Welcome to our cloud native glossary. Below you will find links to key concepts around Linux, container and container registries, Kubernetes, package management, IDEs, and CI/CD.
- Linux Basic Concepts
- What Is Ubuntu to Linux?
- What Is the Difference Between a Cgroup and a Namespace?
- Container and Container Registry Concepts
- What Is a Container?
- What Is OCI?
- What Are the Major Container Registries?
- What Are Key Elements of a Repository and Why?
- Repo vs Registry
- What Is gVisor?
- Kubernetes Basic Concepts
- What Is a Kubernetes ReplicaSet?
- What Is a Kubernetes Deployment?
- What Is a Kubernetes Manifest?
- Package Management Concepts
- Difference Between Package Management and Code Repository
- What Are the Key Security Benefits of a Package Manager?
- What Is the Importance of an IDE?
- What Are Some of the Most Popular IDEs?
- CI/CD Basic Concepts
- What Are the Key Customer Benefits of Co
- ntinuous Integration and Continuous Delivery?
- Who Uses CI/CD Tools?
- What Are Major CI/CD Tools?
- What Is GitOps?
Linux Basic Concepts
What Is Ubuntu to Linux?
Linux distributions take open source code from various projects and compile it into a single operating system that you can boot up and install. Additionally, Linux distributions make various choices on your behalf, choosing the default desktop environment and browser, adding themes and custom software, and the Unity desktop environment Ubuntu provides.
Ubuntu Desktop is a popular Linux distribution developed by Canonical. It is easy to use, making it a popular option for those getting started with Linux.
What Is the Difference Between a Cgroup and a Namespace?
Control groups (cgroups) are a kernel mechanism to help limit and measure the total resources a group of running processes uses. It can help you limit and measure CPU, network, IO quotas, and memory. Google’s Rohit Seth and Paul Menage developed cgroups. It was later merged as a feature into Linux 2.6.24.
A namespace is a kernel mechanism to help limit the visibility of a group of processes over the rest of a system. You can use namespaces to limit visibility to specific process trees, user IDs, network interfaces, and filesystem mounts. Eric Biederman initially developed namespaces. The final namespace feature was merged into Linux 3.8.
Container and Container Registry Concepts
What Is a Container?
Containers package and isolate applications and anything they need to run, including libraries and dependencies. They share access to the same operating system kernel—employing virtualization and maintaining isolation without having to use virtual machines (VMs). Traditionally, containers ran as Linux processes, but in recent years Microsoft released Windows Container, which lets you run containers natively in Windows environments.
Learn more in our guide to container engines
What Is OCI?
The Open Container Initiative (OCI) project provides a lightweight, open governance structure. Developed by the Linux Foundation, the OCI helps create open industry standards for container formats and runtimes. OCI currently provides two specifications: the Runtime Specification and the Image Specification.
What Are the Major Container Registries?
- JFrog Artifactory—a DevOps solution that offers end-to-end management and automation of artifacts and binaries for application delivery. It helps improve productivity across the development lifecycle. JFrog Artifactory supports over 25 software build packages, various DevOps tools, and all major CI/CD platforms.
- Github—a web-based version control and collaboration system for software code. It provides a web interface for Git code repositories and tools facilitating collaborative coding.
- Bitbucket—a Git repository management solution for professional teams. It centralizes the management of git repositories, facilitates collaboration on source code, and provides guidance throughout the development flow.
- Amazon Elastic Container Registry (Amazon ECR)—a fully-managed container registry for easily sharing and deploying container images and artifacts.
- Azure Container Registry—a managed Docker registry service for creating and maintaining Azure container registries. It lets you store and manage private Docker container images and related artifacts. Azure Container Registry is based on the open source Docker Registry 2.0.
- Google Cloud Container Registry—a service that lets you store private container images. It includes Artifact Registry features, a universal repository manager for container images and artifacts in Google Cloud.
What Are Key Elements of a Repository and Why?
- JFrog Artifactory—a DevOps solution that offers end-to-end management and automation of artifacts and binaries for application delivery. It helps improve productivity across the development lifecycle. JFrog Artifactory supports over 25 software build packages, various DevOps tools, and all major CI/CD platforms.
- Github—a web-based version control and collaboration system for software code. It provides a web interface for Git code repositories and tools facilitating collaborative coding.
- Bitbucket—a Git repository management solution for professional teams. It centralizes the management of git repositories, facilitates collaboration on source code, and provides guidance throughout the development flow.
- Amazon Elastic Container Registry (Amazon ECR)—a fully-managed container registry for easily sharing and deploying container images and artifacts.
- Azure Container Registry—a managed Docker registry service for creating and maintaining Azure container registries. It lets you store and manage private Docker container images and related artifacts. Azure Container Registry is based on the open source Docker Registry 2.0.
- Google Cloud Container Registry—a service that lets you store private container images. It includes Artifact Registry features, a universal repository manager for container images and artifacts in Google Cloud.
Repo vs Registry
A container repository stores related container images, letting you manage, pull, and push these images. A container registry stores several container repositories, API paths, and access control rules. Similarly to repositories, you can host registries publicly, privately, or through a third party.
Placing a container image in a container registry enables users to act as hosts, providing others with access. A container registry is ideal for hosting a native cloud application. Many container registry services support repositories, including Google Cloud Platform’s Container Registry, AWS Elastic Compute Cloud Container Registry, and Azure Container Registry.
The Aqua security platform integrates with all major registries and scans the images and source code in the repositories, while automated repository discovery.
Repo vs Registry
A container repository stores related container images, letting you manage, pull, and push these images. A container registry stores several container repositories, API paths, and access control rules. Similarly to repositories, you can host registries publicly, privately, or through a third party.
Placing a container image in a container registry enables users to act as hosts, providing others with access. A container registry is ideal for hosting a native cloud application. Many container registry services support repositories, including Google Cloud Platform’s Container Registry, AWS Elastic Compute Cloud Container Registry, and Azure Container Registry.
The Aqua security platform integrates with all major registries and scans the images and source code in the repositories, while automated repository discovery.
Repo vs Registry
A container repository stores related container images, letting you manage, pull, and push these images. A container registry stores several container repositories, API paths, and access control rules. Similarly to repositories, you can host registries publicly, privately, or through a third party.
Placing a container image in a container registry enables users to act as hosts, providing others with access. A container registry is ideal for hosting a native cloud application. Many container registry services support repositories, including Google Cloud Platform’s Container Registry, AWS Elastic Compute Cloud Container Registry, and Azure Container Registry.
The Aqua security platform integrates with all major registries and scans the images and source code in the repositories, while automated repository discovery.
What Is gVisor?
gVisor is an application kernel that implements a portion of the Linux call interface. Written in Go, gVisor provides a layer of isolation between the host operating system and running applications.
It includes runsc, an Open Container Initiative (OCI) runtime that simplifies work with an existing container stack. The runtime integrates with Kubernetes and Docker to simplify running sandboxed containers. You can use gVisor directly using runsc or with Docker or Kubernetes.
Kubernetes Basic Concepts
What Is a Kubernetes ReplicaSet?
In Kubernetes, a ReplicaSet maintains a stable set of replica pods, ensuring enough pods are running at any given time. It helps guarantee the availability of the desired number of identical pods.
The ReplicaSet fulfills your specifications by creating and deleting pods as required to reach the desired number, using a pod template to create new pods.
You can define a ReplicaSet with fields. A selector, for example, lets you specify how Kubernetes should identify pods to acquire. You can also specify the number of replica pods to maintain.
What Is a Kubernetes Deployment?
In Kubernetes, a Deployment lets you create pods and ReplicaSets declaratively. You can use deployments to define the desired state, and then a deployment controller monitors the current state continuously, deploying pods to match the predefined desired state.
What Is a Kubernetes Manifest?
A Kubernetes manifest consists of JSON or YAML specifications of a Kubernetes API object which is a persistent representation of the cluster’s state. The manifest lets you specify the desired cluster’s state so that Kubernetes can maintain it.
Package Management Concepts
Difference Between Package Management and Code Repository
A package manager is a programming tool for creating project environments and importing external dependencies. It lets you package your project or libraries and publish them for others. A code repository is a broader store that can include code, documentation, web pages, notes, and other items and also package managers.
What Are the Key Security Benefits of a Package Manager?
- Control—lets you use role-based access control (RBAC) to define how packages get in and out and control promotions, deployments, and rollbacks.
- Visibility—offers visibility into attributes across all of your packages, including names, types, metadata, and versions.
- Security—provides security by default. There is no need to define and set it up. Security mechanisms include encryption of data in transit and at rest, sane perms, and GPG/RSA signing.
- Traceability—provides metadata for current and previous package versions, including the source of the package, environment state, and dependencies.
- Auditing—includes auditing capabilities such as access logs, metrics, statistics, and accountability for downloads uploads in the system.
Aqua’s open source scanner Trivy can create a Software Bill of Materials for an entire repository, including package managers: https://www.aquasec.com/blog/software-supply-chain-security-trivy-sbom
Integrated Development Environments (IDEs)
What Is the Importance of an IDE?
An integrated development environment (IDE) is a suite of all basic tools needed to write and test software. The development lifecycle typically includes many tools for creating, building, and testing code, such as text editors, compilers, testing platforms, and code libraries.
An IDE consolidates all development tools into a single framework, service, or application, so developers do not have to choose, integrate, deploy, and manage numerous tools separately. It provides an integrated toolset designed to simplify the software development process.
The output of an IDE is generally code that is then committed to a tool that begins the Continuous Integration process, adding in the other elements and dependencies required for a running application.
What Are Some of the Most Popular IDEs?
The most commonly used integrated development environments include:
- Aptana Studio—used to build web apps, providing outlining, debugging, code completion, and error/warning notifications. It is an open source Eclipse-based IDE that supports several languages, including CSS, DOM, HTML, and JavaScript. It also offers integrated documentation and plugins to support additional languages, including Adobe AIR, Ruby on Rails, Perl, PHP, and Python. It is available as an Eclipse plugin or standalone on Linux, Windows, or macOS X.
- Eclipse—used to build and test non-Java code for Java-based software development projects. It is free and has many plugins.
- Intellij IDEA—maximizes productivity and supports JVM-based development projects. It performs repetitive tasks and provides intelligent code completion, refactoring, and static code analysis capabilities. This IDE allows developers to focus on building software, enhancing the developer experience.
- Microsoft Visual Studio—used for various software development projects, including computer programs, mobile applications, web applications, websites, web apps, and web services. It provides completion and compilation tools and additional features to help develop software.
- NetBeans—enables the development of Java-based applications using software modules. It runs on Linux, macOS, Windows, and Solaris. In addition to supporting Java, it offers extensions for different languages, including C, C++, HTML5, JavaScript, and PHP. NetBeans-based applications like NetBeans IDE are only extensible using third-party developers.
- Visual Studio Code (VS Code)—helps developers build and debug cloud and web-based applications. A free code editor supported on major operating systems, including Windows, Linux, and macOS.
- XCode—supports Apple-based software development, including iOS, macOS, iPadOS, tvOS, and watchOS. It provides command-line tools to support UNIX-type software development through the macOS Terminal application.
CI/CD Basic Concepts
What Are the Key Customer Benefits of Continuous Integration and Continuous Delivery?
On-demand software delivery leaves little room for bugs and errors. A CI/CD pipeline helps reduce response time and lead time, minimizing release risk and maximizing developer time. It helps create great experiences in a running application in order to maintain customer loyalty.
A CI/CD pipeline continuously integrates small batches of code into production instead of an entire application all at once, making it easier to identify and rectify issues. Testing occurs in the background without disrupting productivity.
Instead of doing software testing as an afterthought, you run testing continuously or regularly. It enables you to isolate vulnerabilities and bugs during early phases, limiting potential breakdowns and other critical issues. As a result, it improves the end customer’s experience.
Who Uses CI/CD Tools?
Development teams write code to solve problems and deliver value to customers. However, a new version of software does not provide value until it is released and available for use. This is why development teams need CI/CD tooling to automate the software delivery process, ensure new versions of software can be tested and deployed quickly and easily, and ensure the process is secure and reliable.
These are the principles that govern continuous delivery or continuous deployment. An effective CI/CD pipeline uses automation and efficient workflows to build, compile, test and release applications with low effort and high frequency. The pipeline automates as many of these steps as possible to minimize manual effort and errors and provide a fast feedback loop throughout the software development lifecycle.
What Are Major CI/CD Tools?
Popular continuous integration/delivery tools include:
- Jenkins—automates several software development phases, including the build, test, and deployment stages. The Jenkins server is open source.
- CircleCI—facilitates rapid code releases and helps developers build, deploy, and test applications using automation. It is a CI/CD platform for running complex development pipelines. CircleCI capabilities include resource-class-based automation, caching, and docker-layer caching.
- GitLab—helps teams manage their Git repositories with integrated features such as extensive documentation, continuous integration capabilities, developer support, and issue tracking. It is an open source Git management platform.
- Spinnaker—provides continuous delivery capabilities to help teams maintain control and visibility over all application delivery activities when shipping software. It is a multi-cloud open source CD platform.
- Harness—provides continuous delivery as a service to help DevOps and software engineering teams release applications to production.
- Codefresh—helps teams automate advanced deployments and GitOps projects using next-generation cloud native software delivery capabilities. It is Argo’s premium enterprise platform, enabling blue/green and canary application deployments.
What Is GitOps?
GitOps enables you to implement continuous deployment for cloud native applications. It provides a developer-centric experience for operating infrastructure by enabling you to use development tools, such as Git, for operations.
GitOps involves using a Git repository with declarative descriptions of the infrastructure. It serves as the desired state checked against the production environment. An automated process ensures the production environment matches the state described in the repository.
When implementing GitOps, you can deploy or update an application by updating the repository. The automated process handles the rest.
Learn more in our guide to GitOps vs Devops
Learn More About Aqua Security
For more information about Aqua Security offerings, please refer to the following pages: