|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * architecture/control-plane.adoc |
| 4 | +// * hosted-control-planes/index.adoc |
| 5 | + |
| 6 | + |
| 7 | +:_content-type: CONCEPT |
| 8 | +[id="hosted-control-planes-concepts-personas_{context}"] |
| 9 | += Glossary of common concepts and personas for hosted control planes |
| 10 | + |
| 11 | +When you use hosted control planes for {product-title}, it is important to understand its key concepts and the personas that are involved. |
| 12 | + |
| 13 | +[id="hosted-control-planes-concepts_{context}"] |
| 14 | +== Concepts |
| 15 | + |
| 16 | +hosted cluster:: An {product-title} API endpoint for the tenant cluster that is managed by the HyperShift Operator. |
| 17 | + |
| 18 | +hosted cluster infrastructure:: Network, compute, and storage resources that exist in the tenant or end-user cloud account. |
| 19 | + |
| 20 | +hosted control plane:: An {product-title} control plane that runs on the management cluster, which is exposed by the API endpoint of a hosted cluster. The components of a control plane include etcd, the Kubernetes API server, the Kubernetes controller manager, and a VPN. |
| 21 | + |
| 22 | +hosting cluster:: See _management cluster_. |
| 23 | + |
| 24 | +management cluster:: An {product-title} cluster where the HyperShift Operator is deployed and where the control planes for tenant clusters are hosted. The management cluster is synonymous with the _hosting cluster_. |
| 25 | + |
| 26 | +management cluster infrastructure:: Network, compute, and storage resources of the management cluster. |
| 27 | + |
| 28 | +[id="hosted-control-planes-personas_{context}"] |
| 29 | +== Personas |
| 30 | + |
| 31 | +cluster instance administrator:: Users who assume this role are the equivalent of administrators in standalone {product-title}. This user has the `cluster-admin` role in the provisioned cluster, but might not have power over when or how the cluster is updated or configured. This user might have read-only access to see some configuration projected into the cluster. |
| 32 | + |
| 33 | +cluster instance user:: Users who assume this role are the equivalent of developers in standalone {product-title}. This user does not have a view into OperatorHub or machines. |
| 34 | + |
| 35 | +cluster service consumer:: Users who assume this role can request control planes and worker nodes, drive updates, or modify externalized configurations. Typically, this user does not manage or access cloud credentials or infrastructure encryption keys. The cluster service consumer persona can request hosted clusters and interact with node pools. Users who assume this role have RBAC to create, read, update, or delete hosted clusters and node pools within a logical boundary. |
| 36 | + |
| 37 | +cluster service provider:: Users who assume this role typically have the `cluster-admin` role on the management cluster and have RBAC to monitor and own the availability of the HyperShift Operator as well as the control planes for the tenant's hosted clusters. The cluster service provider persona is responsible for several activities, including the following examples: |
| 38 | +** Owning service-level objects for control plane availability, uptime, and stability |
| 39 | +** Configuring the cloud account for the management cluster to host control planes |
| 40 | +** Configuring the user-provisioned infrastructure, which includes the host awareness of available compute resources |
| 41 | + |
| 42 | + |
| 43 | + |
0 commit comments