This extended glossary collects essential terms, tools, and concepts from DevOps, Kubernetes, and cloud-native ecosystems. Each entry includes a definition and practical example.
Tip: On mobile, swipe the table horizontally to see full content.
Table of Contents
Kubernetes Core Concepts
Core objects you use daily when deploying and operating apps on Kubernetes.
| Term | Definition | Practical Use / Example |
|---|---|---|
| Cluster | A group of machines (nodes) that run containerized apps under Kubernetes control. | Hosts your entire application; production clusters run across multiple VMs to provide high availability. |
| Node | A single worker machine (VM or physical) inside the cluster. | Runs pods; monitor node health to ensure capacity for workloads. |
| Control Plane / Master | The set of components (API server, scheduler, controller) that manage the cluster state. | Schedules pods, exposes kubectl API; runs on dedicated machines in production. |
| Pod | Smallest deployable unit — one or more containers that share storage and network. | Run your containerized app (e.g., a Node.js server) inside a pod. |
| Deployment | Declarative object that manages ReplicaSets and Pod updates (rolling updates/rollback). | Use for stateless apps to control scale and zero-downtime updates. |
| ReplicaSet | Ensures a specified number of pod replicas are running. | Automatically restarts terminated pods to maintain desired replica count. |
| Service | Stable network endpoint that exposes pods; provides basic load-balancing. | Expose backend API to frontend pods or to external users (ClusterIP/NodePort/LoadBalancer). |
| Ingress | Manages external HTTP/S access to services, enabling host/path routing and TLS. | Route example.com/api → backend service; enable HTTPS with cert-manager. |
| ConfigMap | Stores non-sensitive configuration data as key-value pairs for pods. | Inject API URLs or feature flags into pods without rebuilding images. |
| Secret | Secure object to store sensitive data (passwords, keys) used by pods. | Provide database credentials to a backend deployment securely. |
| Volume / PVC | Persistent storage that pods can mount to keep data across restarts. | Store database data or uploaded files using PVC backed by cloud storage. |
| StatefulSet | Manages stateful applications — pods with stable identities and persistent storage. | Use for databases (e.g., MongoDB replica sets) that require stable network IDs and storage. |
| DaemonSet | Ensures a copy of a pod runs on all (or selected) nodes. | Run node-level agents: log collectors, monitoring agents (Prometheus node-exporter). |
| Job / CronJob | Run one-off tasks (Job) or scheduled tasks (CronJob). | Database migrations (Job) or nightly backups (CronJob). |
| Horizontal Pod Autoscaler (HPA) | Automatically scales the number of pods based on CPU utilization or custom metrics. | Scale backend pods from 3 to 10 during peak traffic hours automatically. |
| Vertical Pod Autoscaler (VPA) | Automatically adjusts pod CPU and memory requests/limits based on usage. | Optimize resource allocation for pods with varying usage patterns. |
| Custom Resource Definition (CRD) | Extends Kubernetes API to create custom resources for specific applications. | Define custom resources for database operators or specialized workloads. |
| Operator Pattern | Method of packaging, deploying, and managing Kubernetes applications using CRDs. | Use Prometheus Operator to manage Prometheus instances and configurations. |
DevOps & CI/CD Terms
Common CI/CD and DevOps terms you use to automate build, test and deployment.
| Term | Definition | Practical Use / Example |
|---|---|---|
| CI (Continuous Integration) | Automated process to build and test code on every change. | Run unit tests and build Docker images on each git push (e.g., GitHub Actions). |
| CD (Continuous Delivery/Deployment) | Automated process to deliver builds to staging/production; deployment can be automatic or manual-approved. | Pipeline updates k8s manifests or triggers Argo CD/GitOps to keep cluster in sync. |
| Pipeline | Step-by-step automation (build → test → push → deploy). | A GitHub Actions workflow building frontend/backend, pushing images and updating k8s. |
| Artifact | Build output such as Docker image or compiled bundle used for deployments. | Docker image tagged with commit SHA is the artifact deployed to k8s. |
| Infrastructure as Code (IaC) | Define infrastructure using code (Terraform, CloudFormation). | Provision EKS cluster nodes and networking with Terraform scripts. |
| Registry | Storage for container images (Docker Hub, GHCR, ECR). | Push your frontend/backend images so k8s can pull them. |
| Buildx / Buildkit | Advanced docker build tooling for multi-platform images and caching. | Build optimized images for ARM & x86 in CI pipelines. |
| GitOps | Operate clusters by syncing manifests from a git repository (Argo CD / Flux). | Deploy automatically when YAML in repo changes — single source of truth. |
| Blue-Green Deployment | Deployment strategy with two identical environments, switching traffic between them. | Deploy new version to green environment, test, then switch traffic from blue. |
| Canary Release | Gradually roll out changes to a small subset of users before full deployment. | Route 5% of traffic to new version, monitor metrics, then gradually increase. |
| Feature Flags | Technique to enable/disable features without deploying new code. | Toggle new UI features for specific user segments without redeployment. |
| Shift Left | Moving testing, security, and operations earlier in the development lifecycle. | Run security scans in developer PRs rather than after deployment to production. |
Cloud Providers & Services
Major cloud platforms and their managed Kubernetes services.
| Service | Description | Use Cases |
|---|---|---|
| Amazon EKS AWS | Managed Kubernetes service on AWS. | Enterprise workloads requiring integration with AWS services (RDS, S3, IAM). |
| Azure AKS Azure | Managed Kubernetes service on Microsoft Azure. | Microsoft-centric environments, integration with Azure Active Directory. |
| Google GKE GCP | Managed Kubernetes service on Google Cloud Platform. | Data-heavy workloads, ML/AI applications with native GCP integration. |
| DigitalOcean Kubernetes DO | Managed Kubernetes on DigitalOcean's cloud platform. | Small to medium businesses, cost-effective container hosting. |
| IBM Cloud Kubernetes IBM | Managed Kubernetes service on IBM Cloud. | Enterprise workloads with IBM middleware and services. |
| Oracle Container Engine OCI | Managed Kubernetes service on Oracle Cloud Infrastructure. | Oracle database workloads, enterprise applications. |
| VMware Tanzu VMware | Kubernetes platform for multi-cloud and on-premises deployments. | Hybrid cloud strategies, vSphere integration. |
| Red Hat OpenShift Red Hat | Enterprise Kubernetes platform with developer and operations tools. | Regulated industries, enterprise application platforms. |
Container Technologies
Container runtimes, orchestration, and related technologies.
| Technology | Description | Use Cases |
|---|---|---|
| Docker | Platform to build, ship, and run containers. | Local development, CI/CD pipelines, container image creation. |
| containerd | Industry-standard container runtime. | Kubernetes node runtime, production container execution. |
| CRI-O | Lightweight container runtime for Kubernetes. | Kubernetes-focused environments, security-conscious deployments. |
| Podman | Daemonless container engine for developing, managing, and running OCI containers. | Rootless containers, Docker alternative in secure environments. |
| Buildah | Tool for building OCI (Open Container Initiative) container images. | Building container images without a full container runtime. |
| Skopeo | Tool for performing operations on container images and image repositories. | Copying images between registries, inspecting remote images. |
| Kaniko | Tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. | Building container images in Kubernetes without Docker daemon. |
| Jib | Java containerizer that builds optimized Docker and OCI images. | Building Java application containers without Dockerfile. |
Infrastructure as Code
Tools and approaches for defining and managing infrastructure through code.
| Tool | Description | Use Cases |
|---|---|---|
| Terraform | Infrastructure as Code tool using declarative configuration files. | Multi-cloud provisioning, complex infrastructure deployments. |
| CloudFormation AWS | AWS-native Infrastructure as Code service. | AWS-only environments, tight integration with AWS services. |
| Ansible | Configuration management and application deployment tool. | Server configuration, application deployment, multi-node setups. |
| Pulumi | Infrastructure as Code using general-purpose programming languages. | Complex infrastructure logic, developer-friendly IaC. |
| Chef | Configuration management tool for automating infrastructure. | Large-scale server management, compliance automation. |
| Puppet | Configuration management system for defining the state of IT infrastructure. | Enterprise server management, policy enforcement. |
| Crossplane | Cloud native control plane to manage cloud infrastructure and services using Kubernetes. | Unified infrastructure management through Kubernetes API. |
| Terragrunt | Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules. | Large Terraform codebases, DRY Terraform configurations. |
Monitoring & Observability
Tools and practices for monitoring system health and performance.
| Tool/Concept | Description | Use Cases |
|---|---|---|
| Prometheus | Monitoring system for scraping and storing metrics from apps and k8s. | Collect CPU/memory and custom app metrics; used with Grafana dashboards. |
| Grafana | Visualization & dashboarding for metrics. | Create graphs for request latency, pod counts, and autoscaler metrics. |
| Alertmanager | Handles alerts from Prometheus and routes them to the correct receiver. | Send notifications to Slack, PagerDuty, or email when metrics exceed thresholds. |
| Thanos | Highly available Prometheus setup with long-term storage capabilities. | Global view of metrics, long-term metric retention beyond Prometheus limits. |
| Cortex | Horizontally scalable, highly available, multi-tenant Prometheus. | Large-scale Prometheus deployments, multi-tenancy. |
| Datadog | Monitoring and analytics platform for cloud-scale applications. | Full-stack observability, APM, infrastructure monitoring in one platform. |
| New Relic | Application performance monitoring and observability platform. | Application performance insights, business metrics correlation. |
| Dynatrace | Software intelligence platform with AI-powered observability. | Automatic discovery and monitoring, AI-assisted problem detection. |
Logging & Tracing
Solutions for collecting, analyzing, and correlating logs and traces.
| Tool/Concept | Description | Use Cases |
|---|---|---|
| ELK Stack | Elasticsearch, Logstash, Kibana - popular log aggregation and analysis platform. | Centralized logging, log analysis, security information and event management. |
| EFK Stack | Elasticsearch, Fluentd, Kibana - Kubernetes-native logging stack. | Kubernetes log aggregation, container log analysis. |
| Loki | Horizontally-scalable, highly-available, multi-tenant log aggregation system. | Cost-effective log aggregation, Prometheus-like querying for logs. |
| Jaeger | Open source, end-to-end distributed tracing. | Microservices performance analysis, latency optimization. |
| Zipkin | Distributed tracing system to gather timing data for troubleshooting latency problems. | Tracing requests across microservices, latency problem identification. |
| OpenTelemetry | Vendor-neutral observability framework for traces, metrics, and logs. | Standardized instrumentation, multi-vendor observability. |
| Fluent Bit | Fast and lightweight log processor and forwarder. | Edge logging, resource-constrained environments, log routing. |
| Splunk | Platform for searching, monitoring, and analyzing machine-generated data. | Enterprise log analysis, security operations, business analytics. |
Security & Compliance
Tools and practices for securing containerized applications and infrastructure.
| Tool/Concept | Description | Use Cases |
|---|---|---|
| PodSecurity / RBAC | Security controls: who can access which k8s resources and how pods run. | Limit privileges with Roles/RoleBindings; run containers as non-root. |
| Image Scanning (Trivy) | Security tool that scans container images for vulnerabilities. | Run Trivy in CI to block publishing of vulnerable images. |
| Falco | Cloud-native runtime security project that detects anomalous activity. | Runtime security, intrusion detection, compliance monitoring. |
| OPA (Open Policy Agent) | General-purpose policy engine that enables unified, context-aware policy enforcement. | Authorization policies, admission control, infrastructure compliance. |
| Kyverno | Kubernetes Native Policy Management that allows users to validate, mutate, and generate resources. | Kubernetes-specific policies, resource validation and mutation. |
| Aqua Security | Full-lifecycle cloud native security platform. | Vulnerability scanning, runtime protection, compliance automation. |
| Sysdig | Container intelligence platform for security and monitoring. | Container runtime security, forensics, compliance monitoring. |
| Vault | Tool for secrets management, encryption as a service, and privileged access management. | Centralized secrets management, dynamic database credentials, encryption services. |
Service Mesh & Networking
Technologies for managing service-to-service communication in distributed systems.
| Tool/Concept | Description | Use Cases |
|---|---|---|
| Istio | Service mesh that provides traffic management, security, and observability. | Complex microservices architectures, fine-grained traffic control. |
| Linkerd | Lightweight service mesh for Kubernetes, focused on simplicity and performance. | Performance-sensitive applications, simpler service mesh requirements. |
| Consul | Service networking solution to connect and secure services across any runtime platform. | Multi-platform service connectivity, service discovery across environments. |
| Traefik | Cloud-native application proxy that can act as an ingress controller. | Dynamic configuration, Let's Encrypt integration, canary deployments. |
| NGINX Ingress Controller | Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. | High-performance ingress, advanced load balancing, web application firewall. |
| HAProxy | Reliable, high performance TCP/HTTP load balancer. | High-performance load balancing, TCP-based services. |
| Envoy | High-performance C++ distributed proxy designed for single services and applications. | Service mesh data plane, edge proxy, API gateway. |
| Calico | Networking and network security solution for containers, virtual machines, and native host-based workloads. | Kubernetes networking, network policies, security enforcement. |
GitOps & Deployment
Tools and methodologies for implementing GitOps workflows.
| Tool/Concept | Description | Use Cases |
|---|---|---|
| Argo CD | Declarative, GitOps continuous delivery tool for Kubernetes. | Application deployment, multi-environment management, rollback capabilities. |
| Flux | GitOps tool for keeping Kubernetes clusters in sync with configuration sources. | Automated deployment, infrastructure automation, Git-based operations. |
| Jenkins X | Cloud-native continuous delivery for Kubernetes, automating CI/CD with GitOps. | Kubernetes-native CI/CD, preview environments, automated promotion. |
| Spinnaker | Multi-cloud continuous delivery platform for releasing software changes. | Complex deployment strategies, multi-cloud deployments, enterprise CD. |
| Tekton | Kubernetes-native framework for building CI/CD systems. | Custom CI/CD pipelines, cloud-native build automation. |
| Drone | Cloud-native continuous delivery platform built on container technology. | Simple CI/CD, Docker-native pipelines, lightweight automation. |
| CircleCI | Continuous integration and delivery platform. | Developer-friendly CI/CD, fast builds, extensive orb ecosystem. |
| GitLab CI/CD | Integrated CI/CD platform within GitLab. | Single application for source code and CI/CD, comprehensive DevOps platform. |
kubectl & Common Commands
Quick reference for everyday kubectl usage.
| Command | What it Does | When to Use |
|---|---|---|
| kubectl get pods | List running pods in current namespace. | Check pod status after deploy. |
| kubectl get all -n <ns> | Show all resources in a namespace. | Quick cluster snapshot for debugging. |
| kubectl apply -f file.yaml | Create or update resources from YAML. | Deploy or change app configuration declaratively. |
| kubectl describe pod <pod> | Detailed information about a pod, events, and reasons for failures. | Investigate CrashLoopBackOff or ImagePullBackOff. |
| kubectl logs <pod> | Show container logs. | Read app output to debug runtime errors. |
| kubectl exec -it <pod> -- /bin/sh | Open shell inside a container. | Inspect files, run commands for debugging. |
| kubectl scale deployment <name> --replicas=N | Change the replica count for a deployment. | Manually scale up during load testing. |
| kubectl rollout status deployment/<name> | Watch rollout progress for updates. | Ensure new image deployed successfully without errors. |
| kubectl port-forward <pod> <local-port>:<pod-port> | Forward one or more local ports to a pod. | Access services running in pods from local machine for testing. |
| kubectl top nodes/pods | Display resource usage (CPU/Memory) of nodes or pods. | Monitor resource consumption, identify resource bottlenecks. |
| kubectl config get-contexts | List available contexts (clusters) in kubeconfig. | Switch between different Kubernetes clusters. |
| kubectl create secret generic <name> --from-literal=key=value | Create a secret from literal values. | Quickly create secrets for testing or development. |
| kubectl patch deployment <name> -p '{"spec":{"replicas":5}}' | Update a resource using a strategic merge patch. | Quickly modify resource properties without editing YAML files. |
| kubectl auth can-i <verb> <resource> | Check if current user can perform an action on a resource. | Debug RBAC permissions, verify user access rights. |