Amazon Web Services is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.


Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Certificate Manager#

cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.


CoCalc is a web-based platform for creating, editing, and collaborating on Jupyter Notebooks, LaTeX documents, Linux Terminals, and more.


A Kubernetes container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. See Container for more information.

Deployment Hook#

HELM Deployment Hooks are used to run a job before or after a deployment.

Device Plugin#

A Device Plugin is a plugin that enables Kubernetes to manage hardware resources like GPUs.

Docker Credentials#

In Kubernetes, it is possible to configure a secret, that contains the credentials for a private Docker registry. See Docker Credentials for more information.

Docker Images#

Docker images are a way to deliver software in packages and run them in containers. See Docker for more information.


Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. See Git for more information.

Google Cloud Storage#

Google Cloud Storage is a unified object storage for developers and enterprises, from live data serving to data analytics/ML to data archiving.

Google Compute Platform#

Google Compute Platform is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube.


A GPU is a specialized hardware, coming from the graphics card industry, that is used for general purpose computation. To make it useful in a Kubernetes cluster, it needs to be exposed to the cluster as a device plugin and then be requested by a pod. See NVIDIA GPU for more information.


Helm is kind of a package manager for Kubernetes. Those “packages” are organized as HELM Charts.

HELM Charts#

A Helm Chart is a collection of files that describe a related set of Kubernetes resources.

HELM Diff#

Helm Diff is a Helm plugin that shows a diff explaining what a helm upgrade would change.

HELM sub-charts and global values#

Helm sub-charts and global values help organizing larger sets of charts. Globals are used to share values between charts. See Subcharts and Globals for more information. Any value can be set from a single central configuration file of yours.

Home Directory#

In Linux and other Unix-like operating systems, a home directory is a directory where a user’s personal files are stored. It’s usually in /home/<username>. Specific to CoCalc, the username is user and has the UID/GUI 2001:2001.


Ingress is a collection of rules that allow inbound connections to reach their corresponding cluster service endpoints.

Ingress TLS#

Ingress TLS configures the TLS keys and certificates to use for the Ingress.

Jupyter Notebook#

Jupyter Notebooks are documents that contain both computer code (e.g. Python) and rich text elements (text, equations, links, etc…). CoCalc’s Jupyter Notebooks are collaborative, record all changes, and can be shared – internally or externally – very easily.


Kubectl is the Kubernetes command-line tool, which allows you to run commands against Kubernetes clusters. See Kubectl for more information.

Kubectl Aliases#

Kubectl Aliases is a collection of useful aliases for kubectl.


Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. See Kubernetes for more information.

Kubernetes Jobs#

A Kubernetes Job creates one or more Pods and ensures that a specified number of them successfully terminate. HELM test will show you a summary of running these jobs.


Kustomize is a tool that allows you to customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is. It is capable of rendering HELM charts as well. See Kustomize for more information.

Leaky Abstraction#

A Leaky Abstraction is a term used to describe a situation where the abstraction provided by a system is not complete, and the user of the system must be aware of the details of the underlying system in order to use – and debug – it effectively.

Let’s Encrypt#

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. See Let’s Encrypt for more information.


Linux is a family of open-source POSIX-compliant Unix-like operating systems based on the Linux kernel.


A cluster service, that exposes an application running on a set of Pods as a network service. See LoadBalancer for more information.


MetalLB is a load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols. See MetalLB for more information.


Minikube is a tool that makes it easy to run Kubernetes locally.


A NetworkPolicy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.


Network File System (NFS) is a distributed file system protocol that allows you to mount remote directories and access them as though they were local. See NFS for more information.

NGINX Ingress Controller#

An Ingress controller that uses NGINX as the load balancer. See NGINX Ingress Controller for more information.


Node.js is an open-source, cross-platform, back-end JavaScript runtime environment that runs on the V8 engine and executes JavaScript code outside a web browser.


On-premises software is software that is installed on a computer or server within a company’s network, rather than being hosted externally by a cloud computing provider.

overcommit ratio#

An overcommit ratio is the ratio of the total amount of resources that are available to the total amount of resources that are requested.


A Kubernetes PersistentVolume (PV) is a piece of storage in the cluster.


A Kubernetes PersistentVolumeClaim (PVC) is a request for storage of a PersistentVolume.


A Kubernetes Pod is a group of one or more containers, with shared storage/network, a specification for how to run the containers. A Pod’s contents are always co-located and co-scheduled.

Pod Disruption Budget#

A Pod Disruption Budget is an object that limits the number of pods of a replicated application that are down simultaneously from voluntary disruptions.


POSIX is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. Linux is a POSIX-compliant operating system.


PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. See PostgreSQL for more information.


A PriorityClass defines a mapping from a priority class name to the integer value of the priority.


A Kubernetes access mode that allows a filesystem to be mounted as read-write by many nodes.


SAML is an XML-based standard for exchanging authentication and authorization data between security domains. This allows you to tie accounts from your identity provider (e.g. Google Workspaces or Microsoft’s Azure Active Directory) to this instance of CoCalc.


A Secret is an object stored in Kubernetes that contains a small amount of sensitive data such as a password, a token, or a key.


A ServiceAccount is an account that is used by a pod to access the Kubernetes API.

Single Page Application#

A Single Page Application is a web application or web site that fits on a single web page with the goal to provide a more fluid user experience similar to a desktop application. CoCalc‘s main user interface is an example of that, using a WebSocket connection to the server.

SMTP server#

An SMTP server is a computer program or an email server that accepts and forwards email messages to other email servers.


A snapshot of a filesystem is essentially a frozen “picuture” of a volume’s data taken at a point in time.

sourcing a script#

“sourcing a script” in Bash means to execute the commands in the script in the current shell environment instead of creating a new shell environment for the script. The syntax is source <script> or . <script>.


Sqlite3 is a relational database management system contained in a C library. In contrast to other database management systems, it is not a separate process that is accessed from the client application, but an integral part of it.


SSHFS is a filesystem client based on the SSH File Transfer Protocol. It allows you to mount a remote filesystem using SFTP and interact with it as though it were a local filesystem.


A Kubernetes Storage Class is a way to specify, how a request for a persistent volume is handled, i.e. which kind of storage backend is used.


A Kubernetes node taint is a property that you apply to a node. A taint is a key-value pair that you can use to define a node’s special characteristics. See Taints and Tolerations for more information.


TimeTravel in CoCalc is a feature that allows you to go back in time to a previous version of a file or directory. It’s similar to the Time Machine feature in MacOS.


A POSIX filesystem has two types of identifiers for files and directories: the user ID (UID) and the group ID (GID).


A universally unique identifier (UUID) is a 128-bit number used to identify information in computer systems. See UUID for more information.


A VPN is a private network that extends across a public network, such as the Internet.


A WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. It’s commonly used for Single Page Applications.


YAML is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.


Your mileage may vary.