Glossary
========


.. note::

  This is a collection of terms used in the CoCalc documentation.
  The included links point to original sources for more details.

  Here are starting point for learning more about

  - Kubernetes: https://kubernetes.io/docs/home/
  - Linux: https://linuxjourney.com/

.. glossary::
    :sorted:

    CoCalc
        `CoCalc <https://cocalc.com/>`_ is a web-based platform for creating, editing, and collaborating on Jupyter Notebooks, :term:`LaTeX documents`, Linux Terminals, and more.

    LaTeX Documents
        `LaTeX <https://www.latex-project.org/>`_ is a document preparation system for high-quality typesetting. It is most often used for medium-to-large technical or scientific documents but it can be used for almost any form of publishing.

    ReadWriteMany
        A `Kubernetes access mode <https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes>`_ that allows a filesystem to be mounted as read-write by many nodes.

    NGINX Ingress Controller
        An `Ingress controller <https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/>`_ that uses NGINX as the load balancer. See `NGINX Ingress Controller <https://kubernetes.github.io/ingress-nginx/>`_ for more information.

    NFS
        Network File System (NFS) is a distributed file system protocol that allows you to mount remote directories and access them as though they were local. See `NFS <https://en.wikipedia.org/wiki/Network_File_System>`_ for more information.

    SSHFS
        `SSHFS <https://en.wikipedia.org/wiki/SSHFS>`_ is a filesystem client based on the SSH File Transfer Protocol. It allows you to mount a remote filesystem using SFTP and interact with it as though it were a local filesystem.

    HELM
        `Helm <https://helm.sh/>`_ is kind of a package manager for Kubernetes.
        Those "packages" are organized as :term:`HELM Charts`.

    AWS
        `Amazon Web Services <https://aws.amazon.com/>`_ is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

    AWS S3
        `Amazon Simple Storage Service (Amazon S3) <https://aws.amazon.com/s3/>`_ is an object storage service that offers industry-leading scalability, data availability, security, and performance.

    HELM Charts
        A `Helm Chart <https://helm.sh/docs/topics/charts/>`_ is a collection of files that describe a related set of :term:`Kubernetes` resources.

    Pod
        A `Kubernetes Pod <https://kubernetes.io/docs/concepts/workloads/pods/>`_ is a group of one or more containers, with shared storage/network, a specification for how to run the containers. A Pod's contents are always co-located and co-scheduled.

    Kubectl
        Kubectl is the Kubernetes command-line tool, which allows you to run commands against Kubernetes clusters. See `Kubectl <https://kubernetes.io/docs/reference/kubectl/overview/>`_ for more information.

    Kubectl Aliases
        `Kubectl Aliases <https://github.com/ahmetb/kubectl-aliases>`_ is a collection of useful aliases for kubectl.

    Google Cloud Storage
        `Google Cloud Storage <https://cloud.google.com/storage/>`_ is a unified object storage for developers and enterprises, from live data serving to data analytics/ML to data archiving.

    Certificate Manager
        `cert-manager <https://cert-manager.io/>`_ is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.

    Let's Encrypt
        Let's Encrypt is a free, automated, and open certificate authority (CA), run for the public's benefit. See `Let's Encrypt <https://letsencrypt.org/>`_ for more information.

    Kustomize
        Kustomize is a tool that allows you to customize raw, template-free YAML files for multiple purposes,
        leaving the original YAML untouched and usable as is.
        It is capable of rendering HELM charts as well.
        See `Kustomize <https://kustomize.io/>`_ for more information.

    Deployment Hook
        `HELM Deployment Hooks <https://helm.sh/docs/topics/charts_hooks/>`_ are used to run a job before or after a deployment.

    Kubernetes
        Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. See `Kubernetes <https://kubernetes.io/>`_ for more information.

    Bare metal
        A "bare metal" :term:`Kubernetes` cluster is a cluster that is not running on a cloud provider,
        but on a set of physical machines.

    GKE
        `Google Kubernetes Engine (GKE) <https://cloud.google.com/kubernetes-engine/>`_ is a managed, production-ready environment for deploying containerized applications.

    EKS
        `Amazon Elastic Kubernetes Service (EKS) <https://aws.amazon.com/eks/>`_ is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters.

    AKS
        `Azure Kubernetes Service (AKS) <https://azure.microsoft.com/en-us/services/kubernetes-service/>`_ is a managed Kubernetes service that lets you quickly deploy and manage clusters.

    Taint
        A Kubernetes node taint is a property that you apply to a node. A taint is a key-value pair that you can use to define a node's special characteristics. See `Taints and Tolerations <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/>`_ for more information.

    Label
        A Kubernetes node label is a key-value pair that is attached to a node. See `Labels and Selectors <https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/>`_ for more information.

    Node selector
        A `node selector <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector>`_ is a way to tell Kubernetes to only schedule certain pods onto nodes with particular labels.

    Ingress
        `Ingress <https://kubernetes.io/docs/concepts/services-networking/ingress/>`_ is a collection of rules that allow inbound connections to reach their corresponding cluster service endpoints.

    Ingress TLS
        `Ingress TLS <https://kubernetes.io/docs/concepts/services-networking/ingress/#tls>`_ configures the TLS keys and certificates to use for the Ingress.

    LoadBalancer
        A cluster service, that exposes an application running on a set of Pods as a network service.
        See `LoadBalancer <https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer>`_ for more information.

    Git
        Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. See `Git <https://git-scm.com/>`_ for more information.

    HELM sub-charts and global values
        Helm sub-charts and global values help organizing larger sets of charts.
        Globals are used to share values between charts.
        See `Subcharts and Globals <https://helm.sh/docs/chart_template_guide/subcharts_and_globals/>`_ for more information.
        Any value can be set from a single central configuration file of yours.

    HELM Diff
        `Helm Diff <https://github.com/databus23/helm-diff>`_ is a Helm plugin that shows a diff explaining what a helm upgrade would change.

    Kubernetes Jobs
        A `Kubernetes Job <https://kubernetes.io/docs/concepts/workloads/controllers/job/>`_ creates one or more Pods and ensures that a specified number of them successfully terminate. HELM test will show you a summary of running these jobs.

    Container
        A :term:`Kubernetes` container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. See `Container <https://kubernetes.io/docs/concepts/containers/>`_ for more information.

    MetalLB
        MetalLB is a :term:`LoadBalancer` implementation for bare metal Kubernetes clusters, using standard routing protocols. See `MetalLB <https://metallb.universe.tf/>`_ for more information.

    Docker Images
        Docker images are a way to deliver software in packages and run them in :term:`containers <Container>`.
        See `Docker <https://www.docker.com/>`_ for more information.

    Docker Credentials
        In :term:`Kubernetes`, it is possible to configure a secret, that contains the credentials for a private Docker registry. See `Docker Credentials <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/>`_ for more information.

    PostgreSQL
        PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. See `PostgreSQL <https://www.postgresql.org/>`_ for more information.

    PV
        :term:`PersistentVolume`

    PVC
        :term:`PersistentVolumeClaim`

    PersistentVolume
        A :term:`Kubernetes` `PersistentVolume <https://kubernetes.io/docs/concepts/storage/persistent-volumes/>`_ (PV) is a piece of storage in the cluster.

    PersistentVolumeClaim
        A :term:`Kubernetes` `PersistentVolumeClaim <https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims>`_ (PVC) is a request for storage of a :term:`PersistentVolume`.

    UUID
        A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems. See `UUID <https://en.wikipedia.org/wiki/Universally_unique_identifier>`_ for more information.

    Leaky Abstraction
        A `Leaky Abstraction <https://en.wikipedia.org/wiki/Leaky_abstraction>`_ is a term used to describe a situation where the abstraction provided by a system is not complete, and the user of the system must be aware of the details of the underlying system in order to use – and debug – it effectively.

    Node.js
        `Node.js <https://nodejs.org/>`_ is an open-source, cross-platform, back-end JavaScript runtime environment that runs on the V8 engine and executes JavaScript code outside a web browser.

    YMMV
        Your mileage may vary.

    SMTP server
        An `SMTP server <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>`_ is a computer program or an email server that accepts and forwards email messages to other email servers.

    VPN
        A `VPN <https://en.wikipedia.org/wiki/Virtual_private_network>`_ is a private network that extends across a public network, such as the Internet.

    Jupyter Notebook
        `Jupyter Notebooks <https://jupyter.org/>`_ are documents that contain both computer code (e.g. Python) and rich text elements (text, equations, links, etc...).
        `CoCalc's Jupyter Notebooks <https://cocalc.com/features/jupyter-notebook>`_ are collaborative, record all changes, and can be shared – internally or externally – very easily.

    SAML
        `SAML <https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language>`_ is an XML-based standard for exchanging authentication and authorization data between security domains.
        This allows you to tie accounts from your identity provider (e.g. Google Workspaces or Microsoft's Azure Active Directory) to this instance of CoCalc.

    YAML
        `YAML <https://yaml.org/>`_ is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.

    StorageClass
        A Kubernetes `Storage Class <https://kubernetes.io/docs/concepts/storage/storage-classes/>`_ is a way to specify, how a request for a persistent volume is handled, i.e. which kind of storage backend is used.

    overcommit ratio
        An *overcommit ratio* is the ratio of the total amount of resources that are available to the total amount of resources that are requested.

    Service
        A `Service <https://kubernetes.io/docs/concepts/services-networking/service/>`_ is an abstraction which defines a logical set of Pods and a policy by which to access them.

    ServiceAccount
        A `ServiceAccount <https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/>`_ is an account that is used by a pod to access the Kubernetes API.

    NetworkPolicy
        A `NetworkPolicy <https://kubernetes.io/docs/concepts/services-networking/network-policies/>`_ is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.

    PriorityClasses
        A `PriorityClass <https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass>`_ defines a mapping from a priority class name to the integer value of the priority.

    Pod Disruption Budget
        A `Pod Disruption Budget <https://kubernetes.io/docs/concepts/workloads/pods/disruptions/>`_ is an object that limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions.

    Minikube
        `Minikube <https://minikube.sigs.k8s.io/>`_ is a tool that makes it easy to run Kubernetes locally.

    Snapshot
        A `snapshot <https://en.wikipedia.org/wiki/Snapshot_(computer_storage)>`_ of a filesystem is essentially a frozen "picture" of a volume's data taken at a point in time.

    Secret
        A `Secret <https://kubernetes.io/docs/concepts/configuration/secret/>`_ is an object stored in :term:`Kubernetes` that contains a small amount of sensitive data such as a password, a token, or a key.

    ConfigMap
        A `ConfigMap <https://kubernetes.io/docs/concepts/configuration/configmap/>`_ is an object stored in :term:`Kubernetes` that contains configuration data.

    Namespace
        A `Namespace <https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/>`_ is a way to divide cluster resources between multiple users (via resource quota).

    GPU
        A `GPU <https://en.wikipedia.org/wiki/Graphics_processing_unit>`_ is a specialized hardware, coming from the graphics card industry, that is used for general purpose computation.
        To make it useful in a :term:`Kubernetes` cluster, it needs to be exposed to the cluster as a :term:`device plugin <Device Plugin>` and then be requested by a :term:`pod <Pod>`.
        See `NVIDIA GPU <https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/>`_ for more information.

    Device Plugin
        A `Device Plugin <https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/>`_ is a plugin that enables Kubernetes to manage hardware resources like :term:`GPUs <GPU>`.

    WebSocket
        A `WebSocket <https://en.wikipedia.org/wiki/WebSocket>`_ is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. It's commonly used for :term:`Single Page Applications <Single Page Application>`.

    Single Page Application
        A `Single Page Application <https://en.wikipedia.org/wiki/Single-page_application>`_ is a web application or web site that fits on a single web page with the goal to provide a more fluid user experience similar to a desktop application. :term:`CoCalc`\ 's main user interface is an example of that, using a :term:`WebSocket` connection to the server.

    on-premises
        `On-premises software <https://en.wikipedia.org/wiki/On-premises_software>`_ is software that is installed on a computer or server within a company's network, rather than being hosted externally by a cloud computing provider.

    UID/GUI
        A :term:`POSIX` filesystem has two types of identifiers for files and directories: the `user ID (UID) and the group ID (GID) <https://en.wikipedia.org/wiki/UID_and_GID>`_.

    POSIX
        `POSIX <https://en.wikipedia.org/wiki/POSIX>`_ is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. :term:`Linux` is a POSIX-compliant operating system.

    Home Directory
        In :term:`Linux` and other Unix-like operating systems, a :term:`home directory` is a directory where a user's personal files are stored. It's usually in ``/home/<username>``. Specific to CoCalc, the username is ``user`` and has the :term:`UID/GUI` ``2001:2001``.

    Linux
        `Linux <https://en.wikipedia.org/wiki/Linux>`_ is a family of open-source :term:`POSIX-compliant <POSIX>` Unix-like operating systems based on the Linux kernel.

    Google Compute Platform
        `Google Compute Platform <https://cloud.google.com/>`_ is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube.

    Sqlite3
        `Sqlite3 <https://www.sqlite.org/index.html>`_ is a relational database management system contained in a C library. In contrast to other database management systems, it is not a separate process that is accessed from the client application, but an integral part of it.

    TimeTravel
        `TimeTravel <https://doc.cocalc.com/time-travel.html>`_ in CoCalc is a feature that allows you to go back in time to a previous version of a file or directory. It's similar to the `Time Machine <https://en.wikipedia.org/wiki/Time_Machine_(macOS)>`_ feature in MacOS.

    Sourcing a Script
        "sourcing a script" in Bash means to execute the commands in the script in the current shell environment instead of creating a new shell environment for the script. The syntax is ``source <script>`` or ``. <script>``.

    VSCode
        `VSCode <https://code.visualstudio.com/>`_ is a free source-code editor made by Microsoft for Windows, Linux and macOS.

    Air-gapped Environment
        An `air-gapped environment <https://en.wikipedia.org/wiki/Air_gap_(networking)>`_ is a secure computer network that is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.

    OAuth2
        `OAuth2 <https://oauth.net/2/>`_ is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

    JupyterLab
        `JupyterLab <https://jupyterlab.readthedocs.io/>`_ is a web-based interactive development environment for Jupyter notebooks, code, and data.


    GNU Autotools
        `GNU Autotools <https://en.wikipedia.org/wiki/GNU_Autotools>`_ are a set of programming tools to assist in making source code packages portable to many Unix-like systems.

    Python
        `Python <https://www.python.org/>`_ is an interpreted, high-level and general-purpose programming language.

    R
        `R <https://www.r-project.org/>`_ is a programming language and free software environment for statistical computing and graphics supported by the R Foundation for Statistical Computing.

    Large Language Models
        Large language models (LLMs) are sophisticated computer programs trained on massive amounts of text data. They can generate realistic text, translate languages, write different kinds of creative content, and answer your questions in an informative way.

    Ollama
        `Ollama <https://ollama.com/>`_ is an open-source framework designed to make it easier to run :term:`large language models` (LLMs) on your own computer. It simplifies the setup process, manages the necessary files, and optimizes the models to work well on your specific hardware.

    Init Container
        An `Init Container <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>`_ runs before the actual :term:`containers <container>` are created and started up.

    ClusterIP
        Each :term:`Service` can be reached by that internal IP address.
        However, if set to ``"None"``, no address is allocated and its now a "headless" service.
        The traffic to this service will be handled by the Ingress Controller.

    UID
        **User Identifier**: a unique numerical value assigned to each user account.
        It serves as the primary means of identifying users and determining their permissions and access levels to system resources.
        The root user has UID 0, while other users are assigned progressively higher UIDs.

    Site Settings
        In the CoCalc web-based application, administrators have an "Admin" tab. There, a panel "Site Settings" let's them control the configuration of the server.
        However, these values are maybe controlled by :ref:`my-values.yaml`.