Tech Study Guide
Glossary
Search-focused short definitions for operational terms across Linux, networking, Kubernetes, DNS, TLS, and performance.
Glossary
This glossary is tuned for search. Each entry is short and points to the deeper page that explains the operational behavior.
Networking and Linux Terms
| Term | Short Definition | Go Deeper |
|---|---|---|
| conntrack | Linux connection tracking state used by NAT and stateful firewall rules. | NAT Gateways and NAT |
| EndpointSlice | Kubernetes API object listing Service backend endpoints and readiness/terminating conditions. | Services and EndpointSlices |
| PSI | Pressure Stall Information, Linux metrics that show time lost to CPU, memory, or IO pressure. | Memory Pressure and OOM |
| NAPI | Linux network-driver polling model that batches packet receive work and shifts cost into softirq. | Kernel Network Performance |
| SNI | TLS extension carrying the requested hostname so servers and proxies can choose certificates or routes. | Certificates and HTTPS |
| ALPN | TLS extension for negotiating application protocols such as HTTP/2. | HTTP and Proxy Debugging |
| ECMP | Equal-cost multi-path routing that hashes flows across multiple next hops. | BGP and Dynamic Routing |
| VXLAN | UDP/IP overlay encapsulation that carries L2 frames across an L3 network. | Network Namespaces and Virtual Networking |
memory.high |
cgroup v2 memory throttle/reclaim threshold below the hard memory.max limit. |
Containerization, OCI, and VMs |
memory.max |
cgroup v2 hard memory limit that can trigger cgroup OOM handling. | Containerization, OCI, and VMs |
cpu.max |
cgroup v2 CPU quota and period file. | Containerization, OCI, and VMs |
cpu.stat |
cgroup v2 CPU usage and throttling counters. | Containerization, OCI, and VMs |
| NodeLocal DNSCache | Kubernetes node-local DNS cache that changes DNS cache location and packet-capture point. | Kubernetes DNS and CoreDNS |
| kube-proxy | Kubernetes node component that implements Service virtual IP behavior unless replaced. | Services and EndpointSlices |
| NetworkPolicy | Kubernetes L3/L4 Pod traffic policy that requires CNI enforcement. | NetworkPolicy |
| mTLS | Mutual TLS, where both server and client certificates are validated. | Zero-Trust Networking |
| SPIFFE ID | Workload identity URI shape commonly carried in certificate SANs. | Zero-Trust Networking |
| QUIC | Encrypted UDP-based transport used by HTTP/3. | UDP, QUIC, and Connectionless Traffic |
| Path MTU Discovery | Method for discovering the smallest MTU along a path using ICMP feedback. | ICMP, MTU, and Path Testing |
| LACP | Link aggregation control protocol for bundling physical links. | Datacenter L2/L3 Operations |
Command Examples
rg -n "conntrack|EndpointSlice|memory.high|ALPN|VXLAN" docs
Example output and meaning:
| Command | Example output | What it does |
|---|---|---|
rg -n "conntrack\|EndpointSlice\|memory.high\|ALPN\|VXLAN" docs |
Services with ClusterIPs and EndpointSlices with backend addresses. |
Connects stable frontends to the backends that should receive traffic. |
Use glossary terms as search anchors, then follow the linked operational page for commands and runbooks.
Study Cards
Question
What is conntrack?
Answer
Linux connection tracking state used by NAT and stateful firewall policy.
Question
What does memory.high do?
Answer
It sets a cgroup v2 memory threshold where reclaim and throttling begin before the hard limit.
Question
What does ALPN negotiate?
Answer
The application protocol inside TLS, such as HTTP/2 or HTTP/1.1.