Glossary

Cloud & Infrastructure

556 terms in this category.

Deployment where all nodes handle traffic simultaneously. No idle standby.

Standby nodes activate only when primary fails. Simpler than active-active.

Admission Controller

K8s webhook validating or mutating resources on create.

Scheduling preference for placing workloads on specific nodes. Node affinity and pod affinity in Kubernetes. Ensures pod

Scheduling preference for placing workloads together.

Air-Gapped Cluster

K8s cluster without internet access for security.

Air-Gapped Network

Network physically isolated from internet. Maximum security for sensitive systems.

Prometheus component routing alerts to Slack, PagerDuty based on severity.

Reserving compute resources. CPU/memory in K8s. Over-allocation wastes, under-allocation throttles.

AWS managed Kubernetes. Handles control plane. Integrates IAM, VPC, ALB.

AWS managed database. PostgreSQL, MySQL, Aurora. Automated backups and patching.

Ambassador Pattern

Sidecar handling network communication for main container.

Agentless IT automation using YAML playbooks. No software needed on managed servers — just SSH. Idempotent: running twic

Scheduling constraint spreading workloads across nodes.

Pioneering open-source web server (1995). .htaccess for per-directory config. Lost share to Nginx but still widely used,

A single entry point for multiple APIs. Rate limiting, authentication, routing, and request transformation. Kong, AWS AP

API Rate Limiting

Controlling API request frequency. Token bucket, sliding window algorithms.

K8s central component processing REST operations.

Application Gateway

Cloud L7 load balancer with WAF capabilities.

Application Load Balancer

Layer 7 LB routing by HTTP content. Path, headers, host-based routing.

A Kubernetes-native workflow engine for complex job orchestration. DAG-based pipelines for CI/CD, ML training, and data

Artifact Registry

Storing container images, packages, Helm charts.

Automatically finding services and resources. Service mesh, monitoring.

System automatically recovering from failures. K8s restarts crashed pods.

Cloud instances automatically restarting on hardware failure.

Automatic resource adjustment based on load. Horizontal (more instances) or vertical (more CPU/RAM). K8s HPA and cloud a

Auto Scaling Group

AWS resource managing instance count automatically.

Availability Set

Azure grouping VMs across fault and update domains.

Availability Zone

Physically separate data center within cloud region. Multi-AZ survives facility failures.

Microsoft's cloud platform. Second largest. Strong enterprise integration. AKS, Cosmos DB.

Group of servers behind a load balancer.

A safety copy of data for recovery in case of loss. 3-2-1 strategy: 3 copies, 2 different media, 1 offsite. Restic and B

Backup Strategy

Data protection plan. 3-2-1: 3 copies, 2 media, 1 offsite. RTO and RPO define frequency.

Physical servers without virtualization. Maximum performance, no hypervisor overhead. Hetzner and OVH offer bare metal.

Bare Metal Server

Physical server without virtualization layer.

A hardened server as the single entry point to a private network. SSH jump host for accessing internal servers. Reduces

One-time workload running to completion. K8s Job.

Border Gateway Protocol — internet routing protocol. Determines packet paths across networks.

Binary Authorization

Requiring signed images for deployment. Supply chain.

Database log of data changes. MySQL binlog. Replication and point-in-time recovery.

Storage as raw disk volumes. EBS, Persistent Disks. Single instance attachment. Fast for databases.

Blue-Green (Infra)

Two identical environments for zero-downtime deployment.

Blue-Green Deployment

Maintaining two identical environments (blue and green). Deploy to the inactive one, test, and switch traffic. Instant r

Time to operational state. VMs minutes, containers seconds, serverless milliseconds.

Auto-detect and build apps without Dockerfiles. Heroku, Cloud Native Buildpacks.

Bulkhead Pattern

Isolating components so failure doesn't cascade. Like ship bulkheads preventing flooding.

Temporary resource increase beyond baseline.

Intermediate store for frequent data. Redis between app and DB. Reduces response time.

Pre-loading cache with expected data. After deployment or cache clear.

Canary Deployment

Releasing a new version to a small percentage of users before full rollout. Detects problems early with minimal impact.

Gradual rollout to detect issues. 1%, 5%, 25%, 100%. Monitor at each stage.

Maximum workload a system handles. CPU, memory, bandwidth, IOPS.

Capacity Reservation

Pre-reserving compute capacity for future needs.

A DevOps philosophy: servers should be cattle (identical, replaceable) not pets (unique, irreplaceable). Containers and

Automated deployment to staging or production environments.

Cloud Development Kit — defining cloud infrastructure using programming languages (TypeScript, Python, Go) instead of YA

A Kubernetes add-on automating TLS certificate management. Integrates with Let's Encrypt for automatic certificate issua

Certificate Manager

Automating TLS certificate lifecycle.

Certificate Renewal

Replacing expiring TLS certs. cert-manager automates. Expired certs cause outages.

Change Management

Process controlling infrastructure changes. Approvals, change windows, rollback plans.

Chaos Engineering

Injecting failures to test resilience. Netflix Chaos Monkey, Litmus, Gremlin.

Unix operation changing apparent root directory. Early container-like isolation.

Automated build and test on code commit. GitHub Actions, GitLab CI.

Continuous Integration / Continuous Delivery — automation of build, test, and deployment. GitHub Actions, GitLab CI, and

Circuit Breaker

A pattern preventing cascading failures. When a service fails repeatedly, the circuit 'opens' and returns errors immedia

Circuit Breaking (Infra)

Stopping cascading failures between services.

Methods for accessing cloud resources. Console, CLI, SDK, API.

GCP web application firewall and DDoS protection.

Tracking and managing cloud costs. Budgets, alerts, cost allocation tags.

Extending on-premises to public cloud during demand spikes. Hybrid cloud strategy.

Cloud-native content delivery. CloudFront, Cloud CDN.

Cloud Computing

Delivery of computing resources (servers, storage, databases) over the internet on demand. AWS, Azure, and GCP dominate

Web UI for managing cloud resources. AWS Console, GCP Console, Azure Portal.

Cloud Cost Optimization

Strategies reducing cloud spend: right-sizing, reserved instances, spot instances, and auto-scaling. Kubecost and Infrac

Managed DNS service. Route53, Cloud DNS.

API management and gateway service.

Cloud Formation

AWS IaC service using JSON/YAML templates.

Open-source PaaS. cf push deploys. Alternative to K8s for simpler deployments.

Serverless function triggered by events. Lambda, Cloud Functions, Cloudflare Workers.

Identity and Access Management. Users, roles, policies. Least privilege.

System for initializing cloud instances on first boot. User data scripts.

Cloud Interconnect

Dedicated connection between on-prem and cloud.

Cloud Key Management

Managing encryption keys. AWS KMS, GCP KMS. Rotate, audit.

Cloud Load Balancer

Managed traffic distribution service.

Centralized log collection. CloudWatch Logs, Cloud Logging, Azure Monitor.

Cloud Marketplace

Pre-configured software from vendors. AWS Marketplace, GCP Marketplace.

Cloud Migration

Moving from on-prem to cloud. Lift-and-shift, re-platform, or re-architect.

Cloud Monitoring

Tracking cloud resource health. CloudWatch, Cloud Monitoring. Alerts.

Managed NAT gateway for private instance internet access.

An approach to building applications that leverage cloud advantages: containers, microservices, CI/CD, and dynamic infra

Virtual networking in cloud. VPC, subnets, routing, peering. Software-defined.

Company offering cloud services. AWS, Azure, GCP, DigitalOcean, Hetzner.

GCP serverless container platform. Deploy containers without managing servers.

Cloud Scheduler

Managed cron job service. Triggers functions or HTTP.

Cloud Security Posture

CSPM — monitoring cloud configuration for misconfigurations.

Browser-based terminal in cloud providers. Pre-installed tools. Instant access.

Money spent on cloud services. Often exceeds budget. Optimization important.

Managed relational database service. PostgreSQL, MySQL.

On-demand internet-accessible storage. Object (S3), block (EBS), file (EFS).

Distributed task queue for async work execution.

Reusable infrastructure definition. CloudFormation, ARM templates, Terraform modules.

Distributed tracing service for latency analysis.

VPN connecting on-premises to cloud. Site-to-site, client VPN.

Cluster Autoscaler

Automatically adjusts the number of nodes in a Kubernetes cluster based on pending pods. Scales up when pods can't be sc

Internal DNS for K8s service discovery. CoreDNS.

Cluster Federation

Managing multiple K8s clusters as one.

K8s service accessible only within cluster. Default type. Internal load balancing.

Cluster Management

Managing groups of servers. Scheduling, scaling, monitoring, upgrading.

Cluster Upgrade

Updating K8s version across control and data planes.

DNS record mapping domain to domain. www → apex. Used for CDN and SaaS custom domains.

Delay when a serverless function runs for the first time or after idle. Provisioning the execution environment takes 100

Cold Storage (Cloud)

Cheapest storage tier for rarely accessed data. Glacier, Archive.

A YAML file (docker-compose.yml) defining multi-container applications. Services, networks, volumes, and environment var

Compute Instance

Virtual cloud server. EC2, Compute Engine, Droplet. On-demand or reserved pricing.

Compute Optimizer

Recommendation engine for right-sizing resources.

Config Connector

Managing cloud resources via K8s manifests.

Config Management

Consistent configuration across servers. Ansible, Chef, Puppet. Idempotent operations.

K8s resource for non-sensitive configuration data.

A Kubernetes object storing non-sensitive configuration as key-value pairs. Injected into pods as environment variables

Connection Draining

Completing in-flight requests before removing server. Prevents dropped connections.

Connection Pooling

Reusing database connections. PgBouncer, HikariCP. Reduces overhead.

HashiCorp service discovery and config. Health checking, KV store. Multi-datacenter.

Container Image

Read-only template for containers. Dockerfiles, layers, registries. Base images.

Container Networking

How containers communicate. Bridge, overlay, host networking. CNI plugins: Calico, Cilium.

Container Orchestration

Managing container lifecycle. Kubernetes, Docker Swarm, Nomad.

Container Registry

A repository for storing and distributing container images. Docker Hub, GitHub Container Registry, and AWS ECR. Private

Container Runtime

Software executing containers. containerd and CRI-O are Kubernetes container runtimes. Docker uses containerd internally

Container Security

Securing containers. Image scanning, runtime protection, least privilege.

Containerization

Packaging applications with dependencies in isolated containers. Docker is the standard. Containers share the host kerne

Content Delivery

Distributing content via geo-distributed servers. CDNs cache at edge.

K8s reconciliation cycle comparing desired vs actual state.

The brain of a Kubernetes cluster managing state: API server, scheduler, controller manager, and etcd. Worker nodes comm

Copy-on-Write (Storage)

Writes create new copies, not modify originals. Docker layers, ZFS snapshots.

The default DNS server in Kubernetes. Resolves service names to cluster IPs. Plugin-based architecture. Handles service

Cost Allocation

Tagging resources to track costs by team, project, environment.

Tool analyzing cloud spending. AWS Cost Explorer, GCP Cost Management.

Cost Management

Tools and practices for controlling cloud spending.

Web hosting control panel. Domains, email, databases. Popular with shared hosting.

Burstable instance pricing. Earn credits at baseline, spend on burst. AWS T-series.

Reducing speed for heat or resource limits. K8s CPU limits throttle pods.

Custom Resource Definition — extending Kubernetes API with custom object types. Operators use CRDs to manage complex app

Cron Expression

Syntax defining scheduled times. '0 */6 * * *' = every 6 hours. Five fields.

K8s scheduled recurring task. Same as Unix cron.

A Kubernetes resource running jobs on a schedule (cron syntax). Database backups, report generation, and cleanup tasks.

Accessing resources across cloud accounts. IAM roles, resource policies.

Resources across multiple regions. Replication for DR. Adds latency, improves availability.

Custom Controller

K8s controller implementing custom reconciliation logic.

App-specific measurements beyond system metrics. Business KPIs, queue depth.

Custom Resource

K8s API extension for domain-specific objects.

A Kubernetes resource ensuring a pod runs on every node. Used for logging agents, monitoring, and network plugins. Autom

A physical facility housing servers, storage, and networking equipment. Hetzner, Equinix, and AWS operate global data ce

Secondary storage volume for data separate from boot.

Processing data near its storage. Reduces network transfer. Edge computing.

The component handling actual traffic/data flow, as opposed to the control plane. In service mesh, Envoy sidecars are th

Data Replication

Copying data across nodes. Synchronous (strong consistency) or async (eventual).

Policies for how long data is stored. Compliance, costs, operational needs.

Data Sovereignty

Legal requirement keeping data within geographic boundaries. Cloud regions address this.

Moving data between regions or providers. Egress costs.

DDoS Protection

Defending against distributed denial of service. CloudFlare, AWS Shield.

Declarative Config

Specifying desired state, not steps. K8s manifests, Terraform. System reconciles.

Physical server exclusively for one customer. Compliance.

Deployment Automation

Scripted deployment processes. Terraform, Ansible, CI/CD pipelines.

Deployment Controller

K8s controller managing ReplicaSets for deployments.

Deployment Manifest

File describing how to deploy. K8s Deployment YAML, Docker Compose.

Deployment Slot

Azure feature for staging deployments. Swap between slots for zero downtime.

Deployment Strategy

How new versions replace old ones. Rolling update (gradual), blue-green (instant switch), canary (percentage), and recre

Declared target configuration. K8s reconciles actual to desired state.

Auto-assigns IP addresses to devices. Server manages pools. Every router runs DHCP.

Disaster Recovery

Plans and processes for restoring systems after a disaster. Includes RPO (tolerable data loss) and RTO (maximum recovery

Disk Encryption

Encrypting storage device. LUKS, BitLocker, FileVault. Protects against theft.

Packaged software version. Linux distros, K8s distros (K3s, RKE2).

Managing domain name records. Route53, Cloudflare DNS, Google Cloud DNS.

Entry mapping names to values. A, CNAME, MX, TXT, NS records.

Creating image from Dockerfile. Layer caching. Multi-stage reduces final size.

Default container registry. Public/private repos. Official images. Rate limits.

Virtual networks connecting Docker containers. Bridge (default), host, overlay (multi-host), and macvlan. Containers on

Docker Registry

Storage for container images. Docker Hub, ECR, GCR, Harbor.

Docker's native orchestration. Simpler than K8s. Services, stacks. Smaller deployments.

Persistent storage for Docker containers that survives container restarts. Named volumes, bind mounts, and tmpfs. Essent

Reducing resources when demand decreases. K8s HPA scales down. Saves costs.

Gracefully removing workloads from node before maintenance.

When actual infrastructure state differs from declared state. Manual changes cause drift. Terraform plan detects drift.

Elastic Block Store — AWS persistent block storage for EC2. Like virtual hard drives. Snapshots for backup. gp3, io2, an

AWS block storage. gp3, io2 types. Snapshots.

AWS container orchestration. Task definitions, Fargate serverless. AWS-native alternative to EKS.

Processing data close to the user instead of a central data center. Reduces latency. Cloudflare Workers and Vercel Edge

CDN point of presence near users. Caches content for fast delivery.

A distributed network of servers at the periphery, close to users. Cloudflare, AWS CloudFront, and Vercel Edge. Reduces

Outbound traffic leaving network. Cloud charges for egress. CDNs reduce origin egress.

Running EKS on-premises or other clouds.

Elastic Block Store

AWS persistent block storage for EC2 instances.

Elastic Compute

Cloud instances scaling automatically. EC2 Auto Scaling, GCP MIGs.

Elastic File System

AWS managed NFS. Shared across instances.

Static public IP in AWS reassignable between instances. Consistent endpoints.

Elastic Load Balancing

AWS managed load balancer service. ALB, NLB, CLB.

The ability to automatically expand and contract resources based on demand. Different from scalability which is the abil

K8s object listing IP addresses backing a service.

Deployment stage: dev, staging, prod. Each has own config. Parity minimizes surprises.

A high-performance L7 proxy designed for service mesh. Sidecar in Istio. Advanced load balancing, circuit breaking, and

Ephemeral Container

Temporary K8s container for debugging running pods.

Ephemeral Storage

Temporary storage that disappears when a container restarts. Container filesystem and emptyDir volumes. Not for persiste

A distributed key-value store used as Kubernetes' backing store. Stores all cluster state: configs, secrets, and service

AWS service for event routing between services. Event-driven architecture.

K8s removing pod from node due to resource pressure.

A Kubernetes add-on synchronizing DNS records with service endpoints. Automatically creates Route53, Cloudflare, or othe

External Secrets

K8s operator syncing secrets from external vaults.

Automatic transfer to a backup system when the primary fails. Database replicas, load balancers, and multi-AZ ensure fai

AWS serverless compute for containers. No server management. Per-task pricing.

Fault Injection

Deliberately causing failures for resilience testing. Network delays, crashes.

Fault Tolerance

Continuing operation despite failures. Redundancy, replication, graceful degradation.

A mechanism enabling or disabling features at runtime without deployment. Kubernetes uses feature gates for beta feature

Network-accessible storage with filesystem. NFS, EFS. Shared across instances.

K8s mechanism ensuring cleanup before object deletion.

Firewall (Cloud)

Network security filtering. Security groups, NACLs, WAF, Cloud Armor.

Policy allowing/denying traffic. Source/dest IP, port, protocol. Default deny best.

Fleet Management

Managing multiple clusters or servers as a group.

Public IP movable between servers. Used for failover. DigitalOcean, Hetzner.

An open-source log collector and aggregator. Unified logging layer. Collects from multiple sources, transforms, and rout

A GitOps tool continuously reconciling cluster state with Git. CNCF graduated project. Alternative to ArgoCD. Watches Gi

Function as a Service

FaaS — serverless execution model. Lambda, Cloud Functions. Event-triggered.

K8s next-gen Ingress replacement. More expressive routing. HTTPRoute.

Google Cloud Platform. BigQuery, GKE, Cloud Run. Strong in data and ML.

Geo-Distributed

Deployed across multiple geographic regions. Global availability.

Storage for code and history. GitHub, GitLab, Bitbucket, CodeCommit.

An operational framework using Git as the single source of truth for infrastructure. Changes via pull requests, automate

Google K8s where Google manages nodes. Per-pod billing.

Pre-configured machine template. OS, software, config. Packer builds golden images.

Cloud VM with GPU acceleration. ML training, rendering.

Graceful Degradation

System continues with reduced functionality when parts fail.

Graceful Degradation (Infra)

Continued operation with reduced capability.

Open-source visualization platform. Dashboards for Prometheus, Loki. Metrics and logs.

A high-performance RPC framework by Google using Protocol Buffers. Strongly typed, HTTP/2 based, bidirectional streaming

A high-performance TCP/HTTP load balancer and proxy. Used by GitHub, Reddit, and Stack Overflow. Advanced health checkin

An open-source container registry with security scanning, RBAC, and replication. Enterprise-grade alternative to Docker

An endpoint reporting if a service is functioning correctly. Load balancers and orchestrators use health checks to route

Health Check (Cloud)

Monitoring if service is alive and ready. HTTP probes, TCP checks.

Health Endpoint

API reporting service health. GET /health. Load balancers poll it.

Periodic alive signal. Missing heartbeats trigger failover in distributed systems.

The package manager for Kubernetes. Helm charts bundle K8s manifests into reusable, versioned packages. Install complex

Kubernetes package manager template for deployments

High Availability

System design minimizing downtime. Redundancy, automatic failover, and multi-region ensure 99.9%+ uptime. Measured in ni

High Performance Computing

HPC — massive parallel processing. Scientific simulations, genomics.

Horizontal Pod Autoscaler

HPA — a Kubernetes resource automatically scaling pod replicas based on CPU, memory, or custom metrics. Scales up under

Horizontal Scaling

Adding more machines to handle increased load. Stateless services scale horizontally easily. Kubernetes HPA automates ho

Container sharing host's network namespace. No isolation. Maximum performance.

K8s volume mounting host filesystem directory into pod.

Host-Based Routing

Load balancer routing by hostname. Multiple domains to different backends.

A backup system running simultaneously with the primary, ready for instant failover. Database replicas in hot standby re

HTTP Health Check

Verifying service by sending HTTP request to endpoint.

HTTP Load Balancer

Layer 7 load balancer. Routes by URL, headers. AWS ALB, GCP HTTP LB.

Server proactively sending resources. Deprecated but concept lives in preload.

Combining public cloud with private infrastructure (on-premises or private cloud). Sensitive data stays private, variabl

Hybrid Cloud (Detail)

Combining on-premises and public cloud infrastructure.

Large-scale cloud providers. AWS, Azure, GCP. Massive global infrastructure.

Software creating and managing virtual machines. Type 1 (bare-metal): VMware ESXi, KVM. Type 2 (hosted): VirtualBox, Par

Infrastructure as a Service — virtual infrastructure on demand. AWS EC2, Google Compute, Hetzner. The user manages the O

Identity and Access Management — managing who can access what. AWS IAM, Azure AD, and Okta control identities, roles, an

JSON document defining permissions. Actions, resources, conditions. Least privilege.

Set of permissions assignable to users or services. Temporary credentials.

Running instance with low or no utilization. Waste.

Image Pull Policy

K8s policy for pulling container images. Always, IfNotPresent, Never.

Image Pull Secret

K8s secret for accessing private container registries.

Service storing container images. Docker Hub, ECR, Harbor. Vulnerability scanning.

A label identifying a specific version of a container image. 'latest' is the default but pinning specific tags (v1.2.3)

Immutable Deployment

Replacing entire infrastructure instead of modifying. No drift.

Immutable Infrastructure

Servers are never modified after deployment — replaced entirely with new versions. Prevents configuration drift. Contain

Incident Management

Detecting, responding to, resolving disruptions. On-call, runbooks, post-mortems.

Infrastructure as Code

IaC — managing infrastructure through config files instead of manual processes. Terraform (HCL), Pulumi (code), and Ansi

Infrastructure Drift

Actual state diverging from declared IaC state.

Infrastructure Monitoring

Tracking health and performance of servers, networks, and services. CPU, memory, disk, network metrics. Prometheus + Gra

A Kubernetes resource managing external HTTP/HTTPS access to services. Defines routing rules, TLS termination, and virtu

Ingress Controller

K8s component implementing Ingress rules. Nginx, Traefik. TLS, routing.

Ingress Traffic

Inbound traffic entering a network or service.

A Kubernetes container running before the main app container. Performs setup: downloading configs, waiting for dependenc

Instance Metadata

Cloud VM info available at 169.254.169.254.

Cloud VM specification. CPU, memory, storage, network. t3.large, n1-standard-4.

Integration Testing

Testing interactions between services. After unit tests, before E2E.

DNS resolution within private networks. Route53 private zones, CoreDNS.

Internal Load Balancer

Load balancer within private network. K8s ClusterIP services.

Internet Gateway

Cloud component enabling VPC internet access. Attached to public subnets.

I/O Operations Per Second. SSDs: 10K-100K+. HDDs: 100-200. Critical for databases.

Device identifier on network. IPv4 (32-bit), IPv6 (128-bit). Public and private.

The most popular service mesh for Kubernetes. Traffic management, security (mTLS), and observability between microservic

Open-source distributed tracing. Request journeys across services. CNCF graduated.

A Kubernetes resource running a pod to completion. One-off tasks: database migrations, batch processing, reports. Tracks

K8s managing batch jobs to completion.

Hardened server for internal network access. SSH gateway. Also called bastion host.

Lightweight Kubernetes distribution by Rancher. Single binary under 100MB. Perfect for edge, IoT, and development. Full

Core of operating system. Manages hardware, processes, memory. Linux kernel.

Regularly changing encryption and access keys. Automated via KMS.

K8s network proxy on each node. Service routing.

Agent on each K8s node. Ensures containers running. Communicates with API server.

Kubernetes Cluster

A set of nodes running containerized applications managed by Kubernetes. Control plane manages the cluster; worker nodes

A Kubernetes-native configuration management tool. Overlays customize base manifests without templates. Built into kubec

Key-value pairs on K8s objects. app:nginx, env:prod. Selectors target labels.

Shared code package for AWS Lambda. Common dependencies across functions.

Time between a request and response. Measured in milliseconds. P50, P95, P99 are common percentiles. CDNs and edge compu

Layer 4 Load Balancer

TCP/UDP load balancing. Faster than L7 but less routing flexibility.

Least Connection

LB routing to fewest connections. Better than round-robin for varied durations.

K8s container callback on start or stop.

An ultralight service mesh for Kubernetes. Written in Rust for performance. Simpler than Istio with automatic mTLS, metr

Linux Container

Process isolated via namespaces, cgroups, union FS. Docker, LXC. Lighter than VMs.

Moving running VM between hosts without downtime. Maintenance operations.

A Kubernetes check determining if a pod is alive. If it fails, K8s restarts the pod. Detects deadlocks and hung processe

Unix system load metric over 1/5/15 min. Above CPU count = overloaded.

Distributes network traffic across multiple servers to optimize performance and availability. Nginx, HAProxy, and cloud

Load Balancer Service

K8s service exposing pods via cloud load balancer.

Load Balancing Algorithm

Traffic distribution strategy. Round-robin, least connections, IP hash.

Rejecting excess traffic to protect service. Circuit breaker, rate limiting.

Testing system performance under expected load. Identifies bottlenecks before production. k6, JMeter, and Artillery are

K8s volume using node local storage for performance.

Log Aggregation

Collecting logs from multiple services into a centralized system. ELK (Elasticsearch, Logstash, Kibana), Loki + Grafana,

Container logging mechanism directing stdout/stderr.

Severity: DEBUG, INFO, WARN, ERROR, FATAL. Adjustable at runtime.

Archiving old logs for disk space. Size or time based. logrotate on Linux.

Sending logs to central location. Fluentd, Filebeat, Vector.

Recording events and information during software execution. Structured logging (JSON) facilitates analysis. ELK Stack, L

A log aggregation system by Grafana Labs. Indexes only labels, not log content, making it efficient and cheap. Pairs wit

Template for launching VMs. AMI, Compute Engine image. Golden images.

Maintenance Window

Scheduled time for system maintenance. Updates, patches, restarts.

Managed Certificate

Cloud-provided auto-renewing TLS certificate.

Managed Database

Cloud-provider managed database with automated operations

Managed Kubernetes

Cloud-operated K8s control plane. EKS, GKE, AKS.

Managed Service

Cloud service with provider handling infra. RDS, EKS, ElastiCache.

Maximum pods per K8s node. Varies by CNI and instance type.

Max memory for process/container. K8s OOMKill when exceeded.

K8s minimum guaranteed memory for pod. Scheduler uses for placement.

Async communication between services. RabbitMQ, SQS, NATS. Decouples services.

A bare-metal load balancer for Kubernetes. Provides LoadBalancer service type in environments without cloud load balance

A numerical measurement over time. Request latency, error rate, CPU usage, and memory consumption. Prometheus collects m

Microservice Architecture

System of small independent services. Own databases, APIs. Scale independently.

Migration Strategy

Plan for moving between systems. Lift-shift, re-platform, re-architect, replace.

An S3-compatible object storage server. Self-hosted, high-performance, Kubernetes-native. Used for ML data, backups, and

Collecting and analyzing metrics from production systems. CPU, memory, latency, errors. Prometheus, Grafana, and Datadog

Monitoring Stack

Combined tools: Prometheus + Grafana + Alertmanager.

Directory where filesystem/volume attached. /mnt/data. K8s volumeMounts.

Using multiple cloud providers to avoid vendor lock-in, improve resilience, and optimize costs. Terraform facilitates mu

Deploying across geographic regions for availability.

Multi-Stage Build

A Dockerfile technique using multiple FROM statements. Build in one stage, copy only artifacts to the final slim image.

Single system serving multiple customers. Data isolation, fair resources.

A virtual cluster within Kubernetes for resource isolation. Teams, environments (dev/staging/prod), or applications get

Namespace (K8s)

K8s virtual cluster within physical cluster.

Network Address Translation. Private to public IP. NAT gateways in VPCs.

Stateless firewall at subnet level. Allow/deny by IP, port, protocol.

Network Interface

Virtual network card. ENI in AWS. Security groups attached. Multiple IPs.

Network Latency

Time for data between two points. CDNs and edge computing minimize.

Network Load Balancer

Layer 4 LB. TCP/UDP. Millions of requests/sec. Low latency.

Kubernetes resource controlling pod-to-pod communication. Allow or deny traffic based on labels, namespaces, and ports.

Network File System. Shared remote storage. K8s PersistentVolumes.

High-performance web server and reverse proxy serving 35%+ of websites. Event-driven, non-blocking. Configuration via .c

Server in cluster. K8s worker nodes run pods. Physical, VM, or cloud.

A machine (physical or virtual) in a Kubernetes cluster. Runs pods and is managed by the control plane. Kubelet is the a

Kubernetes scheduling constraint placing pods on specific nodes based on labels. Required (hard) or preferred (soft) rul

Gracefully removing workloads from K8s node before maintenance.

Collection of similar compute nodes managed together.

A group of nodes with identical configuration in a Kubernetes cluster. Different pools for different workloads: GPU node

Simple K8s scheduling by node labels. nodeSelector: gpu: 'true'.

K8s marking node to repel pods without matching toleration.

K8s service on each node's IP at static port. 30000-32767. Simple external access.

Preventing deletion for retention period. S3 Object Lock for compliance. WORM storage.

Storage for unstructured data accessed via HTTP APIs. S3, R2, and MinIO. Cheap, infinitely scalable, and durable (99.999

Object Versioning

Keeping all versions of stored objects. S3 versioning. Accidental delete recovery.

The ability to understand a system's internal state from its outputs: metrics, logs, and traces. The three pillars of mo

On-Demand Instance

Cloud VM billed per hour/second. No commitment.

Infrastructure in own data center. Full control, capital expense. Hybrid with cloud.

Linux killing process exceeding memory. K8s pods killed at memory limit.

Open Policy Agent for declarative policy enforcement.

A CNCF standard for distributed tracing, metrics, and logs. Vendor-neutral instrumentation. SDKs for all major languages

Operator Pattern

A Kubernetes pattern automating complex application management. Custom controllers watch CRDs and reconcile desired stat

Automated management of containers in production: scheduling, scaling, networking, and health checks. Kubernetes is the

System managing container lifecycle. Kubernetes, Docker Swarm, Nomad.

The source server behind CDN or proxy. Serves original content.

Period service unavailable. Post-mortems identify root cause and prevention.

Over-Provisioning

Allocating more than needed for headroom. Wastes money. Auto-scaling reduces need.

Overlay Network

Virtual network spanning multiple hosts for containers.

Platform as a Service — a managed platform for development and deployment. Vercel, Railway, and Heroku. Abstracts server

Unit of network data. Header (routing) and payload (data). IP packets, TCP segments.

OS caching disk data in memory. Frequently accessed files from RAM.

Division of disk, database, or queue. Sharding, Kafka partitions for parallelism.

Path-Based Routing

Load balancer routing by URL path. /api → backend, /app → frontend.

Pod Disruption Budget. K8s minimum availability guarantee.

Direct network connection between networks. Reduces latency and costs.

PersistentVolume

Kubernetes storage abstraction decoupling storage provisioning from consumption. PVs represent physical storage; PVCs ar

PersistentVolumeClaim

K8s request for storage. References StorageClass. Binds to PersistentVolume.

Testing connectivity via ICMP echo. Measures round-trip time. Basic diagnostic.

An automated sequence of stages: build → test → deploy. Defined in YAML. Each stage contains jobs running in parallel or

Platform as a Service

PaaS — abstracts infra. Push code, platform deploys. Heroku, Railway.

Platform Engineering

Building internal developer platforms and tooling

The smallest unit in Kubernetes. Contains one or more containers sharing network and storage. Pods are ephemeral — creat

K8s scheduling pods near related pods. Co-locate for performance.

Pod Disruption Budget

PDB — a Kubernetes resource ensuring minimum availability during voluntary disruptions. Prevents too many pods from bein

K8s pod security controls. Security contexts, restricted/baseline/privileged standards.

The specification defining a Kubernetes pod: containers, volumes, environment variables, resource limits, and scheduling

Defining policies in code. Open Policy Agent, Kyverno. Automated enforcement.

Port Forwarding

Redirecting network traffic from one port to another. kubectl port-forward for accessing K8s services locally. SSH tunne

Cheap cloud instance reclaimable anytime. Spot Instances. For batch and CI/CD.

K8s removing lower-priority pods for higher-priority ones.

Kubernetes resource defining pod scheduling priority. Higher priority pods preempt lower ones when resources are scarce.

Cloud infrastructure dedicated to a single organization. Proxmox, OpenStack, and VMware enable private cloud. More contr

DNS resolving only within private network. Internal service discovery.

Private Endpoint

Cloud service accessible only within private network.

Direct private connectivity to cloud services.

Network without direct internet. Backend services, databases. NAT for outbound.

Process (Infra)

Running program instance. PID identifies. Isolated memory space.

Open-source monitoring. Pull-based metrics. PromQL. CNCF graduated. K8s standard.

Prometheus (Detail)

Pull-based metrics. PromQL. K8s monitoring standard.

Rules governing communication. HTTP, TCP, UDP, gRPC, MQTT.

The process of preparing and configuring infrastructure for use. Terraform provisions cloud resources; Ansible configure

Intermediary between client and destination. Forward (client), reverse (server).

Cloud resources shared among multiple customers, managed by the provider. AWS, Azure, GCP. Pay-as-you-go, global scale,

Network with direct internet via gateway. Web servers, load balancers.

Infrastructure as Code using real programming languages (TypeScript, Python, Go, C#). Alternative to Terraform's HCL. Fu

Process consuming queue messages. Runs continuously. Sidekiq, Celery, Bull.

Redundant disk array. RAID 0 striping, 1 mirroring, 5 parity, 10 stripe+mirror.

Rate Limit (Infra)

Controlling request frequency to protect services. Token bucket, leaky bucket, and fixed window algorithms. Implemented

Role-Based Access Control — assigning permissions to roles instead of individual users. Admin, editor, viewer are common

Database copy for read queries. Offloads primary. Async replication, slight delay.

Readiness Probe

A Kubernetes check determining if a pod is ready to receive traffic. Fails during startup or when overloaded. Traffic is

In-memory data store. Caching, sessions, queues. Sub-millisecond latency.

Geographic area with cloud data centers. us-east-1, europe-west1. Choose near users.

A copy of data or service for redundancy and performance. Database read replicas offload queries. K8s ReplicaSets mainta

K8s resource maintaining desired number of pod replicas.

Replication Controller

Legacy K8s resource maintaining pod replicas. Replaced by ReplicaSet.

Request Routing

Directing requests to appropriate service. Path, header, weight-based.

Reserved Instance

Cloud capacity pre-purchased at discount. 1-3 year terms. 30-70% savings.

Max CPU/memory for container. K8s requests and limits. Prevents starvation.

Kubernetes mechanism limiting resource consumption per namespace. CPU, memory, storage, and object count limits. Prevent

Resource Request

K8s minimum guaranteed CPU/memory for scheduling.

Key-value metadata on cloud resources. Env:prod, Team:backend. Cost allocation.

IP to domain mapping. PTR records. Email validation. Mismatched causes issues.

An intermediary server between clients and backend. Nginx, Caddy, and Traefik do load balancing, SSL termination, cachin

Role-Based Access

RBAC — permissions based on user roles. Admin, editor, viewer.

Reverting to previous deployment version.

Rolling Restart

Restarting instances one at a time. Zero downtime for config changes.

A deployment strategy updating instances gradually: remove one old, add one new. Zero downtime. Kubernetes does rolling

Primary storage volume for instance boot. OS and essential files.

Equal request distribution in order. Simple LB. Weighted for unequal servers.

Rules directing network traffic. VPC routes map CIDRs to targets.

Step-by-step operational procedures. Restart, alerts, maintenance. Automate over time.

Runbook Automation

Executing operational procedures automatically. PagerDuty, Rundeck.

Environment where code executes. Node.js, JVM, containerd.

Simple Storage Service — AWS object storage, the de facto standard. Buckets store objects (files). 11 nines durability.

Software as a Service — software delivered via browser with a subscription. Examples: Notion, Slack, Figma. The user doe

AWS flexible pricing with commitment to usage amount.

A system's ability to handle increasing load. Horizontal (more machines) vs vertical (bigger machine). Kubernetes facili

Removing instances when demand decreases. Cost saving.

Adding instances when demand increases. Handle more traffic.

Azure resource for managing identical VM instances.

Rules for when/how to scale. CPU-based, custom metrics. Cooldown prevents oscillation.

Component deciding workload placement. K8s scheduler, OS CPU scheduler.

Encrypted K8s secret that can be safely stored in Git.

A Kubernetes object storing sensitive data: passwords, tokens, and certificates. Base64 encoded (not encrypted by defaul

Service storing and accessing sensitive configuration.

Secrets Management

Secure management of credentials, tokens, and keys. Never in code. HashiCorp Vault, AWS Secrets Manager, and Doppler cen

Virtual firewall for cloud resources. Inbound/outbound rules. Stateful.

Server Capacity

Maximum requests/connections a server handles. Determined by CPU, RAM, IO.

Standard 42U frame for data center equipment. 19-inch width. Power, cooling.

A model where the cloud provider manages servers. The developer only writes functions executing in response to events. A

Serverless Framework

Tool deploying serverless functions. Serverless, SAM, SST.

Service Account

A Kubernetes identity for pods to authenticate with the API server and external services. Workload identity maps K8s ser

Service Discovery

Auto-detecting services. DNS-based, Consul, K8s. Dynamic, no hardcoded addresses.

Service Endpoint

Network endpoint where service is accessible.

An infrastructure layer managing communication between microservices. Istio and Linkerd add observability, security, and

Service Registry

Database of available services and locations. Consul, etcd. Service discovery.

K8s service exposure method: ClusterIP, NodePort, LoadBalancer.

Session Affinity

Routing user requests to same server. Cookie or IP based. For stateful apps.

Horizontal data partition across databases. Each holds subset. Scales writes.

Storage accessible by multiple instances. NFS, EFS. Shared data.

VPC shared across multiple cloud projects.

Sidecar Container

Container alongside main app. Logging agents, proxies. Service mesh sidecars.

Sidecar Pattern

An auxiliary container running alongside the main container in a Pod. In service mesh, the sidecar proxy (Envoy) interce

Single Point of Failure

SPOF — component whose failure causes entire system failure.

Site Reliability Engineering

SRE — applying software engineering to operations. Google originated.

Service Level Agreement — a contract defining uptime guarantees. 99.9% (8.7h downtime/year), 99.99% (52min/year). Financ

Service Level Agreement defining uptime guarantees. 99.99% = 52min downtime/year.

Service Level Indicator — quantitative measure: latency, error rate, throughput.

Service Level Objective — target for SLI. 99.9% availability. Internal targets.

A point-in-time copy of a disk, VM, or database state. Allows restoring to a specific moment. Faster than full backup.

Snapshot (Detail)

Point-in-time volume copy for backup and cloning.

Snapshot Policy

Automated schedule for creating volume snapshots.

Source NAT modifying outgoing packet source IP. Load balancers, NAT gateways.

Software-Defined Networking

SDN — managing networks through software. Cloud VPCs are SDN.

Spare cloud capacity available at 60-90% discount. Can be reclaimed with 2-minute notice. Ideal for batch processing, CI

Cryptographic key pair for SSH access. ssh-keygen. Public key on server.

SSL Termination

Decrypting TLS at load balancer. Offloads encryption from backend.

Staging Environment

Pre-production environment for final testing. Mirrors production.

K8s check for slow-starting containers. Prevents liveness probe killing during startup.

Terraform state tracking deployed resources. Remote state in S3 for teams.

A Kubernetes resource for stateful applications. Guarantees ordered deployment, stable network identities, and persisten

Stateless Service

Service storing no local state. All state in external stores. Easy to scale.

IP address that doesn't change. Elastic IP, reserved IP. For DNS and whitelisting.

AWS workflow orchestration. State machines. Sequential, parallel, error handling.

Storage Account

Azure service for blobs, files, queues, tables.

K8s resource defining storage tiers. Standard SSD, premium IOPS, economy HDD.

Storage Gateway

Bridge between on-premises and cloud storage. Cache locally, store in cloud.

Stream Processing

Continuous real-time data processing. Kafka Streams, Flink, Spark Streaming.

Testing a system beyond normal load to find the breaking point. Reveals how the system fails and recovers. Essential for

IP network subdivision. 10.0.1.0/24 = 256 addresses. Public and private in VPCs.

Dividing network into smaller segments. CIDR notation. Security and organization.

K8s adding extra nodes during cluster upgrade.

Disk overflow when RAM full. Much slower. K8s typically disables swap.

Standard log transmission protocol. Centralized logging from devices and servers.

System Administrator

Person managing IT infrastructure. Servers, networks, security. SysAdmin.

System Namespace

K8s kube-system namespace for core components.

Key-value metadata on resources for organization, billing, automation.

Taint and Toleration

Kubernetes mechanism preventing pods from scheduling on certain nodes. Nodes are tainted; only pods with matching tolera

AWS group of instances receiving load balancer traffic.

Reliable ordered connection protocol. Acknowledgments and retransmission. HTTP, SSH.

TCP Health Check

Verifying service by attempting TCP connection.

TCP Load Balancer

Layer 4 LB routing TCP connections. Database, MQTT, non-HTTP protocols.

A cloud-native CI/CD framework for Kubernetes. Pipeline resources are K8s CRDs. Serverless, runs only when triggered. Fo

Infrastructure as Code tool. HCL language. Plan, apply. Multi-cloud.

Terraform (Tool)

HashiCorp's IaC tool using HCL language to provision resources on AWS, Azure, GCP, and 3,000+ providers. Plan before app

Terraform Module

A reusable, self-contained package of Terraform configuration. Modules encapsulate infrastructure patterns. The Terrafor

Terraform Provider

Plugin managing resources in platform. AWS, Azure, GCP. 3000+ providers.

Terraform State

A file tracking the current state of managed infrastructure. Maps resources to real-world objects. Remote state (S3, Ter

Limiting request rate to prevent overload.

The amount of work processed per unit of time. Requests/second, transactions/second, bytes/second. A key performance met

Time to Recovery

TTR — time to restore service after failure. Part of SLA.

Cryptographic protocol for secure communication. TLS 1.3 current. Encryption and auth.

Topology Spread

K8s distributing pods across zones/nodes evenly.

Record of request journey through distributed system. Spans for individual operations.

Traffic Management

Controlling request flow. Routing, load balancing, rate limiting.

Traffic Shaping

Controlling network flow. Rate limiting, QoS, bandwidth allocation.

Encrypted channel through network. VPN tunnel, SSH tunnel, GRE tunnel.

Twelve-Factor App

A methodology for building modern, scalable SaaS applications. 12 principles including config in environment, stateless

Connectionless fast protocol. No delivery guarantee. DNS, video streaming, gaming.

Under-Provisioning

Insufficient resources causing performance issues. Monitor and scale.

Upgrade Strategy

Plan for updating software versions. Rolling, blue-green. Backward compatibility.

Percentage system is operational. 99.9% = 8.77h/year downtime.

Usage Monitoring

Tracking resource consumption. CPU, memory, network, storage. Cost control.

HashiCorp secret management. Dynamic secrets, encryption, PKI.

A Kubernetes backup and disaster recovery tool. Backs up cluster resources and persistent volumes. Restores to same or d

Vertical Pod Autoscaler

K8s auto-adjusting pod CPU/memory requests.

Vertical Scaling

Adding more resources (CPU, RAM) to an existing machine. Limited by hardware maximum. Simpler than horizontal scaling bu

IP address not tied to specific hardware. VIPs for load balancing and failover.

Virtual Machine

Emulation of a complete computer inside another. Has its own OS, RAM, and virtual storage. More isolated but heavier tha

Virtual Network

Software-defined network in cloud. VPCs, VNets. Isolated with subnets.

Technology creating virtual versions of physical resources. Enables running multiple OSes on a single hardware. Proxmox,

Virtual LAN — logically segmenting physical network. Isolates traffic.

Attaching storage to a container at a specific path. Docker -v flag, K8s volumeMounts. Persists data beyond container li

Virtual Private Cloud — an isolated virtual network within the public cloud. Subnets, routing tables, and security group

Direct network connection between two VPCs.

An encrypted connection between two networks over the internet. Site-to-site VPNs connect offices. WireGuard and IPSec a

Pre-initialized instances for quick scaling. Reduces cold start time.

Scaled-down copy of production for DR. Quick scale-up when needed.

Webhook (Infra)

HTTP callback for event notification. Git push triggers CI/CD.

Weighted Routing

Distributing traffic by percentage. 90% v1, 10% v2. Canary deployments.

Well-Architected

Cloud best practice frameworks. AWS: ops excellence, security, reliability, perf, cost.

Server executing workloads in cluster. Runs pods. Managed by control plane.

Application running on infrastructure. Web servers, batch jobs, databases.

Workload Identity

K8s pods assuming cloud IAM roles. No static credentials.

Write-Ahead Log

WAL — recording changes before applying. Crash recovery via replay.

Zero Downtime Deployment

Deploying new versions without service interruption. Rolling updates, blue-green, and canary deployments achieve zero do

Zero Trust Network

Security model verifying every access request

Copying DNS zone data between servers. Authoritative DNS replication.

Advertise with Us

Put your brand in front of 10,000+ tech professionals

Native placements that feel like recommendations. Newsletter, articles, banners, and directory features.

Stay ahead of the tech curve

Join 10,000+ professionals who start their morning smarter. No spam, no fluff — just the most important tech developments, explained.