Glossary¶
There are only two hard things in Computer Science: cache invalidation and naming things.
— Phil Karlton
This page introduces terminology used in the Compliant Kubernetes project. We borrow terminology from:
You may want to familiarize yourself with that terminology first.
When naming things, we stick to Inclusive Naming.
Please capitalize these terms, i.e., treat them as proper nouns.
Air-gapped Network¶
From Wikipedia:
An [air-gapped network] is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. It means a computer or network has no network interface controllers connected to other networks, with a physical or conceptual air gap, analogous to the air gap used in plumbing to maintain water quality.
Usage notes:
- Please avoid "air-gapped environment" to avoid confusion with Environment.
- Please avoid synonymous expressions, like "disconnected network" or "offline environment".
See also:
Application Developer¶
A person who writes an application that runs in a Kubernetes cluster.
Usage notes:
- It's okay to use "app dev", "dev" or "developer", if it's clear from the context that we refer to an Application Developer.
- If you need more precision, use:
- "Application Developers who are Grafana administrators" (see Grafana Roles)
- "Application Developers who are Harbor system administrators" (see Harbor Managing Users)
- "Application Developers who are Kubernetes admins" (see Kubernetes user-facing roles)
- "Application Developers with Kubernetes edit permissions" (see Kubernetes user-facing roles)
- Do NOT use "Super Application Developer", "user-admin", "user-view", etc.
See also:
Cluster¶
Can refer to a Kubernetes Cluster, a PostgreSQL cluster, a Redis cluster, a RabbitMQ cluster, an OpenSearch Cluster, etc.
Usage notes:
- If it's not clear from the context what kind of Cluster you refer to, please spell it out. E.g., "The PostgreSQL Cluster runs inside the Workload Cluster." instead of "The Cluster runs inside the Workload Cluster."
See also:
- Architecture Diagram Level 2: Clusters
- Cluster on Kubernetes Glossary
- PostgreSQL Database Cluster
- Redis Cluster
- RabbitMQ Clustering Guide
Contributor¶
Someone who makes Compliant Kubernetes better by providing code, documentation, feedback. Contributors make their work visible by raising issues and creating pull requests.
See also:
Critical Entity¶
To quote the EU Critical Entities Resilience (CER) Directive:
Critical entities, as providers of essential services, play an indispensable role in the maintenance of vital societal functions or economic activities in the internal market in an increasingly interdependent Union economy.
In particular, they all need to take various measures related to physical and staff security.
However, there is no single clear definition for Critical Entities. Instead, EU Member States must implement a process for identifying critical entities based on categories of entities published in EU CER Directive.
All entities identified as critical under CER are considered essential entities under the EU NIS2 Directive.
See also:
Customer¶
Someone who benefits from Compliant Kubernetes via a commercial agreement.
Usage notes:
- Do NOT use "Customer" to refer figuratively to Application Developer. Although we are big fans of a customer-driven mindset, there are several way to deliver Compliant Kubernetes commercially. Hence, this usage of the word "Customer" is confusing.
- Do NOT use "Customer" to refer figuratively to End User. Although we are big fans of a customer-driven mindset, there are several way to deliver Compliant Kubernetes commercially. Hence, this usage of the word "Customer" is confusing.
- Do NOT use "Data Controller", "Data Processor" or "Data Sub-processor". Determining which entity fulfills these GDPR concepts is usually done via a Data Protection Agreement (DPA). See EDPB Guidelines 07/2020 on the concepts of controller and processor in the GDPR.
See also:
End User¶
Ultimate user of the Application deployed on top of Kubernetes.
Usage notes:
- Spell "End User" when used as noun, "end-user" when used as adjective. E.g., "good end-user experience" versus "good experience to the End User".
- Do NOT use "Application User" to refer to the End User.
- Platform Services, like Grafana, Harbor and OpenSearch, are meant for Application Developers and not End Users.
See also:
Environment¶
One instance of a Compliant Kubernetes deployment. One Environment is composed of two Kubernetes Clusters, the Management Cluster and Workload Cluster.
Usage notes:
- Make sure to distinguish between Environment and Cluster.
Essential Entity¶
Essential Entities are organizations which are considered to provide essential services to society and have obligations according to the EU NIS2 Directive. In particular, they need to take certain measures related to information security and cybersecurity.
There is no clear definition for Essential Entities. Instead, EU Member States must implement a process for identifying essential entities based on a list of sectors of high criticality published in NIS2.
This process is currently under development in most EU Member States. As an example on how this process could look like, please refer to the NIS-era MSBFS 2024:4 rule.
Usage notes:
- The EU NIS2 Directive also introduces "important entities". These organizations have somewhat lower obligations under NIS2 and are subject to lower maximum fines.
See also:
- EU NIS2 Directive: Sectors of High Criticality
- Swedish MSBFS 2024:4 Rules on identification of providers of essential services
Kubernetes Cluster¶
A set of worker machines, called nodes, that run containerized applications. Every cluster has at least one worker node.
Usage notes:
- Prefer Workload Cluster or Management Cluster to avoid confusion.
See also:
Identity Provider¶
An Identity Provider (IdP) is a system that offers user authentication as a service. Examples include:
- Keycloak
- Microsoft Entra ID previously known as Azure Active Directory
- Google Identity
- jumpcloud
Usage notes:
- Do NOT use "Authentication Provider"
- Dex is a "Federated OpenID Connect Provider". Hence, it is okay to call it a "Federated Identity Provider".
See also:
Infrastructure Provider¶
A supplier of Virtual or Bare-metal Machines, networks, load balancers, block storage and object storage.
Usage notes:
- Do NOT use "Data Processor" or "Data Sub-processor". Determining which entity fulfills these GDPR concepts is usually done via a Data Protection Agreement (DPA). See EDPB Guidelines 07/2020 on the concepts of controller and processor in the GDPR.
- Do NOT use "Cloud Provider", as this is easily confused with "Platform-as-a-Service Cloud Provider".
See also:
Management Cluster¶
A Kubernetes cluster hosting some platform components.
Usage notes:
- Do NOT use "Service Cluster". That terms is poorly recognized and hereby deprecated.
SC
andsc
may be used to preserve backwards compatibility. Acceptable usage includes code and command-line tools. Unacceptable usage include documentation.
See also:
Maintainer¶
"Those contributors who lead an open source project." Elastisys is Maintainer of Compliant Kubernetes.
Usage notes:
- Do NOT use "Creators" nor "Community Leaders".
See also:
Personal Data Controller¶
Defined in Art. 4 GDPR as:
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
In brief, this is the organization which decides or influences what goes in the privacy policy.
Usage notes:
- "Controller" can also refer to the Controller pattern in Kubernetes. Only use "controller" (without "personal data" or "Kubernetes") if the reader can understand from the context which one you refer to.
See also:
Personal Data Processor¶
Defined in Art. 4 GDPR as:
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
In brief, this is the organization that receives instructions from the data controller and -- with few exceptions -- can only process personal data as instructed.
Usage notes:
- The GDPR does not define the concept of "sub-processor". However, the European Data Protection Board (EDPB) encourages using the term "sub-processor" to denote an organization which acts under the instructions of the processor.
See also:
Platform Administrator¶
The people who operate Compliant Kubernetes and Additional Platform Services.
Usage notes:
- Do NOT use "Operator" to refer to "Platform Administrator". Such usage is confusing due to the Operator pattern.
- It's okay to use "admin" or "administrator", if it's clear from the context that we refer to the Platform Administrator.
See also:
Service Endpoint¶
Interface exposed via the network for accessing Compliant Kubernetes functionality. Endpoints include Harbor, OpenSearch, Grafana, Dex and the Workload Cluster Kubernetes API.
Usage notes:
- Do NOT use "Webportals" or "Service Access Points".
See also:
Workload Cluster¶
A Kubernetes cluster hosting the Application which is used by the End User.
See also: