Reference
Glossary
The Go Reference teaches Go; for the external tools and concepts it mentions, here are short plain-language definitions — each with a link to learn it properly. If a page drops an acronym you don’t recognize, it’s probably here.
Containers & Orchestration
- Container
- An isolated process started from an image, sharing the host kernel — far lighter than a virtual machine.
- Image
- An immutable, layered snapshot of an app plus its runtime; you run an image as a container.
- Docker ↗
- The standard engine for building and running containers from a
Dockerfilerecipe. - Registry
- A server that stores and distributes container images (Docker Hub, GHCR, ECR).
- Kubernetes (K8s) ↗
- An orchestrator that declaratively runs, scales, heals, and networks containers across a cluster.
- Helm ↗
- A package manager for Kubernetes — templated, versioned bundles of manifests called charts.
Observability
- Prometheus ↗
- A pull-based metrics database and monitoring system that scrapes
/metricsendpoints. - Grafana ↗
- A dashboarding and visualization tool for metrics, logs, and traces.
- OpenTelemetry (OTel) ↗
- A vendor-neutral standard and SDK for traces, metrics, and logs — instrument once, export anywhere.
- Jaeger ↗
- A distributed-tracing backend for storing and exploring traces.
Messaging & Data
- Redis ↗
- An in-memory key–value store used for caching, sessions, queues, and rate limiting.
- NATS ↗
- A lightweight cloud-native messaging system (pub/sub, queue groups, JetStream).
- Kafka ↗
- A distributed, durable event-streaming log for high-throughput pub/sub.
- Message broker
- Middleware that receives, stores, and routes messages between producers and consumers.
- Outbox pattern
- Write an event into the same DB transaction as the state change; a relay publishes it later — fixes the dual-write problem.
- CQRS
- Command Query Responsibility Segregation — separate write and read models.
- Event sourcing
- Store the sequence of events as the source of truth and derive state by replaying them.
- Saga
- A multi-service transaction modeled as a sequence of local steps, each with a compensating undo.
- Idempotency
- Processing the same request/message twice has the same effect as once — the key to safe retries.
Networking & Protocols
- IPC
- Inter-process communication — OS mechanisms (pipes, sockets, shared memory, signals) for processes to exchange data.
- Socket
- An endpoint for network (or local) communication; in Go, the
net.Connbehind a connection. - Pipe
- A one-directional, in-kernel byte stream connecting a write end to a read end.
- RPC
- Remote Procedure Call — invoking a function on another process or host as if it were local.
- gRPC ↗
- A high-performance RPC framework using protobuf over HTTP/2, with generated typed clients.
- Protocol Buffers ↗
- Google's typed, compact binary serialization format and interface description language.
- TLS
- Transport Layer Security — encrypts and authenticates network connections (the S in HTTPS).
- mTLS
- Mutual TLS — both client and server present and verify certificates, common in service meshes.
- CIDR
- Classless Inter-Domain Routing — an IP range written as address/prefix, e.g.
10.0.0.0/8. - SNI
- Server Name Indication — the TLS field naming the host being connected to (sent before encryption).
Security & Cryptography
- AEAD
- Authenticated Encryption with Associated Data — encrypts and authenticates in one step (e.g. AES-GCM).
- KDF
- Key Derivation Function — derives a key from a password/secret; slow KDFs (argon2, bcrypt) protect passwords.
- HMAC
- Hash-based Message Authentication Code — proves a message’s integrity and origin with a shared key.
- Nonce
- A “number used once” — a unique value per encryption that must never repeat under the same key.
- CSP
- Content Security Policy — a response header restricting which resources a page may load (mitigates XSS).
- HSTS
- HTTP Strict Transport Security — a header forcing browsers to use HTTPS.
- JWT
- JSON Web Token — a signed (not encrypted) token carrying claims; always verify the algorithm and expiry.
- OWASP ↗
- Open Worldwide Application Security Project — best known for the OWASP Top 10 web risks.
- CVE
- Common Vulnerabilities and Exposures — a public identifier for a known security flaw.
- SBOM
- Software Bill of Materials — an inventory of every component and dependency in a build.
Architecture
- Domain-Driven Design (DDD) ↗
- Modeling software around the business domain and its shared language.
- Bounded context
- A self-contained part of the domain with its own model and vocabulary (a DDD concept).
- Hexagonal / Clean architecture
- Ports & adapters — isolate core business logic from I/O (DB, HTTP) behind interfaces.
- 12-factor app ↗
- A methodology for portable, scalable cloud apps (config in the environment, stateless processes, …).
- Monolith
- A single deployable application that contains all of a system’s features.
- Microservices
- An architecture of small, independently-deployable services that each own their data.