Loopback.Cloud
Documentation
DocumentationGlossary

Key terms

Definitions you will see across Loopback documentation, UI, and support tickets.

Identity & tenancy

Account
A person’s login identity: email, password, 2FA/WebAuthn, plus optional account API keys when automation should act with the same rights as that person.

Organization (tenant)
Billing, legal, verification, and data isolation boundary. Holds projects, DNS, bundle config, notification channels, etc.

Project
Grouping under an organization. Required parent for workspaces. May own object storage, load balancers, DNS zones, monitoring objects.

Membership
Link from accountorganization, with assigned roles.

Role
Named bundle of allow rules on org/project/workspace resources.

Workloads & environments

Workspace
Primary environment under a project:

  • Kubernetes - dedicated control plane (Kamaji).
  • Bare metal - server/network focus without that Kubernetes path.

Workspace API key
Secret for Loopback ↔ workspace integrations (e.g. in-cluster LB API). Not kubectl credentials.

Management cluster
Operator-run Kubernetes where Kamaji runs tenant control planes. Customers normally do not administer it.

Tenant control plane
Your Kubernetes API (Kamaji TenantControlPlane).

Compute provider type
Label such as hetzner_cloud or ionos_dcd selecting management pool for new Kubernetes workspaces and host provisioning backends.

Compute provider
Stored credentials + config for a cloud/dedicated API.

Compute profile
Productized server SKU (size, price, provider params) used when creating hosts.

Host
A machine in a workspace, ordered via a compute profile.

Scaling group
Desired fleet size for a profile; reconciliation adds/removes hosts.

Agents & access

Agent
Daemon on hosts; heartbeat, updates, command channel.

Agent token
Workspace-scoped install credential for the agent (bearer secret).

Shell session
Interactive remote shell to a host (high risk permission).

Kubernetes (user-facing)

Admin kubeconfig
Long-lived cluster-admin style access - break-glass.

OIDC kubeconfig
Uses kubectl oidc-login against platform-configured issuer; workspace id is OIDC client id.

Kubernetes application
Operator catalog entry (manifests/Helm) installed with ordering rules.

Prerequisite application
Catalog item applied before tenant API is fully ready (no worker dependency).

Bundle
Your Git repo → discover → build → deploy (often via Flux on parent cluster). Work in progress as a full product story.

Networking & edge

Project load balancer
Loopback-managed LB object under project scope.

Workspace load balancer
Same product object scoped to one workspace.

DNS record zone
Allowed hostname patterns for automated DNS (org/project/workspace scoped variants exist).

Network bridge
Plumbing between Loopback-managed networks (operator scenarios).

Storage & data

Object store
S3-compatible bucket with credentials & policy; reconciled for usage.

Networking

Managed network
A Loopback-managed overlay Loopback creates for a workspace when managed networking is enabled on that workspace template. Drives WireGuard mesh automation.

WireGuard mesh
Full peer-to-peer overlay between hosts in a network; configuration is applied by the agent from platform-generated material.

Network bridge
Links two networks in the same organization so peers from both meshes are stitched together by mesh reconciliation.

Firewall / firewall rule
Policy object with ordered allow/deny rules; may be organization or workspace scoped and layered with host attachments.

Observability

Monitoring object
Something probed (HTTP, SSL, K8s, host metrics, …).

Condition
Threshold / operator on a monitoring parameter.

Alert
Firing lifecycle record when conditions breach.

Notification channel
Org-level destination for alert notifications.

Monitoring source
Probe vantage point (agent-backed, external, …).

Operations

Control API
Public HTTP surface: auth, RBAC, persistence, and enqueue of async work. See Platform architecture.

Execution worker
Runs long pipelines (for example workspace creation, catalog deploy, bundle build). Same page as above.

Reconciliation scheduler
Runs scheduled and event-driven alignment for many entity types (hosts, workspaces, DNS, monitoring, …). See Reconciliation.

Reconciliation
The idea behind those jobs: converge declared platform configuration with clouds, Kubernetes, agents, and DNS providers.

System task
Queued mutation (create workspace, upgrade K8s, deploy bundle, …).

Maintenance window
UTC weekday + hour when automated patching may run.

Update delivery
Staged agent/platform update rollout entity.

Application delivery

Bundle
Git-linked application definition: connect repo → discover → build image → deploy to a Kubernetes workspace with revision history. See Bundles and Application delivery deep dive.

Revision (bundle)
Immutable point in time for a bundle (commit + build outputs + readiness).

Environment (bundle)
Binding of a bundle to a target workspace with environment-specific manifest material.

Agent & edge

Agent
On-host daemon: mesh, optional modules, metrics, updates. See Agent and fleet management.

Agent module
Optional add-on delivered beside the core agent (for example host-integrated firewall). See Agent modules.

Host firewall (eBPF / LBFW)
High-performance Linux eBPF firewall module on managed hosts. See Host firewall (eBPF).

Loopback.Cloud
© Loopback.Cloud. All rights reserved.