#Glossary
Use this glossary to interpret platform-wide terms in . For workflow-specific terms, use the corresponding workflow or component documentation.
#TOC
Platform And Cluster TermsExtension And Packaging TermsIdentity, Access, And Security TermsNetworking And Access TermsDisaster Recovery, Backup, And Upgrade TermsTerminology Conventions#Platform And Cluster Terms
| Term | Definition | Related doc |
|---|---|---|
| Core | The platform management foundation installed first. It deploys the global cluster and provides core management-plane capabilities such as web console access, platform APIs, users and RBAC, cluster management, project governance, and Extension management frameworks. | Core and Extensions |
global cluster | The central management cluster deployed by Core. It hosts platform management services and coordinates cluster, project, user, Extension, and platform operations. | Platform Model |
| Workload cluster | A Kubernetes cluster that runs application workloads under governance from the global cluster. Depending on the selected model, can create and lifecycle-manage workload clusters. | Platform Model |
| Third-party cluster | A Kubernetes environment whose Kubernetes distribution and lifecycle are provided or managed outside . can onboard third-party clusters for centralized governance and operations within documented prerequisites and caveats. | Cluster Management Models |
| Managed Cluster | The current UI/navigation label for the interface that manages onboarded third-party clusters. It is not a conceptual model parallel to third-party cluster. | Managed Clusters Overview |
| Installer-Provisioned Infrastructure (IPI) | An infrastructure responsibility model where the platform provisions machines, manages node operating systems through Immutable OS, and manages the supported Kubernetes lifecycle. | Cluster Management Models |
| User-Provisioned Infrastructure (UPI) | An infrastructure responsibility model where users prepare physical or virtual machines and retain node OS responsibility, while the platform installs and manages Kubernetes on those nodes. | Cluster Management Models |
| Hosted Control Plane (HCP) | A control-plane topology where each hosted cluster has its own control plane, and multiple hosted control planes run as workloads on a management cluster. In , HCP is implemented through Kamaji (TenantControlPlane). In 4.3, HCP is Technology Preview and not production-supported. | Cluster Management Models |
| Immutable Infrastructure | A provisioning and operating model where node configurations are baked into images and changes are applied by replacing nodes with new images. | About Immutable Infrastructure |
| Immutable OS | An immutable operating system used by installer-provisioned nodes. Node state is kept consistent by treating the operating system layer as centrally managed and replaced through image-based updates. | About Immutable Infrastructure |
| Project | A platform governance unit for a tenant, team, or business system. A project can span multiple associated clusters and acts as a boundary for quotas, policies, users, and namespace ownership. | Project Introduction |
| Namespace | A Kubernetes namespace managed directly or indirectly by the platform. In , a namespace can belong to a project and inherit project-level governance. | Namespace Management |
| Control plane | The Kubernetes management layer that runs components such as the API server, scheduler, controller manager, and etcd. | Architecture |
| Control plane node | A node that runs Kubernetes control plane components for a cluster using a dedicated control-plane topology. | Node Management |
| Worker node | A node that runs application workloads and cluster-local supporting components. | Node Management |
#Extension And Packaging Terms
| Term | Definition | Related doc |
|---|---|---|
| Extension | The umbrella term for Operator and Cluster Plugin based mechanisms that add capabilities to environments. | Core and Extensions |
| Operator | An Extension mechanism built on Kubernetes custom resources and controllers. In , Operators are managed through Operator Lifecycle Manager and OperatorHub. | Operator |
| Operator Lifecycle Manager (OLM) | The operator management framework that handles Operator installation, upgrades, dependency resolution, and related resources such as CatalogSource, Subscription, InstallPlan, and ClusterServiceVersion. | Operator |
| OperatorHub | The platform interface for discovering, installing, upgrading, and managing Operators through OLM. | Operator |
| Cluster Plugin | The platform Extension mechanism for chart-based plugins managed through ModulePlugin, ModuleConfig, and ModuleInfo custom resources. | Cluster Plugin |
Core lifecycle | Extension lifecycle type that follows the Core release and cluster Distribution Version. Standalone upgrade is not supported. | Core and Extensions |
Aligned lifecycle | Extension lifecycle type that follows the release stream but can be upgraded independently when a compatible version is published. | Core and Extensions |
Agnostic lifecycle | Extension lifecycle type released independently from and upgraded independently when a compatible version is published. | Core and Extensions |
| Customer Portal compatible versions | The compatibility field in the Customer Portal that indicates which versions a specific Operator or Cluster Plugin version supports. | Core and Extensions |
#Identity, Access, And Security Terms
| Term | Definition | Related doc |
|---|---|---|
| Identity Provider (IdP) | An external identity system used for platform account authentication, such as LDAP or OIDC. | Identity Provider Introduction |
| LDAP | A directory access protocol supported by the platform for enterprise user authentication. Active Directory can be integrated through LDAP. | LDAP Management |
| OpenID Connect (OIDC) | An identity layer based on OAuth 2.0 that the platform supports for third-party user authentication. | OIDC Management |
| Platform Roles | System-provided role templates used by the platform after the RBAC refactor. They are bound to users or groups and convert to Kubernetes permissions. | Roles Introduction |
| Kubernetes Roles | Native Kubernetes Role and ClusterRole objects used for fine-grained permissions. They are bound with RoleBinding or ClusterRoleBinding. | Roles Introduction |
| Audit | Platform operation records for users and system actions. Audit views depend on logging service components. | Audit Introduction |
| NetworkPolicy | A Kubernetes resource for namespace-scoped network traffic policy. Enforcement depends on the selected CNI. | NetworkPolicy |
| API Refiner | API filtering capability that can filter or mask Kubernetes API responses based on user permissions, project, cluster, and namespace. | API Security |
| Compliance features | Kyverno-based features for policy enforcement, violation monitoring, and reporting. Use the Compliance Service documentation for scope and prerequisites. | Compliance Service |
#Networking And Access Terms
| Term | Definition | Related doc |
|---|---|---|
| Platform Access Address | The external address used to access platform services such as the web console and platform APIs. It can be the same as the Cluster Endpoint or a separate address for external access scenarios. | Installing |
| Cluster Endpoint | The address used by cluster components and administrators to reach the target Kubernetes control plane endpoint. | Installing |
| LoadBalancer | A Kubernetes Service type that exposes a Service through an external load balancer. In the platform, load-balancing can also involve external devices, VIPs, or provider-specific services. | Configure Services |
| Self-built VIP | The built-in virtual IP option used when an external load balancer is not provided for the Cluster Endpoint. | Prerequisites |
| Cluster Proxy | A platform communication capability used to connect the global cluster and managed clusters for supported management operations. | Architecture |
| Import cluster | An onboarding method where the global cluster connects to the target third-party cluster API server with supplied address, CA, and credentials. | Import Clusters |
| Register cluster | An onboarding method where a reverse proxy service in the target third-party cluster initiates registration and establishes a tunnel to the platform. | Register Cluster |
#Disaster Recovery, Backup, And Upgrade Terms
| Term | Definition | Related doc |
|---|---|---|
| Global Cluster Disaster Recovery | A Primary and Standby global cluster DR mechanism based on global cluster etcd synchronization and DNS/VIP failover. It protects the global control-plane scenario only within documented boundaries. | Availability and Recovery |
| etcd backup and restore | Backup and restore path for Kubernetes control-plane resource state stored in etcd. | etcd Backup and Restore |
| Application backup and restore | Velero-based backup and restore path for application resources and persistent volumes, delivered through Data Backup components. | Backup Overview |
| Cluster Version Operator (CVO) | The upgrade workflow and controller used to coordinate target versions, preflight checks, status, and execution progress for global and workload cluster upgrades. | Upgrade Overview |
| ClusterVersionShadow | A custom resource used by the CVO-based upgrade workflow to expose desired version, status, preflight results, stages, and upgrade history. | Upgrade Overview |
| Distribution Version | The cluster distribution version used to coordinate upgrade gating and version alignment for global and workload cluster upgrades. | Upgrade Overview |
| Preflight | The set of checks run before upgrade execution to reduce upgrade risk. | Pre-Upgrade |
#Terminology Conventions
- The
globalcluster is the platform management cluster. Third-party clusterrefers to externally provided Kubernetes environments.Managed Clusteris the current UI or navigation label.- UI labels, API resource names, protocol names, and feature names keep their official capitalization.
- Acronyms are expanded on first mention when the surrounding page needs the expansion.