This is a collection of terms used in the CoCalc documentation. The included links point to original sources for more details.

Here are starting point for learning more about

Air-gapped Environment

An air-gapped environment is a secure computer network that is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.


Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage clusters.


Amazon Web Services is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.


Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Bare metal

A “bare metal” Kubernetes cluster is a cluster that is not running on a cloud provider, but on a set of physical machines.

Certificate Manager

cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.


Each Service can be reached by that internal IP address. However, if set to "None", no address is allocated and its now a “headless” service. The traffic to this service will be handled by the Ingress Controller.


CoCalc is a web-based platform for creating, editing, and collaborating on Jupyter Notebooks, LaTeX documents, Linux Terminals, and more.


A ConfigMap is an object stored in Kubernetes that contains configuration data.


A Kubernetes container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. See Container for more information.

Deployment Hook

HELM Deployment Hooks are used to run a job before or after a deployment.

Device Plugin

A Device Plugin is a plugin that enables Kubernetes to manage hardware resources like GPUs.

Docker Credentials

In Kubernetes, it is possible to configure a secret, that contains the credentials for a private Docker registry. See Docker Credentials for more information.

Docker Images

Docker images are a way to deliver software in packages and run them in containers. See Docker for more information.


Amazon Elastic Kubernetes Service (EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters.


Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. See Git for more information.


Google Kubernetes Engine (GKE) is a managed, production-ready environment for deploying containerized applications.

GNU Autotools

GNU Autotools are a set of programming tools to assist in making source code packages portable to many Unix-like systems.

Google Cloud Storage

Google Cloud Storage is a unified object storage for developers and enterprises, from live data serving to data analytics/ML to data archiving.

Google Compute Platform

Google Compute Platform is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube.


A GPU is a specialized hardware, coming from the graphics card industry, that is used for general purpose computation. To make it useful in a Kubernetes cluster, it needs to be exposed to the cluster as a device plugin and then be requested by a pod. See NVIDIA GPU for more information.


Helm is kind of a package manager for Kubernetes. Those “packages” are organized as HELM Charts.

HELM Charts

A Helm Chart is a collection of files that describe a related set of Kubernetes resources.


Helm Diff is a Helm plugin that shows a diff explaining what a helm upgrade would change.

HELM sub-charts and global values

Helm sub-charts and global values help organizing larger sets of charts. Globals are used to share values between charts. See Subcharts and Globals for more information. Any value can be set from a single central configuration file of yours.

Home Directory

In Linux and other Unix-like operating systems, a home directory is a directory where a user’s personal files are stored. It’s usually in /home/<username>. Specific to CoCalc, the username is user and has the UID/GUI 2001:2001.


Ingress is a collection of rules that allow inbound connections to reach their corresponding cluster service endpoints.

Ingress TLS

Ingress TLS configures the TLS keys and certificates to use for the Ingress.

Init Container

An Init Container runs before the actual containers are created and started up.

Jupyter Notebook

Jupyter Notebooks are documents that contain both computer code (e.g. Python) and rich text elements (text, equations, links, etc…). CoCalc’s Jupyter Notebooks are collaborative, record all changes, and can be shared – internally or externally – very easily.


JupyterLab is a web-based interactive development environment for Jupyter notebooks, code, and data.


Kubectl is the Kubernetes command-line tool, which allows you to run commands against Kubernetes clusters. See Kubectl for more information.

Kubectl Aliases

Kubectl Aliases is a collection of useful aliases for kubectl.


Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. See Kubernetes for more information.

Kubernetes Jobs

A Kubernetes Job creates one or more Pods and ensures that a specified number of them successfully terminate. HELM test will show you a summary of running these jobs.


Kustomize is a tool that allows you to customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is. It is capable of rendering HELM charts as well. See Kustomize for more information.


A Kubernetes node label is a key-value pair that is attached to a node. See Labels and Selectors for more information.

Large Language Models

Large language models (LLMs) are sophisticated computer programs trained on massive amounts of text data. They can generate realistic text, translate languages, write different kinds of creative content, and answer your questions in an informative way.

LaTeX Documents

LaTeX is a document preparation system for high-quality typesetting. It is most often used for medium-to-large technical or scientific documents but it can be used for almost any form of publishing.

Leaky Abstraction

A Leaky Abstraction is a term used to describe a situation where the abstraction provided by a system is not complete, and the user of the system must be aware of the details of the underlying system in order to use – and debug – it effectively.

Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. See Let’s Encrypt for more information.


Linux is a family of open-source POSIX-compliant Unix-like operating systems based on the Linux kernel.


A cluster service, that exposes an application running on a set of Pods as a network service. See LoadBalancer for more information.


MetalLB is a LoadBalancer implementation for bare metal Kubernetes clusters, using standard routing protocols. See MetalLB for more information.


Minikube is a tool that makes it easy to run Kubernetes locally.


A Namespace is a way to divide cluster resources between multiple users (via resource quota).


A NetworkPolicy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.


Network File System (NFS) is a distributed file system protocol that allows you to mount remote directories and access them as though they were local. See NFS for more information.

NGINX Ingress Controller

An Ingress controller that uses NGINX as the load balancer. See NGINX Ingress Controller for more information.

Node selector

A node selector is a way to tell Kubernetes to only schedule certain pods onto nodes with particular labels.


Node.js is an open-source, cross-platform, back-end JavaScript runtime environment that runs on the V8 engine and executes JavaScript code outside a web browser.


OAuth2 is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.


Ollama is an open-source framework designed to make it easier to run large language models (LLMs) on your own computer. It simplifies the setup process, manages the necessary files, and optimizes the models to work well on your specific hardware.


On-premises software is software that is installed on a computer or server within a company’s network, rather than being hosted externally by a cloud computing provider.

overcommit ratio

An overcommit ratio is the ratio of the total amount of resources that are available to the total amount of resources that are requested.


A Kubernetes PersistentVolume (PV) is a piece of storage in the cluster.


A Kubernetes PersistentVolumeClaim (PVC) is a request for storage of a PersistentVolume.


A Kubernetes Pod is a group of one or more containers, with shared storage/network, a specification for how to run the containers. A Pod’s contents are always co-located and co-scheduled.

Pod Disruption Budget

A Pod Disruption Budget is an object that limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions.


POSIX is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. Linux is a POSIX-compliant operating system.


PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. See PostgreSQL for more information.


A PriorityClass defines a mapping from a priority class name to the integer value of the priority.






Python is an interpreted, high-level and general-purpose programming language.


R is a programming language and free software environment for statistical computing and graphics supported by the R Foundation for Statistical Computing.


A Kubernetes access mode that allows a filesystem to be mounted as read-write by many nodes.


SAML is an XML-based standard for exchanging authentication and authorization data between security domains. This allows you to tie accounts from your identity provider (e.g. Google Workspaces or Microsoft’s Azure Active Directory) to this instance of CoCalc.


A Secret is an object stored in Kubernetes that contains a small amount of sensitive data such as a password, a token, or a key.


A Service is an abstraction which defines a logical set of Pods and a policy by which to access them.


A ServiceAccount is an account that is used by a pod to access the Kubernetes API.

Single Page Application

A Single Page Application is a web application or web site that fits on a single web page with the goal to provide a more fluid user experience similar to a desktop application. CoCalc‘s main user interface is an example of that, using a WebSocket connection to the server.

Site Settings

In the CoCalc web-based application, administrators have an “Admin” tab. There, a panel “Site Settings” let’s them control the configuration of the server. However, these values are maybe controlled by my-values.yaml.

SMTP server

An SMTP server is a computer program or an email server that accepts and forwards email messages to other email servers.


A snapshot of a filesystem is essentially a frozen “picture” of a volume’s data taken at a point in time.

Sourcing a Script

“sourcing a script” in Bash means to execute the commands in the script in the current shell environment instead of creating a new shell environment for the script. The syntax is source <script> or . <script>.


Sqlite3 is a relational database management system contained in a C library. In contrast to other database management systems, it is not a separate process that is accessed from the client application, but an integral part of it.


SSHFS is a filesystem client based on the SSH File Transfer Protocol. It allows you to mount a remote filesystem using SFTP and interact with it as though it were a local filesystem.


A Kubernetes Storage Class is a way to specify, how a request for a persistent volume is handled, i.e. which kind of storage backend is used.


A Kubernetes node taint is a property that you apply to a node. A taint is a key-value pair that you can use to define a node’s special characteristics. See Taints and Tolerations for more information.


TimeTravel in CoCalc is a feature that allows you to go back in time to a previous version of a file or directory. It’s similar to the Time Machine feature in MacOS.


User Identifier: a unique numerical value assigned to each user account. It serves as the primary means of identifying users and determining their permissions and access levels to system resources. The root user has UID 0, while other users are assigned progressively higher UIDs.


A POSIX filesystem has two types of identifiers for files and directories: the user ID (UID) and the group ID (GID).


A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems. See UUID for more information.


A VPN is a private network that extends across a public network, such as the Internet.


VSCode is a free source-code editor made by Microsoft for Windows, Linux and macOS.


A WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. It’s commonly used for Single Page Applications.


YAML is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.


Your mileage may vary.