'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
User-accessible resource inventory (A–Z)
Flat checklist of product objects and capabilities a customer may have permission to use. Exact UI labels vary; this mirrors route modules and permission keys in the codebase.
Account (personal)
- Profile, password, 2FA, WebAuthn
- Account API keys (automation as user)
- Login / recovery
Organization
- Organization profile & status visibility
- Projects (list, create, open)
- Memberships & invites
- Roles (custom RBAC)
- Authentication providers (IdP for Loopback login)
- Payment methods
- Invoices & cost summaries
- Domains
- DNS records & DNS record zones (org scope)
- Network bridges
- Monitoring sources
- Notification channels
- Bundles: repositories, bundles, environments, manifests, cluster resources, revisions, deployments, operations (build/deploy/discover)
- GitHub / GitLab OAuth setup for bundles
Project
- Project metadata & billing hints
- Object storage (buckets, credentials, policies) — v2/v3 API families
- Load balancers, targets, services (project scope)
- DNS zones (project scope)
- Monitoring objects, conditions, states, alerts
- Bundle environments / revisions (project-scoped navigation helpers)
Workspace
- Workspace CRUD & metadata
- Kubernetes workspace: version, upgrade list, upgrade trigger
- Kubeconfig (admin) & OIDC kubeconfig & OIDC settings
- Kubernetes API proxy: cluster summary, nodes, ingress, LB services, Helm releases, volumes, cordon/uncordon/drain
- Kubernetes events & deployments listings
- Kubernetes secrets (portal) — permission gated
- Maintenance schedule & toggles (OS + Kubernetes patches)
- Transfer workspace to another project
- Compute profiles listing (with pricing overrides)
- Hosts (list paginated, create, lifecycle ops)
- Host: power, firewalls, LB fabric hooks (WGLB/LBFW)
- Scaling groups
- Agent tokens (mint/list/revoke)
- Shell sessions to hosts
- Firewalls & firewall rules (workspace — may be environment gated)
- Load balancers, targets, services (workspace scope)
- DNS zones (workspace scope)
- Workspace API key (used by platform integrations; not kubectl)
Platform software catalog
- Kubernetes applications (operator/admin — catalog CRUD & revisions)
- Customer consumption of catalog via cluster state (see workspace provisioning doc)
Cross-cutting
- Agents: install script download, binary updates (system routes)
- Monitoring parameters registry (system)
- Ecosystems / service providers / compute providers (often operator-tuned; some org routes)
Explicitly operator / system (typically not tenant)
- Organization admin, internal billing engines, render manifests, build credentials, deployment status internals, POC health aggregates