an image, captured in the union file system. Each instruction in a Dockerfile creates a new layer.
Infracost An open-source tool that shows cloud cost estimates for Terraform in pull requests. Helps teams understand costs before applying changes.
Ingress A Kubernetes resource that provides HTTP/HTTPS routing to services based on rules defined in the Ingress controller.
Ingress Controller A pod that acts as a reverse proxy, routing external traffic to Kubernetes services. Examples: Nginx, Traefik.
Init Container A container that runs before the main containers in a pod. Used for setup tasks, waiting for dependencies.
Jenkins An open-source automation server for building, deploying, and automating projects. One of the most popular CI/CD tools.
Job A Kubernetes resource that creates one or more pods and ensures a specified number of them successfully complete.
kubectl The command-line tool for interacting with Kubernetes clusters.
Kubernetes (K8s) An open-source container orchestration platform for automating deployment, scaling, and management of containerized applications.
Kubelet An agent that runs on each node in the cluster, responsible for maintaining pods and containers.
Kube-proxy A network proxy that runs on each node in Kubernetes, implementing service networking rules.
Liveness Probe A Kubernetes check that determines if a container is running properly. If it fails, Kubernetes restarts the container.
Master Node The control plane node in Kubernetes that runs the API server, scheduler, and controller manager.
Minikube A tool for running a single-node Kubernetes cluster locally for development and testing.
Multi-stage Build A Docker feature that uses multiple FROM statements in a Dockerfile to create smaller, optimized images.
Namespace A Kubernetes feature that provides isolation for resources within a cluster. Helps divide cluster resources between multiple users/teams.
Network Policy A Kubernetes resource that defines how pods communicate with each other and other network endpoints.
Node A worker machine in Kubernetes (virtual or physical) that runs pods.
NodePort A Kubernetes Service type that exposes the service on a static port on each node’s IP.
OGA (Open Policy Agent) An open-source policy engine that provides a unified way to enforce policies across the stack. Uses Rego as its query language.
OLM (Operator Lifecycle Manager) A component of the Operator Framework that helps manage Operators in a Kubernetes cluster, including installation, upgrades, and lifecycle management.
Operator A method of packaging, deploying, and managing a Kubernetes application using custom resources and controllers.
Operator Framework A toolkit for building and managing Operators, including OLM, Operator SDK, and OperatorHub.
Overlay Network A virtual network that runs on top of another network. Docker overlay networks enable communication between containers across hosts.
Package Manager A tool that automates installing, upgrading, configuring, and removing software. Examples: apt, yum, Helm.
Packer An open-source tool for creating identical machine images from a single source configuration.
Persistent Volume (PV) A piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes.
Persistent Volume Claim (PVC) A request for storage by a user. A PVC consumes PV resources like pods consume node resources.
Platform Engineering The discipline of building and maintaining self-service platforms that enable development teams to deliver software efficiently.
Pod The smallest deployable unit in Kubernetes. A pod can contain one or more containers that share storage and network.
Policy as Code The practice of defining and managing policies through code, enabling automated policy enforcement and version control.
Private Registry A container registry that requires authentication. Can be self-hosted (Harbor, GitLab) or cloud-managed (ECR, GCR).
Prometheus An open-source monitoring system with a dimensional data model, flexible query language, and alerting capabilities.
Provider In Terraform, a plugin that interacts with APIs of cloud platforms, SaaS providers, or other services.
RBAC (Role-Based Access Control) A method of regulating access to computer or network resources based on the roles of individual users.
Readiness Probe A Kubernetes check that determines if a container is ready to accept traffic. If it fails, the pod is removed from service endpoints.
Registry A storage and content delivery system for named Docker images. Docker Hub is the default public registry.
ReplicaSet A Kubernetes resource that ensures a stable set of replica pods are running at any given time.
Resource Quota A Kubernetes feature that restricts resource consumption (CPU, memory, storage) per namespace.
Rolling Update A deployment strategy that updates pods incrementally, ensuring zero downtime during updates.
Rootless Container Containers run without root privileges, improving security by limiting the capabilities of the containerized process.
Runtime The software responsible for running containers. Examples: containerd, cri-o, Docker Engine.
S3 (Simple Storage Service) AWS object storage service. Terraform state files are often stored in S3 with DynamoDB for state locking.
Scalability The capability of a system to handle a growing amount of work by adding resources.
Seccomp Linux kernel security feature that restricts the system calls a process can make.
Secret A Kubernetes object for storing sensitive information like passwords, OAuth tokens, and SSH keys.
Service A Kubernetes abstraction that defines a logical set of pods and a policy for accessing them.
Service Account A Kubernetes identity for pods to authenticate to the Kubernetes API server.
Service Mesh A dedicated infrastructure layer for handling service-to-service communication. Examples: Istio, Linkerd.
StatefulSet A Kubernetes workload for managing stateful applications, providing stable network identifiers and persistent storage.
Storage Class A Kubernetes resource that describes the classes of storage available for dynamically provisioning PersistentVolumes.
Systemd A system and service manager for Linux operating systems. Often used to manage container runtimes as services.
Templating The process of using templates with placeholders that get replaced with actual values. Used in tools like Helm and Ansible.
Terraform An Infrastructure as Code tool by HashiCorp for building, changing, and versioning infrastructure safely and efficiently.
Terraform Provider A plugin that Terraform uses to interact with cloud platforms, SaaS providers, and other APIs.
Terraform State The way Terraform keeps track of the infrastructure it manages. Can be local or remote.
Terragrunt A thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules, keeping configurations DRY.
Terratest A Go library for testing infrastructure code. Used to write automated tests for Terraform, Kubernetes, and other IaC tools.
Tiller The server-side component of Helm (Helm 2). Deprecated in Helm 3.
TFLint A linting framework for Terraform that finds potential errors and enforces best practices.
Traefik A modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Vault A tool for securely accessing secrets. Used for managing sensitive data in DevOps workflows.
Volume A directory accessible to containers in a pod. Kubernetes volumes persist data beyond the lifetime of containers.
Worker Node A node in Kubernetes that runs pods. Previously called minion.
Webhook A user-defined HTTP callback triggered by specific events. Used in CI/CD for notifications and integrations.
Workspace A Terraform feature for managing multiple environments (dev, staging, prod) from the same configuration.
YAML (YAML Ain’t Markup Language) A human-readable data serialization format commonly used for configuration files (Docker Compose, Kubernetes manifests).