Glossary
A quick-reference glossary of Docker, container, and development terms used throughout the Foundations guides. Use it to clarify concepts or as a lightweight cheat sheet.
Core Docker Concepts
| Term | Definition |
|---|---|
| Container | A running instance of an image with its own filesystem, processes, and network stack. Containers are ephemeral by default. See also: What is Docker |
| Image | A read-only snapshot built from a Dockerfile containing your app and dependencies. Think of it as a template for containers. See also: Images vs Containers |
| Dockerfile | Text file with step-by-step instructions to build an image (install deps, copy files, set startup command). |
| Layer | Each Dockerfile instruction creates a new cached image layer for faster rebuilds. |
| Registry | Service that stores and distributes images (Docker Hub, GitHub Container Registry, AWS ECR). |
| Tag | Label for image versions (e.g., myapp:1.0, postgres:15). Avoid latest in production. |
| Build Context | Directory sent to Docker daemon when building. Use .dockerignore to exclude large/unnecessary files. |
Docker Compose
| Term | Definition |
|---|---|
| Service | A named container in docker-compose.yml representing one component (web, db, redis). |
| Volume | Persistent storage that survives container restarts. See also: Docker Volumes |
| Network | Lets containers talk to each other. Compose creates a default project network with DNS by service name. See also: Networking Basics |
| depends_on | Controls start order but not readiness. Add healthchecks for reliability. |
| Environment | Runtime variables passed into containers. See also: Env Vars & Secrets |
Storage & Persistence
- Named Volume – Docker-managed storage (
db-data:/var/lib/postgresql/data). Best for production. - Bind Mount – Maps host directory into a container (
./code:/app). Handy for local dev, less portable. - tmpfs – In-memory mount, cleared on host reboot. Good for temporary caches.
- Anonymous Volume – Randomly named, hard to reuse or recover. Avoid in production.
Networking
- Bridge Network – Default, basic isolation.
- User-defined Bridge – Recommended: adds DNS by service name.
- Port Mapping – Expose ports to host:
-p 3000:3000. - Service Discovery – Containers in the same network reach each other via service names.
- Host Network – Uses host networking directly; reduces isolation.
Configuration & Security
- Environment Variable – Config passed at runtime (
-e KEY=val). See also: Env Vars & Secrets - ARG – Build-time variable in Dockerfile (not available at runtime).
- ENV – Persistent runtime defaults set in Dockerfile.
- env_file – File with variables injected by Compose. Keep secrets out of git.
- Secrets Management – Store API keys/passwords securely. Never bake into images.
Database Fundamentals
- ACID – Atomicity, Consistency, Isolation, Durability: reliable SQL transactions.
- SQL – Structured relational DBs (Postgres, MySQL, SQLite). See also: SQL vs NoSQL
- NoSQL – Flexible, horizontally scalable DBs (MongoDB, Redis, Cassandra).
- Schema – Structure of data (strict in SQL, flexible in NoSQL).
- Migration – Scripted schema evolution.
- Connection Pooling – Reuse DB connections for performance.
Development Workflow
- Git Branch – Isolated line of development.
- Merge – Integrates branch changes.
- Rebase – Rewrites commits onto new base.
- Pull Request (PR) – Code review before merge.
- CI/CD – Continuous integration & deployment pipeline.
Essential Commands (Cheat Sheet)
| Command | Purpose |
|---|---|
docker build -t myapp . | Build image from Dockerfile |
docker run -d --name myapp myimage | Start a container from an image |
docker compose up -d | Start services in background See also: Compose Basics |
docker ps -a | List running & stopped containers |
docker logs -f myapp | Stream container logs |
docker exec -it myapp sh | Run commands inside a container |
docker volume ls | List volumes |
docker network ls | List networks |
Best Practice Terms
- Multi-stage Build – Use multiple
FROMstages to create smaller final images. - Healthcheck – Built-in readiness test for services.
- Resource Limits – CPU/memory caps (
--cpus,--memory). - Immutable Infrastructure – Replace containers instead of mutating them.
- Image Optimization – Slim base images, cache layers,
.dockerignore. - Security Scanning – Detect CVEs in images.
- Principle of Least Privilege – Run as non-root wherever possible.
Container Orchestration
- Scaling – Run multiple replicas (
docker compose up --scale web=3). - Load Balancing – Distribute traffic across containers.
- Service Mesh – Layer for service-to-service communication & observability.
- Rolling Update – Replace containers gradually to avoid downtime.
- Blue-Green Deployment – Two identical environments for instant rollback.