'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
Key terms
Definitions you will see across Loopback documentation, UI, and support tickets.
Identity & tenancy
Account
A person’s (or service user’s) login identity: email, password, 2FA/WebAuthn, optional account API keys for automation as that user.
Organization (tenant)
Billing, legal, verification, and data isolation boundary. Holds projects, DNS, bundle config, notification channels, etc.
Project
Grouping under an organization. Required parent for workspaces. May own object storage, load balancers, DNS zones, monitoring objects.
Membership
Link from account → organization, with assigned roles.
Role
Named bundle of permissions (permission keys) on org/project/workspace resources.
Workloads & environments
Workspace
Primary environment under a project:
- Kubernetes — dedicated control plane (Kamaji).
- Bare metal — server/network focus without that Kubernetes path.
Workspace API key
Secret for Loopback ↔ workspace integrations (e.g. in-cluster LB API). Not kubectl credentials.
Management cluster
Operator-run Kubernetes where Kamaji runs tenant control planes. Customers normally do not administer it.
Tenant control plane
Your Kubernetes API (Kamaji TenantControlPlane).
Compute provider type
Label such as hetzner_cloud or ionos_dcd selecting management pool for new Kubernetes workspaces and host provisioning backends.
Compute provider
Stored credentials + config for a cloud/dedicated API.
Compute profile
Productized server SKU (size, price, provider params) used when creating hosts.
Host
A machine in a workspace, ordered via a compute profile.
Scaling group
Desired fleet size for a profile; reconciliation adds/removes hosts.
Agents & access
Agent
Daemon on hosts; heartbeat, updates, command channel.
Agent token
Workspace-scoped install credential for the agent (bearer secret).
Shell session
Interactive remote shell to a host (high risk permission).
Kubernetes (user-facing)
Admin kubeconfig
Long-lived cluster-admin style access — break-glass.
OIDC kubeconfig
Uses kubectl oidc-login against platform-configured issuer; workspace id is OIDC client id.
Kubernetes application
Operator catalog entry (manifests/Helm) installed with ordering rules.
Prerequisite application
Catalog item applied before tenant API is fully ready (no worker dependency).
Bundle
Your Git repo → discover → build → deploy (often via Flux on parent cluster). Work in progress as a full product story.
Networking & edge
Project load balancer
Loopback-managed LB object under project scope.
Workspace load balancer
Same product object scoped to one workspace.
DNS record zone
Allowed hostname patterns for automated DNS (org/project/workspace scoped variants exist).
Network bridge
Plumbing between Loopback-managed networks (operator scenarios).
Storage & data
Object store
S3-compatible bucket with credentials & policy; reconciled for usage.
Observability
Monitoring object
Something probed (HTTP, SSL, K8s, host metrics, …).
Condition
Threshold / operator on a monitoring parameter.
Alert
Firing lifecycle record when conditions breach.
Notification channel
Org-level destination for alert notifications.
Monitoring source
Probe vantage point (agent-backed, external, …).
Operations
Reconciliation
Background job that converges desired DB state with clouds/Kubernetes/agents.
System task
Queued mutation (create workspace, upgrade K8s, deploy bundle, …).
Maintenance window
UTC weekday + hour when automated patching may run.
Update delivery
Staged agent/platform update rollout entity.