Glossary
Plesk/LAMP vocabulary on the left, Kubernetes/GitOps equivalent on the right, in alphabetical order.
| Term (old world) | Term (new world) | Notes |
|---|---|---|
.htaccess | Ingress/IngressRoute annotation | Rewrites, redirects, auth — all live in the Ingress resource |
| Apache/nginx vhost | Ingress + Service | Ingress owns the hostname, Service owns the routing to pods |
| Auto-scaling (never had it in Plesk) | KEDA ScaledObject + cluster-autoscaler | KEDA scales pods, autoscaler scales nodes |
| Backup (mysqldump on a cron) | Backup + PhysicalBackup CRs (mariadb-operator) | Scheduled via CR, uploads to S3 bucket ecn-private/wecare/mariadb-*-backup/ |
| cPanel / Plesk web UI | ArgoCD web UI + Grafana + Google Chat alerts | Spread across tools, each specialising |
| Cron job | CronJob resource | Same schedule syntax (0 4 * * *) |
| Database (self-hosted MySQL) | MariaDB CR (mariadb-operator) | Primary + replica, MaxScale in front, operator-managed |
Disk space on /var/www/ | PersistentVolumeClaim ("PVC") | Per-workload, attached to a specific pod/StatefulSet |
| DNS records (in panel) | Cloudflare DNS + Cloudflared tunnel | DNS in Cloudflare dashboard, internal routing via tunnel |
| FTP upload of new code | New image tag pushed to registry + commit to manifests repo | ArgoCD syncs, pods roll automatically |
| Hostname | Ingress spec.rules[].host | e.g. www.wecare.gr |
| Let's Encrypt (Plesk button) | cert-manager with DNS01 challenge via Cloudflare | Renewals fully automatic |
Logs (tail -f /var/log/...) | kubectl logs -f + Loki in Grafana | See Check app status |
| memcached/Redis (on same box as app) | RedisReplication CR + Sentinel (opstree redis-operator) | Separate pods with master/replica failover |
| Password (stored in panel DB) | Kubernetes Secret, encrypted via Sealed Secrets | See Secrets & Bitwarden |
| PHP config (Plesk UI) | ConfigMap mounted as php.ini | Edit YAML, commit, pods restart automatically via Reloader |
| phpMyAdmin (web UI) | kubectl exec into MariaDB pod + mysql CLI, or port-forward the (usually disabled) phpmyadmin deployment | Direct UI is offline by default for security |
| Process manager (supervisord) | Deployment + StatefulSet controllers | K8s restarts pods that die |
| Provisioning a new customer site | Client onboarding via the client-onboarder Claude agent | See Add a client |
| Raw disk volume | PersistentVolume ("PV") | K8s-level abstraction; PVCs claim PVs |
| Reboot the server | Drain node → reboot → uncordon | kured handles this automatically; Terraform node-replace if replacing the VM outright. The legacy reboot.yml Ansible playbook is a fallback. See Reboot & patch |
| Restart Apache | kubectl rollout restart deploy/<name> (imperative) or edit ConfigMap → Reloader auto-restarts | Rare — usually not needed |
| Root password | kubeconfig + Bitwarden | No literal "root" on a node; cluster access is via kubeconfig |
| Running process | Pod | Smallest unit K8s schedules |
Service status (systemctl status) | kubectl get pods + kubectl describe pod | See Check app status |
| Shared server | Kubernetes cluster | Instead of one box, a fleet |
| SSH into server | kubectl exec -it <pod> -- sh | Only inside a pod; no literal SSH |
| Staging site | A separate overlay (kustomize) or separate namespace | We use both patterns depending on app |
System update (apt update && apt upgrade) | kured (automated); legacy apt_update_and_upgrade.yml Ansible playbook as last-resort fallback | Fully automatic in normal operation |
| Traffic spike → upgrade plan | KEDA scales pods, cluster-autoscaler creates more nodes | Happens on its own; see Scale the cluster |
| Uptime monitoring (external ping) | Blackbox-exporter → Probe CR → Prometheus → Alertmanager → Google Chat | See External probes |
| Virtual host config file | Ingress YAML + sometimes an nginx sidecar ConfigMap | We have both — nginx sits in front of PHP-FPM inside the pod |
| What's running on the box? | kubectl get pods -A (across all namespaces) | Shows the fleet-wide view |
Kubernetes-native terms (things Plesk didn't have)
| Term | Plain English |
|---|---|
| Pod | One running "thing" — 1-N containers together |
| Deployment | "Keep N copies of this pod running" |
| StatefulSet | Like a Deployment, but each pod has a stable identity and its own disk (for databases) |
| Service | Stable network address for a set of pods |
| Ingress | Public URL → Service routing |
| Namespace | Folder of related resources |
| ConfigMap | Key/value blob mounted into pods as files or env vars |
| Secret | Like ConfigMap, but encrypted at rest |
| CRD | "Custom Resource Definition" — a new kind of resource added by an extension |
| Operator | A program that watches a CRD and reconciles reality to match |
| Sidecar | A secondary container in a pod that does something auxiliary (metrics, log shipping, proxy) |
| Labels / Selectors | How one resource finds another. Everything uses them |
| Finalizer | A "wait, don't delete me until I clean up" hook |
| Taint / Toleration | "This node repels pods" / "This pod is OK with that node's repellent" — used to dedicate nodes per tenant |
| Affinity / Anti-affinity | "Prefer/avoid landing on pods with these labels" |
| GitOps | The repo is the source of truth; a controller reconciles the cluster to it |
| Self-heal (ArgoCD) | ArgoCD reverts manual changes back to what the repo says |
| Sync wave (ArgoCD) | Ordering hint — lower waves apply first |
| ignoreDifferences (ArgoCD) | "Treat these fields as managed externally, don't revert them" |
Further reading
- Kubernetes primer for the seven concepts deeper
- From Plesk to Kubernetes for the conceptual switch
- Official: https://kubernetes.io/docs/reference/glossary/