DevOps Glossary

A Record

• Maps a domain name to a stable IP address

ACL

• Network Access Control List
• An extra layer of security for a VPC
• The network ACL allows you to control traffic in and out of a subnet
• Like a firewall

AMI

• Amazon Machine Images
• An EC2 image that is a snapshot of an operation system with anything you want installed
• When the AMI is launched, it will have already installed the dependencies you want

API Gateway *

APM Metrics

• Application Performance Metrics

ARN

• AWS
• Amazon Resource Names
• A way to identify a unique resource across AWS services
• Format: arn:partition:service:region:account:resource
• Example IAM user name: arn:aws:iam::123456789012:user/Kim

ASG

• Autoscaling group
• AWS

Artifact

• An immutable and transferrable byproduct of the software development process
• Ex: a docker container, a test suite, an EC2 instance

ARP

• Address Resolution Protocol
• Translates IP addresses to hardware addresses

BGP

• Border Gateway Patrol
• A way to exchange information between different servers (cloud to on-prem, aws to gcp)

Booting

• Starting up a computer
• Short for 'bootstrapping' because the computer has to pull itself up by its bootstraps
• In the boot process, the computer has to
  • find, load and run bootstrap code
  • find, load and run the OS kernel
  • Run startup scripts and system daemons
  • Maintain processes and manage system state transitions

Canary Deployments

• Testing a new feature in production
• The new feature is pushed to a small subset of servers, and therefore, servers

CIDR

• Classless Inter-Domain Routing
• Goes at the end of a network address
• 192.168.0.0/24 <- This is a 24 bit CIDR
• 0.0.0.0/0 is the whole internet. each digit is 8 bits, so /8 is everything matching the first number, /16 is matching the first and second, /32 is matching all 4

Circuit Breaking

• Limiting the damage a failure can do to a system

Cluster

• Where AWS containers run

Cloud Hosting

• Hosting is spread across multiple servers that someone else monitors and controls
• Computer resources are shared with others

Cloud NAT

• Goole Cloud Platform
• Cloud Network Address Translation
• Allows google VMs to connect to the internet even when they don't have an external IP address
• This is outbound only; there is no feature that allows traffic into the VM.
• In GCP, you must set up 1 Cloud NAT for every region

Cloud Native Technologies *

CNAME

• Canonical Name Record
• Maps domain names to one another
  • lessons.kimschlesinger.com <> objectives.kimschlesinger.com

CVE

• Common vulnerabilities and exposures

DAST

• Dynamic Application Security Testing
• black box security testing: you just try to get into the app without access to the codebase

DNS

• Domain Name Service

EBS

• Elastic Block Store
• Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud
• AWS

EC2

• Elastic Cloud Compute
• AWS

Egress Controller *

EOF

• End of File
• How to specify no more data can be read from a source (usually a file or stream)

EKS

• Elastic Kubernetes Service

Ephemeral Environments

• Temporary environments that are created and destroyed so that CI/CD processes can run against them.

Envoy Proxy

ESB

• Enterprise Service Bus

Established Connection *

/etc

• In linux, a directory that contains configuration files

etcd

• A key-value store

Federeated Users *

FTP

• File Transfer Protocol
• A set of rules used for the transfer of files from a server to a client over a computer network
• File Transfer Protocol - Data (FTP-DATA) is port 20
• File Transfer Protocol - Control (FTP) is port 21

Fluentd

• An open source project that allows for logs to be recorded

GCP

• Google Cloud Platform

GCR

• Google Container Registry

GKE

• Google Kubernetes Engine

Helm

• The Kubernetes package manager

Hosted Databases

• One server is reserved for your company only
• The server may be located in your office, or at an off-site datacenter
• Your company is responsible for managing and monitoring the hardware

HPA

• Kubernetes: Horizontal Pod Autoscaler

IAM

• Identity Access Management

ICMP

• Internet Control Message Protocol
• Low level support for IP: error messages, routing help, debugging tools

Idempotent

• An operation is idempotent when if it is called twice with the same input, there are no side-effects.
• Idempotent operations are often used in the design of network protocols, where a request to perform an operation is guaranteed to happen at least once, but might also happen more than once. If the operation is idempotent, then there is no harm in performing the operation two or more times.

IGW

• Internet Gateway
• A VPC component that lets a public subnet in the VPC to communicate with the internet
• Related to Route Tables
• 1 IGW per VPC
• Public subnets use as default gateway
• Private subets use a NAT instance to forward traffic

Ingress Controller

• How traffic enters a network
• In AWS, who is allowed ingress is determined through security groups

IOPS

• Input/Output Operations per Second

IP

• Internet protocol
• Routes data packets from one machine to another

IP Address

• Internet Protocol Address
• A number which identifies a piece of hardware on a network

KOPS

• Kubernetes Operations

KMS

• AWS Key Management Service

Kuberenetes

• Will take a container and decide which computer it will run on
• a lot of other things

LDAP

• Lightweight Directory Access Protocol
• A protocol that lets a user find organizations, users, devices and files on a network
• Can be used for public-facing internet or intranets
• A way to find assets or resources when you don't know the specific address or location (?)

Load Balancer

• AWS = elastic load balancer (elb)
  • distributes incoming traffic across different resources (zones, EC2 instances, containers, IP addresses)

Load Shedding

LPAP *

MAAS

• Metal as a Service

MAC Address

• Media Access control address
• A unique ID assigned to a network interface controller (NIC) so that communication can occur on the data link layer
• To findout your MAC address on OSX, run this command: ifconfig en1 | awk '/ether/{print $2}'

Managed Hosting

• You have a dedicated server in a remote location
• A different company (a managed services provider) takes care of the monitoring and upkeep of the server hardware

MFA

• Multi Factor Authentication

Mime Types

• Defines the content type that the server will return
  • Examples:
    • text/css
    • text/html
    • application/json
    • audio/x-m4a
    • image/png

mTLS

• Mutual TLS authentication

Namespace

• When things share a name that indicates where the resource belongs. For example, dev/, prod/

nginx

• A web server that can also be used as a reverse proxy, load balancer, mail proxy or HTTP cache

no-op

• No operation needed

OOM Killed

• out of memory killer
• the Linux Kernel will kill a process when it has run out of its allocated memory

orthogonal

• of or involving right angles; at right angles

Peering

• In AWS, a way for VPCs to route traffic to one another using IPv4 or IPv6

pem file

• A way to record keys and certificates for SSL
• Example:

MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg
MBQGCCqGSIb3DQMHBAgD1kGN4ZslJgSCBMi1xk9jhlPxPc
9g73NQbtqZwI+9X5OhpSg/2ALxlCCjbqvzgSu8gfFZ4yo+
A .... MANY LINES LIKE THAT ....
X0R+meOaudPTBxoSgCCM51poFgaqt4l6VlTN4FRpj+c/Wc
blK948UAda/bWVmZjXfY4Tztah0CuqlAldOQBzu8TwE7WD
H0ga/iLNvWYexG7FHLRiq5hTj0g9mUPEbeTXuPtOkTEb/0
GEs=
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3Df
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVx
aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMT
A .... MANY LINES LIKE THAT ....
JjyzfN746vaInA1KxYEeI1Rx5KXY8zIdj6a7hhphpj2E04
C3Fayua4DRHyZOLmlvQ6tIChY0ClXXuefbmVSDeUHwc8Yu
B7xxt8BVc69rLeHV15A0qyx77CLSj3tCx2IUXVqRs5mlSb
vA==
-----END CERTIFICATE-----

persistant volumes *

pid

• process identifier

POSIX

Priciple of Least Privledge

• You give people (or machines) access to only the things they need, not more.

NAT Gateway

• Network Address Translation
• The purpose of a NAT gateway is to allow instances in a private subnet to communicate with the internet or other AWS or GCP services
• It's like a broker: it handles the traffic from the private subnet to the internet
• NAT gateways reside in a public subnet
• A VPC component that allows private subnets to communicate with the internet
• Egress only

RBAC

• Role based access control

Reverse Proxy

• A server that gets requests from the internet and forwards them to a web server in an internal network. The server responds and the reverse proxy returns the servers response to the client
• Using a reverse proxy lets you hide the location of your origin server

Route

• A route is like an address
• A route defines where a packet should go when the IP address is not in the CIDR (network address) space

Route Table

• A set of rules that determines where data packets will be directed

RPM

• RPM Package Manager
• Orginally, Red Hat Package Manager
• uses the .rpm extension

RSA Encryption

• Rivest–Shamir–Adleman, AKA RSA
• The encryption key is public
• The decryption key is private
• An example of asymmetric d/encryption

Runbook

• A set of instructions for what to do when something goes wrong with an application or service
• An operation manual for what to do when you are paged

SAST

• Static Application Security Testing
• Software that analyzes code and flags potential security vulnerabilities

scm

• source control manager like github or bitbucket

SDN

• Software Defined Networking

Security Group

• A virtual firewall that controlls inbound and outbound traffic
• Security groups control inbound and outbound traffic through an instance

Sed

• stream editor
• a non-interactive CLI text editor
• Related to grep

semver *

SFTP server

• SSH File Transfer Protocol
• A network protocol that allows for file access, transfer and management over any reliable datastream

Sha

• Secure Hash Algorithm
• A cryptographic has function that accepts input and returns a 20-byte value, usually a string that is 40 digits in length
• Example: 8b6b83e8369b718e90a3d7e2a003dc6eff99ff99

SOA

• Service Oriented Architecture

SSH

• Secure Shell Protocol
• The protocol allows for secure system admin and file transfers over an unsecure network.
• SSH uses encryption to create a connection between the client and server

SSH Keys

• An authentication credential
• Similar to a password
• What Are SSH Keys?

Subnets

• A set of IP addresses within a VPC
• The subnet 10.4.4.0/24 means every IP from 10.4.4.0 to 10.4.4.255

SNS

• AWS: Simple Notification Service
• Publish/Subscribe Messaging
• A message that is published on a topic is delivered to all the topic's subscribers

SQS

• AWS: Simple Queue Service
• A way to have a message queue for multiple microservices

ssid *

Security Token Service

• AWS: STS
• A service that allows you to request temporary and limited privlege credentials for IAM

.tar

• tar is short for Tape Archive
• tar is a file format used to store multiple files in just one
• used to archive and send multiple files over the internet
• open a tar file: tar -xvf file.tar
• make a tar.GZ file: tar -czvf name-of-archive.tar.gz /path/to/folder-or-file

TCP

• Transmission Control Protocol
• Good for reliable exchanges where you want all packets to arrive at the other end
• Full duplex, error-corrected conversations between two machines

TCP/IP

• A protocol suite: multiple protocols work together to ensure reliable data transfer

Telnet

• A network protocol that lets a user on one computer login to another computer that is on the same network
• telnet <ip address or network address> <port>

Tenancy

• Tenancy determines who is the owner of the resource, in AWS it refers to the actual hardware.
• In AWS, shared tenancy means that many customers will share the same hardware
• Dedicated tenancy means that you can have hardware that is yours only, but it costs a lot of money

TLD

• Top level domain: .com && .org

TLS

• Transport layer security
• A cryptographic protocol that secures communications over a computer network

Trunk Based Development

• A CI/CD practice
• An approach designed to let teams avoid 'merge hell'
• Devs work on code in a single branch called 'trunk' (AKA master)
• Resource: Trunk Based Development

TTY

• TeleTYpewriter
• A command to print the file name of the terminal connected to standard input
• tty

UDP

• User Datagram Protocol
• 'Fire and Forget'
• Unverified, one-way data delivery
• Fast, but unreliable. Packets are lost
• Used for videochat, audio, video games

VPC

• Virtual Private Cloud

VPC Peering

• A way to connect two VPCs using routes and gateways
• The VPCs cannot have shared IP spaces.

VPN Server

• Virtual Private Network