glossary: add static terms

Signed-off-by: Craig <[email protected]>

Author: craig-osterhout

content/reference/glossary.md

@@ -3,10 +3,19 @@ title: Glossary
 description: Glossary of terms used around Docker
 keywords: glossary, docker, terms, definitions
 notoc: true
+layout: glossary
 aliases:
 - /engine/reference/glossary/
 - /glossary/
 ---
 
-Need a definition? Docker's AI-powered assistant can help. Select **Ask AI** in the
-top navigation and ask it to define a term.
+> [!TIP]
+>
+> To define a term that is not listed, or to get a definition that is more context-aware,
+select **Ask AI** in the top navigation and ask the AI assistant to define a term.
+
+
+<!--
+To edit/add/remove glossary entries, visit the YAML file at:
+https://github.com/docker/docs/blob/main/data/glossary.yaml
+-->

data/glossary.yaml

@@ -0,0 +1,82 @@
+amd64: |
+  AMD64 is AMD's 64-bit extension of Intel's x86 architecture, and is also
+  referred to as x86_64 (or x86-64).
+arm64: |
+  ARM64 is the 64-bit extension of the ARM CPU architecture. arm64 architecture
+  is used in Apple silicon machines.
+build: |
+  Build is the process of building Docker images using a Dockerfile.
+  The build uses a Dockerfile and a "context". The context is the set of files in the directory in which the image is built.
+layer: |
+  In an image, a layer is modification to the image, represented by an instruction in the Dockerfile. Layers are applied in sequence to the base image to create the final image.
+  When an image is updated or rebuilt, only layers that change need to be updated, and unchanged layers are cached locally. This is part of why Docker images are so fast and lightweight. The sizes of each layer add up to equal the size of the final image.
+libcontainer: |
+  libcontainer provides a native Go implementation for creating containers with
+  namespaces, cgroups, capabilities, and filesystem access controls. It allows
+  you to manage the lifecycle of the container performing additional operations
+  after the container is created.
+libnetwork: |
+  libnetwork provides a native Go implementation for creating and managing container network namespaces and other network resources. It manages the networking lifecycle of the container performing additional operations after the container is created.
+namespace: |
+  A [Linux namespace](https://man7.org/linux/man-pages/man7/namespaces.7.html)
+  is a Linux kernel feature that isolates and virtualizes system resources. Processes which are restricted to a namespace can only interact with resources or processes that are part of the same namespace. Namespaces
+  are an important part of Docker's isolation model. Namespaces exist for each type of resource, including `net` (networking), `mnt` (storage), `pid` (processes), `uts` (hostname control), and `user` (UID mapping). For more information about namespaces, see [Docker run reference](/engine/containers/run/) and [Isolate containers with a user namespace](/engine/security/userns-remap/).
+  Worker nodes execute tasks.
+overlay network driver: |
+  Overlay network driver provides out of the box multi-host network connectivity
+  for Docker containers in a cluster.
+overlay storage driver: |
+  OverlayFS is a [filesystem](#filesystem) service for Linux which implements a
+  [union mount](https://en.wikipedia.org/wiki/Union_mount) for other file systems.
+  It is supported by the Docker daemon as a storage driver.
+base image: |
+  A base image is an image you designate in a `FROM` directive in a Dockerfile.
+  It defines the starting point for your build.
+  Dockerfile instructions create additional layers on top of the base image.
+  A Dockerfile with the `FROM scratch` directive uses an empty base image.
+persistent storage: |
+  Persistent storage or volume storage provides a way for a user to add a
+  persistent layer to the running container's file system. This persistent layer
+  could live on the container host or an external device. The lifecycle of this
+  persistent layer is not connected to the lifecycle of the container, allowing
+  a user to retain state.
+SSH: |
+  SSH (secure shell) is a secure protocol for accessing remote machines and applications.
+  It provides authentication and encrypts data communication over insecure networks such as the Internet. SSH uses public/private key pairs to authenticate logins.
+Union file system: |
+  Union file systems implement a [union
+  mount](https://en.wikipedia.org/wiki/Union_mount) and operate by creating
+  layers. Docker uses union file systems in conjunction with
+  [copy-on-write](#copy-on-write) techniques to provide the building blocks for
+  containers, making them very lightweight and fast.
+
+  For more on Docker and union file systems, see [Docker and OverlayFS in
+  practice](/engine/storage/drivers/overlayfs-driver/).
+
+  Example implementations of union file systems are
+  [UnionFS](https://en.wikipedia.org/wiki/UnionFS) and
+  [OverlayFS](https://en.wikipedia.org/wiki/OverlayFS).
+virtual machine: |
+  A virtual machine is a program that emulates a complete computer and imitates dedicated hardware.
+  It shares physical hardware resources with other users but isolates the operating system. The end user has the same experience on a Virtual Machine as they would have on dedicated hardware.
+
+  Compared to containers, a virtual machine is heavier to run, provides more isolation, gets its own set of resources and does minimal sharing.
+
+  *Also known as VM*
+volume: |
+  A volume is a specially-designated directory within one or more containers
+  that bypasses the Union File System. Volumes are designed to persist data,
+  independent of the container's life cycle. Docker therefore never automatically deletes volumes when you remove a container, nor will it "garbage collect" volumes that are no longer referenced by a container.
+  *Also known as: data volume*
+
+  There are three types of volumes: *host, anonymous, and named*:
+
+  - A **host volume** lives on the Docker host's filesystem and can be accessed from within the container.
+
+  - A **named volume** is a volume which Docker manages where on disk the volume is created, but it is given a name.
+
+  - An **anonymous volume** is similar to a named volume, however, it can be difficult to refer to the same volume over time when it is an anonymous volume. Docker handles where the files are stored.
+x86_64: |
+  x86_64 (or x86-64) refers to a 64-bit instruction set invented by AMD as an
+  extension of Intel's x86 architecture. AMD calls its x86_64 architecture,
+  AMD64, and Intel calls its implementation, Intel 64.

layouts/_default/glossary.html

@@ -0,0 +1,39 @@
+{{ define "left" }}
+  {{ partial "sidebar/mainnav.html" . }}
+  {{ partial "sidebar/sections.html" . }}
+{{ end }}
+
+{{ define "main" }}
+  {{ partial "breadcrumbs.html" . }}
+  <article class="prose max-w-none dark:prose-invert">
+    {{ with .Title }}
+    <h1 class="scroll-mt-36">{{ . }}</h1>
+    {{ end }}
+    {{ with .Content }}
+      {{ .  }}
+    {{ end }}
+    <table>
+      <thead>
+        <tr>
+          <th>Term</th>
+          <th>Definition</th>
+        </tr>
+      </thead>
+      <tbody>
+        {{ range $term, $definition := site.Data.glossary }}
+          <tr>
+            <td class="not-prose">
+              <a class="-top-16 relative" name="{{ $term | anchorize }}"></a>
+              {{ $term }}
+            </td>
+            <td>{{ $definition | $.RenderString }}</td>
+          </tr>
+        {{ end }}
+      </tbody>
+    </table>
+  </article>
+{{ end }}
+
+{{ define "right" }}
+  {{ partial "aside.html" . }}
+{{ end }}