Glossary
Flat alphabetical glossary of acronyms and terms used across the lab docs — expansion, one-line definition, see-also.
Flat alphabetical reference for the acronyms and named patterns used across the lab documentation. The §1 introduction has the contextual glossary; this page is the lookup table.
| Acronym | Expansion | One-line | See also |
|---|---|---|---|
| ACL | Access Control List | A list of allow/deny rules; in HAProxy, named SNI/host matches used to branch traffic. | §7.2 HAProxy Frontends |
| ACM | Advanced Cluster Management (for Kubernetes) | Red Hat fleet manager running on hub-dc-v6. | feedback_acm_gitops_pull_pattern.md |
| ACME | Automatic Certificate Management Environment | Let’s Encrypt protocol for cert issuance / renewal. | §7.2 HAProxy, §7.3 PDNS |
| ADR | Architecture Decision Record | Lab convention: numbered .md file capturing a decision. | opp-full-plat/adr/ |
| API VIP | API Virtual IP | Floating VIP that fronts an OpenShift cluster’s Kubernetes API. | §7.8 Cluster Domains |
| AppSet | ArgoCD ApplicationSet | Templated Application generator. | §7.6 Vault Paths, hub GitOps |
| AXFR | DNS Zone Transfer | Authoritative-to-authoritative full zone copy; not used (single PDNS). | §7.3 PDNS |
| CIDR | Classless Inter-Domain Routing | Subnet notation like 30.30.0.0/16. | §7.8 Cluster Domains |
| CR | Custom Resource | Kubernetes resource defined by a CRD. | — |
| CRD | Custom Resource Definition | Defines a CR type. | project_acm_gitops_addon_routes_crd.md |
| CSV | ClusterServiceVersion | OLM operator manifest pinning a version. | §7.7 Operator Version Lock |
| DR | Disaster Recovery | Standby capacity (e.g., HAProxy DR public bind). | §7.2 HAProxy |
| DPA | DataProtectionApplication | OADP CR that wires a backup target. | §7.4 Object Storage |
| ESO | External Secrets Operator | Reconciles Kubernetes Secrets from external stores (Vault, Kubernetes). | §7.6 Vault Paths |
| HMAC | Hashed Message Authentication Code | Used for MinIO S3 signing keys; lab keys in Vault secret/platform/minio/terraform-hmac. | §7.6 Vault Paths |
| IDMS | ImageDigestMirrorSet | OpenShift CR that rewrites image pulls to a mirror. | §7.5 Nexus Endpoints |
| ITMS | ImageTagMirrorSet | OpenShift CR for tag-based mirror rewrites. | §7.5 Nexus Endpoints |
| IS | Identity Server | WSO2 IS — OIDC provider for lab services. | §7.1 Lab Endpoints |
| KV-v2 | Vault KV secrets engine, version 2 | Versioned key/value engine mounted at secret/. | §7.6 Vault Paths |
| LE | Let’s Encrypt | Public CA used for *.apps.sub.* and *.mon.sub.* wildcards. | §7.2 HAProxy, §7.9 Custody |
| LGTM | Loki + Grafana + Tempo + Mimir | Grafana Labs stack on the monitoring-0 sandbox. | §7.1 Lab Endpoints |
| MCG | Multicloud Object Gateway | NooBaa S3 backend on ODF. | §7.4 Object Storage |
| MCE | Multicluster Engine | ACM dependency on hub-dc-v6. | §7.7 Operator Version Lock |
| MR | Merge Request | GitLab equivalent of a pull request. | reference_platform_gitops_mr_path.md |
| OADP | OpenShift API for Data Protection | Velero-based backup operator. | §7.4 Object Storage |
| OBC | ObjectBucketClaim | NooBaa CR that provisions an S3 bucket inside the cluster. | §7.4 Object Storage, project_obc_to_operand_secret_bridge.md |
| OCP | OpenShift Container Platform | Red Hat’s Kubernetes distribution. | — |
| ODF | OpenShift Data Foundation | Ceph + NooBaa-based storage stack on spoke-dc-v6. | §7.4 Object Storage |
| OIDC | OpenID Connect | Auth protocol used by WSO2 IS for lab services. | §7.1, §7.9 |
| OLM | Operator Lifecycle Manager | OpenShift operator install/upgrade controller. | §7.7 Operator Version Lock |
| OSSM | OpenShift Service Mesh | Istio-based mesh; lab on OSSM 3 (servicemeshoperator3). | §7.7 |
| OTLP | OpenTelemetry Protocol | Telemetry shipping protocol (HTTP :4318, gRPC :4317). | §7.1 Lab Endpoints |
| PAT | Personal Access Token | GitLab user-scoped token; lab uses for MR creation + admin scripts. | §7.6, §7.9 |
| PDNS | PowerDNS | DNS server stack; authoritative 4.8.3 + recursor 4.9.3. | §7.3 PDNS |
| PROXY | HAProxy PROXY protocol | Loopback envelope used to carry client TLS info between binds. | §7.2 HAProxy |
| RBAC | Role-Based Access Control | Kubernetes / Vault permission model. | §7.6, §7.9 |
| RHACM | Red Hat Advanced Cluster Management | Same as ACM. | — |
| RHACS | Red Hat Advanced Cluster Security | StackRox; central in stackrox ns. | §7.9, reference_rhacs_init_bundle_via_api.md |
| RHOAI | Red Hat OpenShift AI | Currently deferred (see operator version lock deferred section). | §7.7 |
| SA | ServiceAccount | Kubernetes identity for in-cluster automation. | §7.6 Vault Paths |
| SBOM | Software Bill of Materials | Build artifact stored under developer-ci-evidence/sbom/. | §7.4 Object Storage |
| SCC | SecurityContextConstraints | OpenShift CR; lab uses default SCCs unless overridden. | — |
| SNI | Server Name Indication | TLS extension HAProxy uses to route by hostname before decrypting. | §7.2 HAProxy |
| SoT | Source of Truth | The repo / system that authoritatively holds desired state. | reference_gitops_sources.md |
| TLS | Transport Layer Security | Wire encryption; lab terminates at HAProxy with LE wildcard certs. | §7.2 HAProxy |
| UBI | Universal Base Image | Red Hat container base image (ubi9, ubi9-minimal). | §7.7 Operator Version Lock |
| VAP | ValidatingAdmissionPolicy | OpenShift policy CR for tenant exclusions. | vap-tenant-exclusions.md |
| VIP | Virtual IP | Floating IP, used for API + ingress on OpenShift clusters. | §7.8 Cluster Domains |
Lab-specific named concepts
| Term | Definition | See also |
|---|---|---|
hub-dc-v6 | Management OpenShift cluster running ACM, MCE, hub GitOps. | §7.1, §7.8 |
spoke-dc-v6 | Workload OpenShift cluster running ODF, app tenants, spoke GitOps. | §7.1, §7.8 |
dc-lab | Disconnected-rebuild environment name (the active lab build). | plans/disconnected-rebuild/environments/dc-lab/ |
mirror-registry.* | Nexus endpoint for OpenShift install / oc mirror content. | §7.5 |
docker-group.* | Nexus endpoint for developer base-image pulls (pull-through cache). | §7.5 |
app-registry.* | Nexus endpoint for CI app-image pushes. | §7.5 |
vm-tls | HAProxy loopback re-decrypt frontend (127.0.0.1:8443). | §7.2 |
vault-apps (SecretStore) | Per-tenant ESO SecretStore referencing apps-<cluster>-<division> Vault role. | §7.6, vault-app-secrets.md |
gitops-addon | ACM-shipped addon that installs OpenShift GitOps on managed clusters. | project_acm_gitops_addon_routes_crd.md |
pull model | ACM + OpenShift GitOps pattern: hub registers, spokes sync. | feedback_acm_gitops_pull_pattern.md |
Path B | Tekton-based image push path; per-tenant Quay robot pattern. | reference_quay_robot_token_convention.md |
See also
- §1 Foundations (terms in narrative context)
opp-full-plat/adr/(decision history)opp-full-plat/connection-details/(per-service operator detail)
Last regenerated from MEMORY.md and the §7 page set on this section.