CI/CD & DevOps

APM is monitoring on steroids — it doesn't just track if your app is up, it tracks exactly how fast each function runs, which database queries are slow, wh...

An action is a reusable mini-program that does one specific thing inside your pipeline. Instead of writing the same 20 lines to set up Node.

Alert Routing decides which alerts go to which people through which channels. Database down? Page the DBA. API slow? Slack the backend team. Disk full?

Alerting is the part of monitoring that actually wakes people up when something goes wrong.

Alpine Linux is the tiny sports car of Linux distros. A full Alpine Docker image is 5MB compared to Ubuntu's 80MB.

Ansible is a tool that lets you automate the setup of servers by writing scripts called playbooks.

ArgoCD watches your Git repo and automatically syncs your Kubernetes cluster to match. Change a YAML file, and ArgoCD deploys it.

An artifact is the finished product your build process creates — the actual file or bundle that gets deployed.

Artifact Upload saves files from your CI job so other jobs (or humans) can download them later. Built your app? Upload the bundle. Ran tests?

Auto-Merge is the 'merge it when it's ready' button. Enable it on a PR, and once all checks pass and approvals are in, it merges automatically.

A backport is taking a fix from a newer version of your software and applying it to an older version that's still in use.

Blue-green deploy runs two identical environments and swaps traffic between them — instant rollback, zero downtime, the adults' deploy strategy.

Blue-green deployment means running two identical production environments — Blue (current) and Green (new).

Branch Protection puts a velvet rope around your main branch. No force pushes, no direct commits, mandatory reviews, required CI checks.

A Breaking Change is a modification to your API or library that will BREAK existing code that uses it.

Buildah builds container images without needing Docker running. It's like having a recipe (Dockerfile) but cooking without a professional kitchen.

Buildkite is CI/CD for teams who want full control. The orchestration is in the cloud, but your builds run on YOUR machines.

CD is what happens after CI checks your homework — it automatically delivers your finished work to the real world.

CI is like a robot assistant that instantly checks your homework every time you hand it in.

Cache Action saves your node_modules (or pip packages, or whatever) between CI runs so you don't reinstall everything from scratch every time.

A canary release is like sending a canary into a coal mine — you deploy the new version to a tiny fraction of users first and watch closely.

A Canary Test is when you send a small percentage of real traffic to your new version and monitor closely to see if it behaves correctly.

A Changelog is a file (usually CHANGELOG.md) that records what changed in each version of your software.

Chef is an older infrastructure automation tool where you write 'recipes' and 'cookbooks' to describe how servers should be configured.

CircleCI is a cloud CI/CD platform that's been around forever and just works. You write a config.yml, connect your repo, and it runs your builds.

A Kubernetes Cluster is the whole system — all the nodes (machines) working together as one, managed by a control plane.

A code freeze is when the team stops adding new features and only allows bug fixes — like telling the kitchen to stop taking new orders and finish what's o...

Colima is the lightweight Docker Desktop alternative for macOS and Linux that just works without the licensing headaches. It's like Docker Desktop went on

Commitlint is the grammar police for your commit messages. Try to commit with 'asdf fixed stuff'? Rejected.

Concurrency Groups prevent CI chaos when you push 5 commits in a row. Instead of running 5 deploys, it cancels the old ones and runs only the latest.

A container is a running instance of a Docker image — it's the lunchbox you made and actually opened to eat from.

A Container Registry is just the specific term for a registry that stores Docker/container images.

Continuous Delivery means your code is always packed up and ready to ship — like a pizza that's fully cooked and sitting in a warm box.

Continuous Deployment is like Continuous Delivery but with no one at the door — the pizza delivers itself the moment it's ready.

Imagine a group project where everyone keeps adding their piece to a shared Google Doc and a robot instantly proofreads the whole thing every single time.

Dagger lets you write your CI pipeline in TypeScript instead of YAML.

A dark launch is deploying new code to production but keeping it invisible to users.

A monitoring Dashboard is a single screen with all your important metrics and graphs.

Datadog is the premium all-in-one observability platform that enterprise teams buy when they want metrics, logs, traces, APM, and security monitoring from...

Dependabot is GitHub's robot that checks your dependencies for updates and security vulnerabilities, then opens PRs to fix them.

A deployment is the event of pushing your code live — it's both the action and the thing you deployed.

A deployment freeze is a temporary halt on all deploys — holidays, incidents, or 'please nobody touch anything right now.'

Deployment Protection Rules are the bouncers at your production club.

DevContainers are pre-configured development environments that run inside Docker containers. It's like checking into a hotel room that already has your exa

DevOps is the culture and practice of tearing down the wall between the people who write code (Dev) and the people who run it in production (Ops).

Your development environment (dev) is your personal sandbox — it's your local computer where you write and test code with no one watching and no real conse...

Distroless images are containers on a diet. No bash, no apt, no utilities — just your app and its runtime. Hackers can't exploit what doesn't exist.

Distroless images are Docker images with NOTHING in them except your app. No shell, no package manager, no ls, no curl — nothing an attacker could use.

Docker is like a lunchbox for your app.

Docker Compose is a tool for running multiple containers together as a team. Your app needs a web server, a database, and a cache?

Docker Compose V2 is the rewritten version of docker-compose that's now built into Docker itself. Instead of 'docker-compose up' (with a hyphen), it's 'doc

Docker Swarm is Docker's built-in orchestration tool for running containers across multiple machines. It's like Kubernetes' simpler, less popular cousin wh

A Dockerfile is the recipe for building a Docker image.

Downtime is when your app is broken and users can't access it. It costs money, damages reputation, and makes everyone's phone buzz with alerts.

Drone CI is a lightweight, container-native CI platform. Every step runs in its own Docker container, so there's zero pollution between builds.

An environment is a complete setup where your app runs — a specific combination of servers, databases, config, and code.

An environment variable is a setting you inject into your app from outside the code, like a sticky note you attach before it runs.

An Error Budget is the amount of unreliability you're allowed before you stop shipping features and focus on stability. If your SLO is 99.

Error Tracking automatically catches, groups, and alerts you about errors in your application.

An Escalation Policy defines what happens when the on-call person doesn't respond. Wait 5 minutes, then page the backup.

Feature Branches mean you create a new branch for every feature, bug fix, or experiment. Work in isolation, make a PR when ready, merge when approved.

A feature freeze is stricter than a code freeze — not only no new features, but no changes to existing features either. Only critical bugs get fixed.

Feature Toggle is just another name for Feature Flag — a switch you flip to turn a feature on or off without pushing new code.

Fluentd is a log router — it collects logs from everywhere and sends them wherever you want. Kubernetes? Send to Elasticsearch. Application logs?

Flux is a GitOps tool that watches your Git repository and automatically syncs everything in it to your Kubernetes cluster. Push a change to your repo?

FluxCD is ArgoCD's quieter, more Kubernetes-native sibling. No fancy UI — it's all CRDs and controllers living inside your cluster.

Git Flow is a branching model with specific branches for features, releases, hotfixes, and development. It's like a highway system with designated lanes.

Git Hooks are scripts that Git runs at specific moments — before commit, after push, before merge. They're like event listeners for your version control.

GitHub Actions is CI/CD built right into GitHub. Push code, run tests, deploy — all from YAML files in your repo. No separate CI server needed.

GitHub Codespaces is a full development environment in the cloud that you access through your browser or VS Code. It's like having a powerful dev machine i

GitHub Environments are like VIP rooms for your deployments.

GitHub Flow is Git Flow's chill younger sibling. One rule: main is always deployable. Branch off main, do work, open a PR, merge to main, deploy.

GitLab CI is the CI/CD engine baked into GitLab. You write a .gitlab-ci.yml and boom — pipelines run automatically.

GitOps is the idea that git is the single source of truth for EVERYTHING — your code, your infrastructure config, your deployment state.

Gitpod is the open-source alternative to GitHub Codespaces that works with GitHub, GitLab, AND Bitbucket. It gives you a cloud development environment that

Grafana is the visualization layer for all your monitoring data.

Grafana Loki is log aggregation that doesn't cost a fortune.

A Health Check is an automatic 'are you alive?' ping your infrastructure sends to your app regularly.

Helm is the package manager for Kubernetes — like npm but for deploying apps to your cluster.

Honeycomb is observability for people who are tired of guessing why things are slow.

Husky manages Git hooks in your Node.js project. Pre-commit? Pre-push?

IaC is shorthand for Infrastructure as Code — the idea that your servers and cloud setup should be written in files, not clicked together in a UI.

A Docker image is the blueprint or template for a container. It's like a frozen snapshot of your app and everything it needs to run.

An incident is when something has gone wrong in production and users are affected.

Incident Response is the process your team follows when production breaks. Who gets paged? Who's the incident commander?

In a microservices system, a user request might touch 15 services before returning. When it's slow, which service is the culprit?

Jenkins is the grandpa of CI/CD tools. It's been building code since 2011 and has a plugin for literally everything.

A job is one chunk of work in your pipeline, running on its own machine.

Job Dependencies tell GitHub Actions 'don't start job B until job A finishes.' Build before test. Test before deploy.

K8s is just a shorthand for Kubernetes — the name is 11 characters with 8 letters between K and s, hence K8s. It's the same big robot container manager.

Kaniko lets you build Docker images inside a Kubernetes pod without Docker. Normally building images inside K8s requires sketchy Docker-in-Docker.

Kubernetes is a robot manager for your containers.

LaunchDarkly is the king of feature flags as a service. Toggle features on/off for specific users, segments, or percentages without deploying.

Lint-Staged runs linters only on files you're about to commit, not the entire project. Changed 3 files? Lint those 3.

Live Reload is the simpler cousin of Hot Reload — when you save a file, it refreshes the entire browser tab automatically, like pressing F5 but automatical...

Log Aggregation collects logs from all your servers, containers, and services into one searchable place.

Matrix Strategy is CI/CD's way of testing every combo without writing every combo. Test on Node 18, 20, and 22? On Ubuntu and macOS?

Two PRs both pass CI separately. Both merge. Main is now broken.

Metrics are the numbers your app tracks about itself over time — requests per second, error rate, CPU usage, response time, active users.

Monitoring is keeping a constant eye on your app while it runs — tracking whether it's up, how fast it responds, how many errors it throws, and how much me...

Monorepo tools help you manage a massive codebase where everything — frontend, backend, shared libraries — lives in one repository without losing your mind

Multi-stage builds let you use one Docker image to BUILD your app and a different, tiny image to RUN it.

In Kubernetes, a Namespace is like a virtual folder that organizes resources.

New Relic is Datadog's main competitor — same idea (unified observability), different pricing model and vibe.

Nginx (pronounced 'engine-x') is a super fast web server and reverse proxy that's been everywhere for 20 years.

In Kubernetes, a Node is a physical or virtual machine in the cluster — one of the workers that actually runs your pods.

OIDC in CI means your CI pipeline proves its identity to cloud providers without storing long-lived secrets.

Observability is the ability to understand what's happening inside your system from the outside, using three types of data: metrics (numbers), logs (events...

On-Call Rotation is a schedule where team members take turns being the person who gets woken up when production breaks.

On-call means it's your turn to be the person who gets woken up at 3am if production breaks.

Your app generates traces, metrics, and logs.

Opsgenie is PagerDuty's competitor from Atlassian. It does the same thing — routes alerts, manages on-call schedules, wakes people up.

OrbStack is the macOS Docker experience that makes Docker Desktop feel like it was made in the Stone Age. It's incredibly fast, uses way less memory, and h

Orchestration is the process of automatically managing, coordinating, and scheduling where your containers run.

Packer builds machine images (AMIs, Docker images, VM images) from code. Define what you want installed, Packer builds the golden image.

A pager (or more likely PagerDuty/OpsGenie today) is the alert that goes off on the on-call engineer's phone when something breaks in production.

PagerDuty is the tool that wakes you up at 3 AM when production is on fire.

Path Filters make your CI only run when specific files change. Changed a README? Skip the build. Changed source code? Run everything.

A pipeline is like an assembly line at a factory.

A Playbook is like a runbook but bigger — it covers a whole category of operations, not just one specific scenario.

A Pod is the smallest thing Kubernetes manages — it's like a tiny apartment that one or more containers share.

Podman is Docker's security-conscious cousin.

A Postmortem is the meeting you have after an incident to figure out what went wrong and how to prevent it from happening again.

Pre-commit hooks are scripts that run automatically before every Git commit.

Production is the real thing — the live app that actual users are using right now. It's the opposite of your practice environment.

Progressive Delivery means rolling out changes gradually instead of flipping a switch for everyone at once.

Prometheus scrapes your services every 15 seconds asking 'how are you?' and stores the answers (metrics) as time series.

Puppet is an old-school infrastructure automation tool that describes the desired state of your servers in a language called Puppet DSL.

Real User Monitoring (RUM) tracks actual user experiences — real page loads, real clicks, real frustrations.

A registry is a storage place for container images — like an app store but for Docker images. When you build an image, you push it to a registry.

A release is an official versioned snapshot of your software that you hand to the world.

A Release Candidate (RC) is a version of your software that's basically done and you think is ready — but you're doing one final check before officially ca...

A Release Train is a scheduled release that leaves the station whether your feature is on it or not.

Renovate is Dependabot's more powerful cousin.

Reusable Workflows are the DRY principle for GitHub Actions.

A Rolling Update is when you update your app one server at a time instead of all at once.

A Runbook is a step-by-step guide for handling a specific operational task or incident.

A runner is the actual computer that does the work when your pipeline runs.

An SLA is a contract between you and your users about how reliable your service will be. 'We promise the app will be up 99.9% of the time.

An SLI is the actual measurement you track to know if you're hitting your SLO. If the SLO says 'be fast,' the SLI is the actual timer measuring speed.

An SLO is the internal target you set for how well your service should run. It's like a personal fitness goal vs a race you signed up for.

SRE is Google's version of DevOps with a more engineering-focused twist.

A secret is an environment variable that's extra sensitive — API keys, passwords, tokens. The rule is simple: secrets NEVER go in your code or git history.

A self-hosted runner is your own machine running CI/CD jobs instead of GitHub's cloud machines. Need GPU access? Special hardware?

Semantic Release reads your commit messages and automatically figures out the next version number, generates a changelog, and publishes the release.

Sentry catches errors in your app before your users email you about them.

Shift left means finding problems earlier in the development process — moving testing, security, and quality checks to the LEFT side of the timeline.

Site Reliability Engineering is the discipline of making sure your app stays up and runs well, using the same rigorous engineering methods you'd use to wri...

Skopeo lets you inspect and copy container images between registries without downloading them first.

Splunk is the enterprise tool that ingests every log from every system and lets security and ops teams search through terabytes of events with its own quer...

Staging is a fake version of your real app that looks and acts exactly like production but has zero real users.

Status Checks are the green checkmarks (or red X marks) on your PR. They tell you if CI passed, if the code is safe, if the build works.

A Status Page is a public webpage that tells your users 'yes, we know it's broken, we're working on it.

A step is the smallest unit of work in a pipeline — a single command or action.

Synthetic Monitoring runs fake user journeys on a schedule to make sure your site works.

Tekton is CI/CD built as Kubernetes primitives. Every pipeline is a set of CRDs — Tasks, Pipelines, PipelineRuns.

Terraform is a tool that lets you describe your entire cloud infrastructure in code files, then type one command to make it real.

Terratest is a Go library for testing your infrastructure code. Write Terraform? Test it with Terratest.

Turborepo makes your monorepo fast by figuring out which things need to rebuild and which can be skipped. Change the homepage?

Uptime is how long your service has been up and working without going down. It's usually expressed as a percentage like 99.9%. 'Three nines' (99.

Version Control is a system that tracks every change ever made to your files.

A Volume is persistent storage attached to a container — because containers themselves are like tents: when you take them down, everything inside is gone.

A workflow is a recipe for your robot assistant — it tells CI exactly what to do when something happens. 'When someone pushes code, run tests.

Workflow Dispatch is the 'run this manually' button for GitHub Actions. Instead of waiting for a push or PR, you click a button and pass it inputs.

Old-school deploys meant 5 minutes of downtime while the server restarted. Users got a 503 and emailed you.

Zipkin is the older cousin of Jaeger — built by Twitter in 2012 when microservices were still called SOA.

containerd is the engine inside Docker that actually runs containers. When you run 'docker run', Docker tells containerd to do the heavy lifting.