A lightweight, standalone, executable package that includes everything needed to run a piece of software code, runtime, libraries, and settings isolated from the host system.

An open platform for building, shipping, and running applications inside containers, providing tooling to create images, manage containers, and interact with registries.

A text file containing ordered instructions that Docker follows to automatically build a container image, layer by layer.

A read-only, layered template used to create containers. Built from a Dockerfile and stored in a registry. Each layer represents a set of filesystem changes.

Each instruction in a Dockerfile creates a read-only layer in the resulting image. Layers are cached and reused across builds to improve performance.

A tool for defining and running multi-container Docker applications using a YAML file, allowing you to start all services with a single command.

A storage and distribution service for Docker images, allowing teams to push, pull, version, and share images across environments.

The default public container registry provided by Docker, hosting official images for popular software as well as user-published images.

The starting point for a Dockerfile, specified in the FROM instruction. It provides the OS and runtime environment on top of which your application is built.

A Dockerfile technique that uses multiple FROM instructions to separate the build environment from the final runtime image, reducing the size of the produced image.

The low-level software responsible for running containers on a host, managing their lifecycle including starting, stopping, and isolating them using OS primitives.

A mechanism for persisting data generated by and used by Docker containers, existing outside the container lifecycle so data survives container restarts or deletion.

A type of Docker mount that maps a specific file or directory on the host machine directly into a container, enabling live file sharing between host and container.

A virtual network that Docker creates to allow containers to communicate with each other and with the outside world, with different drivers supporting different topologies.

A file that specifies patterns of files and directories to exclude from the Docker build context, reducing build time and preventing secrets from being included in images.

The automated management of containerized workloads across multiple hosts, handling deployment, scaling, networking, and self-healing of containers at scale.

A Kubernetes object used to store non-sensitive configuration data as key-value pairs, decoupling configuration from container images.

A Kubernetes object that stores sensitive data such as passwords, tokens, and TLS certificates, keeping them separate from application code and pod specs.

A Kubernetes policy that limits the aggregate resource consumption per namespace, controlling how much CPU, memory, and object count a team can use.

A Kubernetes policy that sets default and maximum resource requests and limits for containers in a namespace, preventing unbounded resource consumption.

An open-source container orchestration platform originally developed by Google that automates deploying, scaling, and managing containerized applications across clusters.

A set of machines (nodes) that run containerized applications managed by Kubernetes, consisting of at least one control plane and one or more worker nodes.

The set of components that manage the overall state of the Kubernetes cluster, including scheduling workloads, maintaining desired state, and serving the API.

A physical or virtual machine in a Kubernetes cluster that runs workloads. Each node contains a kubelet, container runtime, and kube-proxy.

The smallest deployable unit in Kubernetes, consisting of one or more tightly coupled containers that share the same network namespace, IP address, and storage volumes.

A Kubernetes mechanism for isolating groups of resources within a single cluster, providing scope for names, resource quotas, and access control policies.

A distributed key-value store used by Kubernetes as its primary backing store for all cluster state and configuration data.

The Kubernetes control plane component responsible for assigning newly created pods to nodes, based on resource requirements, constraints, and policies.

A network component that runs on each node and maintains network rules to forward traffic destined for Services to the correct pod endpoints.

A Kubernetes abstraction that provides a stable network endpoint for accessing a set of pods, with built-in load balancing and DNS-based service discovery.

The default Kubernetes Service type that exposes the service on an internal cluster IP, making it reachable only from within the cluster.

A Kubernetes Service type that exposes the service on a static port on each node's IP, making it accessible from outside the cluster via any node's IP and that port.

A Kubernetes Service type that provisions an external cloud load balancer and assigns a public IP, forwarding traffic into the cluster's pods.

A Kubernetes API object that manages external HTTP and HTTPS access to services, providing routing rules, TLS termination, and virtual hosting in one place.

A pod that runs inside the cluster and implements the Ingress rules, acting as a reverse proxy and load balancer for incoming traffic. Common options include Nginx and Traefik.

A Kubernetes health check that determines if a container is still running correctly. If the probe fails, Kubernetes restarts the container automatically.

A Kubernetes health check that determines if a container is ready to accept traffic. Pods that fail the readiness probe are removed from Service endpoints until they recover.

A Kubernetes health check that gives slow-starting containers extra time to initialize before liveness and readiness probes take over, preventing premature restarts.

A Kubernetes Deployment strategy that gradually replaces old pod replicas with new ones, ensuring zero downtime by keeping some replicas available throughout the update.

A Kubernetes policy that limits the number of pods of a replicated application that can be simultaneously unavailable during voluntary disruptions such as node drains.

A Kubernetes resource that automatically scales the number of pod replicas in a Deployment based on observed CPU utilization or custom metrics.

A Kubernetes component that automatically adjusts the CPU and memory resource requests and limits of containers based on historical usage patterns.

A Kubernetes component that automatically adjusts the number of nodes in a cluster when pods cannot be scheduled due to resource constraints or nodes are underutilized.

A Kubernetes mechanism where taints are applied to nodes to repel pods, and tolerations are applied to pods to allow them to schedule onto tainted nodes.

A Kubernetes scheduling rule that constrains which nodes a pod can be scheduled onto based on node labels, offering more expressive rules than node selectors.

A Kubernetes authorization mechanism that regulates access to cluster resources based on the roles assigned to users or service accounts.

A Kubernetes identity assigned to pods, allowing them to authenticate to the Kubernetes API and interact with cluster resources according to their RBAC permissions.

A Kubernetes resource that controls the traffic flow at the IP address or port level between pods and external endpoints, acting as a firewall within the cluster.

A piece of storage in the cluster provisioned by an administrator or dynamically by a StorageClass, with a lifecycle independent of any pod that uses it.

A request for storage by a user that consumes a PersistentVolume, specifying size and access mode. Kubernetes binds the PVC to a suitable PV automatically.

A Kubernetes resource that defines different classes of storage with their provisioner and parameters, enabling dynamic provisioning of PersistentVolumes on demand.

A package manager for Kubernetes that uses charts to define, install, and upgrade complex Kubernetes applications, simplifying repeatable deployments.

A collection of files that describe a related set of Kubernetes resources, packaged together with configurable values to enable reusable and versioned application deployments.

The command-line tool for interacting with Kubernetes clusters, allowing you to deploy applications, inspect resources, and manage cluster operations.

A YAML file that stores cluster connection details, credentials, and context configurations, used by kubectl to authenticate and communicate with Kubernetes clusters.

A Kubernetes resource that declaratively manages a set of identical, stateless pod replicas, supporting rolling updates, rollbacks, and scaling.

A Kubernetes resource that ensures a specified number of pod replicas are running at any given time. Usually managed by a Deployment rather than directly.

A Kubernetes workload resource for managing stateful applications, providing stable pod identities, ordered deployment, and persistent storage per pod.

A Kubernetes resource that ensures a copy of a specific pod runs on every node (or a subset of nodes) in the cluster, commonly used for logging and monitoring agents.

A Kubernetes resource that creates one or more pods to execute a finite task and ensures they run to successful completion, then terminates.

A Kubernetes resource that creates Jobs on a repeating schedule defined using cron syntax, useful for periodic batch tasks like backups or report generation.

A specialized container that runs to completion before app containers in a pod start, used for setup tasks such as waiting for a dependency or initializing config files.

A helper container that runs alongside the main application container in the same pod, augmenting or supporting its functionality without modifying the main image.