Glossary
DevOps, Kubernetes and sovereign cloud terms : defined plainly, by the Hidora team.
This glossary collects the concepts that come up most often in our conversations with Swiss technical teams: CI/CD, Kubernetes, observability, infrastructure as code, MSP, SLA, sovereign cloud. Each entry is written by Hidora DevOps engineers based on what we actually see in production at our clients. The goal isn't to rewrite official documentation, but to explain what genuinely matters when building or operating a cloud platform, with a particular focus on Swiss sovereignty constraints (FADP, GDPR), the patterns that work, and the ones that get expensive when applied wrong.
Air-gapped
An air-gapped infrastructure is physically isolated from any external network, including the internet. A security standard for critical and regulated environments.
ArgoCD
ArgoCD is a GitOps controller for Kubernetes that continuously synchronises cluster state with a Git repository. The reference tool for declarative delivery.
CI/CD (Continuous Integration / Continuous Delivery)
CI/CD is the automated pipeline that builds, tests and deploys code on every change, turning releases into a routine, repeatable operation.
Cilium
Cilium is an eBPF-based Kubernetes CNI plugin that handles pod networking, security policies and L7 observability. The de facto standard on recent production clusters.
DevOps
DevOps unifies development and IT operations to ship code faster and more reliably through automation, observability and shared ownership.
DRP (Disaster Recovery Plan)
The DRP is the documented plan to restore infrastructure and services after a major disaster. A mandatory pillar for regulated organisations in Switzerland.
Egress
Egress traffic is the outbound flow from a cluster or cloud to the outside. A major source of hidden costs and security risks on hyperscalers.
FinOps
FinOps is a discipline that brings financial accountability and collaboration between engineering, finance and product teams around variable cloud costs.
GitOps
GitOps is an operational method where Git becomes the single source of truth for the desired state of an infrastructure. An agent continuously reconciles production with the contents of the repository.
Grafana
Grafana is the standard open-source platform for visualising metrics, logs and traces. Interactive dashboards, unified alerting, multi-source data.
Helm
Helm is the Kubernetes package manager. It turns a multi-file application (Deployment, Service, Ingress, ConfigMap) into a single, parameterised and versioned chart.
Infrastructure as Code (IaC)
Infrastructure as Code describes servers, networks and policies in version-controlled files so they can be reviewed, replicated and rolled back.
Kubernetes
Kubernetes is an open-source container orchestrator that automates deployment, scaling and operation of containerised apps across server clusters.
MSP (Managed Service Provider)
An MSP runs parts of your IT for you, monitoring, incident response, patching and capacity planning, under a contractual SLA, freeing your team.
Multi-tenancy
Multi-tenancy is the hosting of multiple customers or teams on a shared infrastructure with strict logical isolation. The economic model of SaaS and internal platforms.
Observability
Observability is the ability to understand a system from its outputs, metrics, logs and traces, to answer questions you didn't know you'd ask.
Platform Engineering
Platform Engineering builds Internal Developer Platforms (IDPs) that industrialise the workflows of development teams: provisioning, deployment, observability, security.
Prometheus
Prometheus is the open-source monitoring and alerting system that became the de facto standard for Kubernetes environments. Pull model, time-series database, PromQL query language.
Rancher
Rancher is a multi-cluster Kubernetes management platform from SUSE. Unified interface, centralised RBAC, on-premise or cloud deployment.
RPO (Recovery Point Objective)
RPO is the maximum acceptable data loss after a disaster. The twin indicator of RTO in any recovery plan.
RTO (Recovery Time Objective)
RTO is the maximum acceptable duration of a service outage after a disaster. The central indicator of any business-continuity plan.
Service Mesh
A service mesh is an infrastructure layer dedicated to communication between microservices: routing, mTLS security, observability, resilience. Istio, Linkerd, Cilium.
SLA (Service Level Agreement)
A Service Level Agreement is a contract that quantifies the operational commitment between provider and customer, uptime, response time, and remedies.
Sovereign Cloud
A sovereign cloud is operated under a single jurisdiction's laws and physical control, data, keys and staff stay outside extraterritorial reach.
SRE (Site Reliability Engineering)
SRE is an engineering discipline that applies software practices to operational problems. Quantified reliability through SLOs, SLIs and error budgets.