Last update: 27 September 2019

This glossary provides terms and definitions for IBM Cloud Pak® for Multicloud Management.

The following cross-references are used in this glossary:



air gap

A security measure that consists of a physical and wireless separation between an isolated computer or network and any computer or network that is directly or indirectly connected to the internet or other insecure network.

air gap environment

A network environment that does not have internet access.

API key

A unique code that is passed to an API to identify the calling application or user. An API key is used to track and control how the API is being used, for example, to prevent malicious use or abuse of the API.


One or more computer programs or software components that provide a function in direct support of a specific business process or processes.


See application log.

audit log

A log file containing a record of system events and responses.

availability zone

An operator-assigned, functionally independent segment of network infrastructure.


boot node

A node that is used for running installation, configuration, node scaling, and cluster updates.


A collection of scripts that provide framework and runtime support for apps.



A centralized location that can be used to browse for and install packages in a cluster.


A custom resource definition that points to repositories where Kubernetes resources are stored, such as a namespace, object store, or Helm repository. Channels use deployable resources to represent stored Kubernetes resources and Helm charts.


A set of resources, worker nodes, networks, and storage devices that keep apps highly available and ready to deploy in containers.


A system construct that allows users to simultaneously run separate logical operating system instances. Containers use layers of file systems to minimize image sizes and promote reuse. See also image, layer, registry.

container image

In Docker, stand-alone, executable software, including code and system tools, that can be used to run an application.

container orchestration

The process of managing the lifecycle of containers, including provisioning, deployment, and availability.



A Kubernetes resource that contain templates that wrap other Kubernetes resources to be deployed. A deployable is also used to represent Helm charts.


A process that retrieves the output of a build, packages the output with configuration properties, and installs the package in a pre-defined location so that it can be tested or run.


A software methodology that integrates application development and IT operations so that teams can deliver code faster to production and iterate continuously based on market feedback.


An open platform that developers and system administrators can use to build, ship, and run distributed applications.


ELK stack

The three products, Elasticsearch, Logstash, and Kibana, that comprise a stack of tools that stream, store, search, and monitor data, including logs.


A network destination address that is exposed by Kubernetes resources, such as services and ingresses.


A package that contains a deployment process and its required scripts and files.


fault tolerance

The ability of a system to continue to operate effectively after the failure of a component part. See also high availability.



An open source analytics and visualization platform to monitor, search, analyze, and visualize metrics.



See high availability.

Helm chart

A Helm package that contains information for installing a set of Kubernetes resources into a Kubernetes cluster.

Helm release

An instance of a Helm chart that runs in a Kubernetes cluster.

Helm repository

A collection of charts.

high availability (HA)

The ability of IT services to withstand all outages and continue providing processing capability according to some predefined service level. Covered outages include both planned events, such as maintenance and backups, and unplanned events, such as software failures, hardware failures, power failures, and disasters. See also fault tolerance.

hybrid cloud

A cloud computing environment that consists of multiple public and private resources.


IBM Certified Container

Enterprise-grade containerized software that is built with open standards and integrated with platform services for management and lifecycle operations.

IBM Cloud Pak

A package of one or more enterprise-grade, secure, and lifecycle-managed IBM Certified Container offerings that are packaged together and integrated in the IBM Cloud Private environment.


A file system and its execution parameters that are used within a container runtime to create a container. The file system consists of a series of layers, combined at runtime, that are created as the image is built by successive updates. The image does not retain state as the container executes. See also container, layer, registry.

image manager

A centralized location for managing images inside a cluster.

inception container

See installer container.


A collection of rules to allow inbound connections to the Kubernetes cluster services.


The process of confining workload deployments to dedicated virtual and physical resources to achieve multi-tenancy support.

isolation segment

A division that can be used to separate applications as if they were in different deployments without the need for redundant management and network complexity.


Open technology that provides a way for developers to seamlessly connect, manage and secure networks of different microservices, regardless of platform, source, or vendor.



In IBM Multicloud Manager, the agent that is responsible for a single Kubernetes cluster.


An open-source orchestration tool for containers.



A changed version of a parent image. Images consist of layers, where the changed version is layered on top of the parent image to create the new image. See also container, image.

load balancer

Software or hardware that distributes workload across a set of servers to ensure that servers are not overloaded. The load balancer also directs users to another server if the initial server fails.


machine type (MT)

A configuration that is used to instantiate a virtual machine.

management console

The graphical user interface for IBM Cloud Private.

management logging service

An ELK stack that is used to collect and store all Docker-captured logs.

management node

An optional node that only hosts management services such as monitoring, metering, and logging and can be used to prevent the master node from becoming overloaded.


A list of enabled services from which users can provision resources.

master node

A node that provides management services and controls the worker nodes in a cluster. Master nodes host processes that are responsible for resource allocation, state maintenance, scheduling, and monitoring.


A network topology in which devices are connected with many redundant interconnections between network nodes. Every node has a connection to every other node in the network.


An end-to-end, cloud-native solution for creating, building, testing, and deploying applications.


A set of small, independent architectural components, each with a single purpose, that communicate over a common lightweight API.


A lightweight, Amazon S3-compatible object storage server that can be used for storing unstructured data such as photos, videos, log files, backups, VMs, and container images.


See machine type.


A cloud computing model in which an enterprise uses a combination of on-premises, private cloud, and public cloud architecture.



A virtual cluster within a Kubernetes cluster that can be used to organize and divide resources across multiple users.

Network File System (NFS)

A protocol that allows a computer to access files over a network as if they were on its local disks.


See Network File System.


persistent volume

Networked storage in a cluster that is provisioned by an administrator.

persistent volume claim

A request for cluster storage.

placement policy

A policy that defines where the application components should be deployed and how many replicas there should be.

placement rule

A rule that defines the target clusters where subscriptions are delivered.


A group of containers that are running on a Kubernetes cluster. A pod is a runnable unit of work, which can be a either a stand-alone application or a microservice.

pod security policy

A policy that is used to set up cluster-level control over what a pod can do or what it can access.

private cloud

A cloud computing environment in which access is limited to members of an enterprise and partner networks. See also public cloud.


An open source systems monitoring and alerting toolkit.

proxy node

A node that transmits external requests to the services that are created inside a cluster.

public cloud

A cloud computing environment in which access to standardized resources, such as infrastructure, multi-tenant hardware, and services, is available to subscribers on a pay-per-use basis. See also private cloud.



See role-based access control.


A public or private container image storage and distribution service. See also container, image.


See repository.

repository (repo)

A persistent storage area for data and other application resources.


A physical or logical component that can be provisioned or reserved for an application or service instance. Examples of resources include database, accounts, and processor, memory, and storage limits.

role-based access control (RBAC)

The process of restricting integral components of a system based on user authentication, roles, and permissions.


service broker

A component of a service that implements a catalog of offerings and service plans, and interprets calls for provisioning and deprovisioning, binding and unbinding.

service mesh

In Istio, an infrastructure layer that allows microservices to interact and communicate.

Solution Pak

See IBM Cloud Pak.


A set of definitions that identify deployables within channels by using annotations, labels and versions. Then, the subscription places the deployables (template or referenced Helm chart) on the subscribed target clusters.



See Transformation Advisor.


An entity that groups users and resources.

Transformation Advisor (TA)

A developer tool that is used to evaluate on-premises Java EE apps for deployment to the cloud.


worker node

In a cluster, a physical or virtual machine that carries the deployments and services that make up an app.


A collection of virtual servers that perform a customer-defined collective purpose. A workload generally can be viewed as a multitiered application. Each workload is associated with a set of policies that define performance and energy consumption goals.