This page provides definitions for Google Distributed Cloud (GDC) air-gapped terms.
A
- anchor zone
- A zone that is already part of the global control plane. This must be the zone that whose GitLab instance is used to apply infrastructure-as-code (IaC) changes to the deployment's global API. This concept was introduced through multi-zone deployments.
- API endpoint
- A service config aspect that specifies the network address, also known as a service endpoint. For example,
aiplatform.googleapis.com
. - Artifact registry
- A single place for your organization to manage system container images, operating system (OS) images for bootstrapping bare metal hosts, Debian packages and kernels for in-place OS upgrade, OS images for KubeVirt virtual machines that form a user cluster, and bundles to support Distributed Cloud services.
B
- backup site
- The site where backup data is being stored. For control plane disaster recovery, the backup site is not the site used to restore the data. For the recovery of workloads in the case of a disaster, this site may or may not be the site used to restore the data.
C
- cell config
- Set of YAML-formatted Kubernetes resource definitions that specify the initial Distributed Cloud configuration.
- cluster
- A set of nodes that run containerized applications. In Kubernetes, a cluster is a grouping of multiple nodes that runs containerized applications.
- ClusterSelector
- A
ClusterSelector
custom resource is a special type of config that uses Kubernetes label selectors. You can use aClusterSelector
custom resource to limit which clusters a particular config applies to, based on the cluster's labels. You can also use aClusterSelector
custom resource to limit which clusters instantiate a namespace-scoped object. - config
- A config is a Kubernetes configuration declaration written in YAML or JSON. To read and apply a config to a cluster to create or configure a Kubernetes object or resource in that cluster, Distributed Cloud uses Config Sync. Config Sync is an open source tool that lets Application Operators and Platform Administrators deploy consistent configurations and policies. A config contains configuration details you apply to a Kubernetes cluster using
kubectl edit
orkubectl apply
. You must store configs in a repository. - config sync
- A config sync lets Application Operators and Platform Administrators deploy consistent configurations and policies. You deploy these configurations and policies to individual Kubernetes clusters, and multiple namespaces within clusters.
- constraint
- A constraint is a set of rules and parameters that govern interaction with a Kubernetes cluster. By defining one or more constraints, Policy Controller lets you enforce a policy for a Kubernetes cluster. After a constraint is installed, requests to the API server are checked against the constraint and are rejected if they do not comply.
- constraint template
- A constraint template defines the schema and logic of the constraint. You source constraint templates from Google and third parties or write your own.
- constraint template library
- The constraint template library is a collection of prebuilt policies included with Policy Controller for common security and compliance controls.
- control plane
- A cluster's controlling unit, consisting of a set of components that schedule and manage workloads, communicate with clusters, and ensure that clusters are functioning. Control planes include the etcd key-value datastore, the Kubernetes API server, the scheduler, and the controller manager.
- custom resource
- A custom resource is an instance of a kind defined by a custom resource definition.
D
- deployment model for a workload
- A plan to deploy one or multiple instances of the workload, and how Distributed Cloud distributes those instances.
- data plane
- In networking, the data plane is where the action takes place. It includes forwarding tables, routing tables, Address Resolution Protocol (ARP) tables, queues, tagging, and re-tagging. The data plane carries out the commands of the control plane. In the data plane, the routers and switches use what the control plane built to dispose of incoming and outgoing frames and packets. Some get sent to another router, for example. Some might get queued up when congested. Some might get dropped if congestion gets poor.
G
- Google Distributed Cloud (GDC) air-gapped
- A Google Cloud product that delivers a managed software platform running on certified hardware to deliver Google Cloud services and other services.
- GDC rack
- A collection of physical servers deployed in a server rack.
- GDC instance
- Multi-rack deployment of all the hardware and software bundled together in Distributed Cloud. One instance might contain multiple organizations.
- GKE
- Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The GKE environment consists of multiple machines grouped together to form a cluster.
J
- joining zone
- The zone that is joining the global control plane. This concept was introduced through multi-zone deployments.
K
- Kubernetes-based workload
- A user workload that deploys Kubernetes
Pod
objects. The Application Operator creates pods that run on a single user cluster. - Kubernetes namespace
- A Kubernetes namespace helps different projects, teams, or customers share a Kubernetes cluster.
L
- long-running operation
- A long-running operation is a running program that takes a long time to complete. For some API calls, Vertex AI returns operation names. Use helper methods along with these operation names to get the status of or cancel a long-running operation. For example, creating a glossary is a long-running operation.
M
- management plane
- A service or API surface used to manage resources which host your data or workload. It represents service components that control the lifecycle of a resource such as create, read, update, and delete.
- multitenancy
- A conceptual state where multiple, logically unrelated applications are hosted on the same process or unit of execution that results in them sharing fate. Examples include multiple processes running on the same core, or multiple machine learning models served on the same binary.
N
- node
- A machine in a Kubernetes cluster. In the context of Distributed Cloud, a node is either a bare metal machine or a virtual machine. A node might run on VM-based workloads directly, or a node might be part of a cluster that runs Kubernetes-based workloads.
- node pool
- A node pool is a group of nodes within a cluster that all have the same configuration.
O
- organization
- A root resource for all resources a single customer owns. Each organization has a separate set of physical servers from other organizations in the same Distributed Cloud instance. An organization might contain multiple projects.
- org admin cluster
- A cluster that manages shared services for an organization. Each organization has exactly one org admin cluster. The org admin cluster is made up of bare metal nodes.
P
- project
- A logical grouping of related resources into a single access boundary. Multiple projects within an organization share the underlying compute, storage, and network resources. A project might contain workloads with multiple virtual machines or Kubernetes resources. One project aligns to one Kubernetes namespace. The namespace is reserved across the system cluster and any user clusters.
R
- root admin cluster
- A cluster used in the initial provisioning of the Distributed Cloud instance and for creating additional organizations. Only the Infrastructure Operator uses the root admin cluster, which is not tied to a specific customer organization and has dedicated hardware and virtual resources. The root admin cluster is made up of bare metal nodes.
S
- service
- A Kubernetes object that logically groups a set of pods and defines a policy by which to access them.
- single-tenancy
- A single instance of the software and supporting infrastructure that serves a single customer.
- Security information and event management (SIEM, SEM, and SIM)
- The real-time analysis of security alerts generated by network hardware and applications. Vendors sell SIEM as software, as appliances, or as managed services. These products are also used to log security data and generate reports for compliance purposes. This segment of security management deals with real-time monitoring, correlation of events, notifications, and console views.
- SKU
- A Stock Keeping Unit (SKU). In Distributed Cloud, a SKU represents a purchasable service, such as Object storage and Block storage. Each SKU is billable to you.
- source site
- The site that is having its data backed up. Use this data to recover from a disaster. This site may or may not be the site to which the backed up data is restored.
- StatefulSet
- A Kubernetes object meant for stateful applications. Pods managed by a
StatefulSet
object get a unique, permanent identity in their cluster. - system cluster
- A cluster composed of multiple bare metal nodes. Each organization has exactly one system cluster created when the organization is provisioned. VM-based workloads deploy to the system cluster.
U
- user cluster
- A cluster composed of multiple virtual machine nodes running on the system cluster. The Platform Administrator can provision multiple user clusters up to the available compute capacity. Kubernetes-based workloads deploy to a user cluster.
- user workloads
- Any custom code that the Application Operator deploys to Distributed Cloud. This can include VM-based workloads or Kubernetes-based workloads.
V
- VM-based workload
- A user workload that deploys to virtual machines (VM). The Application Operator creates VMs that run directly on the system cluster.