8.8 KiB
Glossary
Core Concepts
Agent
A software component installed on deployment targets that receives and executes deployment tasks. Agents communicate with the orchestrator via mTLS and execute deployments locally on the target.
Approval
A human decision to authorize a promotion request. Approvals may require multiple approvers and enforce separation of duties.
Approval Policy
Rules defining who can approve promotions to specific environments, including required approval counts and SoD requirements.
Blue-Green Deployment
A deployment strategy using two identical production environments. Traffic switches from "blue" (current) to "green" (new) after validation.
Canary Deployment
A deployment strategy that gradually rolls out changes to a small subset of targets before full deployment, allowing validation with real traffic.
Channel
A version stream for components (e.g., "stable", "beta", "nightly"). Each channel tracks the latest compatible version.
Component
A deployable unit mapped to a container image repository. Components have versions tracked via digest.
Compose Lock
A Docker Compose file with all image references pinned to specific digests, ensuring reproducible deployments.
Connector
A plugin that integrates Release Orchestrator with external systems (registries, CI/CD, notifications, etc.).
Decision Record
An immutable record of all gate evaluations and conditions considered when making a promotion decision.
Deployment Job
A unit of work representing the deployment of a release to an environment. Contains multiple deployment tasks.
Deployment Task
A single target-level deployment operation within a deployment job.
Digest
A cryptographic hash (SHA-256) that uniquely identifies a container image. Format: sha256:abc123...
Drift
A mismatch between the expected deployed version (from version sticker) and the actual running version on a target.
Environment
A logical grouping of deployment targets representing a stage in the promotion pipeline (e.g., dev, staging, production).
Evidence Packet
An immutable, cryptographically signed record of deployment decisions and outcomes for audit purposes.
Freeze Window
A time period during which deployments to an environment are blocked (e.g., holiday code freeze).
Gate
A checkpoint in the promotion workflow that must pass before deployment proceeds. Types include security gates, approval gates, and custom policy gates.
Promotion
The process of moving a release from one environment to another, subject to gates and approvals.
Release
A versioned bundle of component digests representing a deployable unit. Releases are immutable once created.
Rolling Deployment
A deployment strategy that updates targets in batches, maintaining availability throughout the process.
Rollback
The process of reverting to a previous release version when a deployment fails or causes issues.
Security Gate
An automated gate that evaluates security policies (vulnerability thresholds, compliance requirements) before allowing promotion.
Separation of Duties (SoD)
A security principle requiring that the person who requests a promotion cannot be the same person who approves it.
Step
A single unit of work within a workflow template. Steps have types (deploy, approve, notify, etc.) and can have dependencies.
Target
A specific deployment destination (host, service, container) within an environment.
Tenant
An isolated organizational unit with its own environments, releases, and configurations. Multi-tenancy ensures data isolation.
Version Map
A mapping of image tags to digests for a component, allowing tag-based references while maintaining digest-based deployments.
Version Sticker
Metadata placed on deployment targets indicating the currently deployed release and digest.
Workflow
A DAG (Directed Acyclic Graph) of steps defining the deployment process, including gates, approvals, and verification.
Workflow Template
A reusable workflow definition that can be customized for specific deployment scenarios.
Module Abbreviations
| Abbreviation | Full Name | Description |
|---|---|---|
| INTHUB | Integration Hub | External system integration |
| ENVMGR | Environment Manager | Environment and target management |
| RELMAN | Release Management | Component and release management |
| WORKFL | Workflow Engine | Workflow execution |
| PROMOT | Promotion & Approval | Promotion and approval handling |
| DEPLOY | Deployment Execution | Deployment orchestration |
| AGENTS | Deployment Agents | Agent management |
| PROGDL | Progressive Delivery | A/B and canary releases |
| RELEVI | Release Evidence | Audit and compliance |
| PLUGIN | Plugin Infrastructure | Plugin system |
Deployment Strategies
| Strategy | Description |
|---|---|
| All-at-once | Deploy to all targets simultaneously |
| Rolling | Deploy in batches with availability |
| Canary | Gradual rollout with metrics validation |
| Blue-Green | Parallel environment with traffic switch |
Status Values
Promotion Status
| Status | Description |
|---|---|
pending |
Promotion created, not yet evaluated |
pending_approval |
Waiting for human approval |
approved |
Approved, ready for deployment |
rejected |
Rejected by approver |
deploying |
Deployment in progress |
completed |
Successfully deployed |
failed |
Deployment failed |
cancelled |
Cancelled by user |
Deployment Job Status
| Status | Description |
|---|---|
pending |
Job created, not started |
preparing |
Generating artifacts |
running |
Tasks executing |
completing |
Verifying deployment |
completed |
Successfully completed |
failed |
Deployment failed |
rolling_back |
Rollback in progress |
rolled_back |
Rollback completed |
Agent Status
| Status | Description |
|---|---|
online |
Agent connected and healthy |
offline |
Agent not connected |
degraded |
Agent connected but reporting issues |
Target Health Status
| Status | Description |
|---|---|
healthy |
Target responding correctly |
unhealthy |
Target failing health checks |
unknown |
Health status not determined |
API Error Codes
| Code | Description |
|---|---|
RELEASE_NOT_FOUND |
Release ID does not exist |
ENVIRONMENT_NOT_FOUND |
Environment ID does not exist |
PROMOTION_BLOCKED |
Promotion blocked by gate or freeze |
APPROVAL_REQUIRED |
Promotion requires approval |
INSUFFICIENT_APPROVALS |
Not enough approvals |
SOD_VIOLATION |
Separation of duties violated |
FREEZE_WINDOW_ACTIVE |
Environment in freeze window |
SECURITY_GATE_FAILED |
Security requirements not met |
NO_AGENT_AVAILABLE |
No agent available for target |
DEPLOYMENT_IN_PROGRESS |
Another deployment running |
ROLLBACK_NOT_POSSIBLE |
No previous version to rollback to |
Integration Types
| Type | Category | Description |
|---|---|---|
docker-registry |
Registry | Docker Registry v2 |
ecr |
Registry | AWS ECR |
acr |
Registry | Azure Container Registry |
gcr |
Registry | Google Container Registry |
harbor |
Registry | Harbor Registry |
gitlab-ci |
CI/CD | GitLab CI/CD |
github-actions |
CI/CD | GitHub Actions |
jenkins |
CI/CD | Jenkins |
slack |
Notification | Slack |
teams |
Notification | Microsoft Teams |
email |
Notification | Email (SMTP) |
hashicorp-vault |
Secrets | HashiCorp Vault |
prometheus |
Metrics | Prometheus |
Workflow Step Types
| Type | Category | Description |
|---|---|---|
approval |
Control | Wait for human approval |
wait |
Control | Wait for duration |
condition |
Control | Branch based on condition |
parallel |
Control | Execute children in parallel |
security-gate |
Gate | Evaluate security policy |
custom-gate |
Gate | Custom OPA policy |
freeze-check |
Gate | Check freeze windows |
deploy-docker |
Deploy | Deploy single container |
deploy-compose |
Deploy | Deploy Compose stack |
health-check |
Verify | HTTP/TCP health check |
smoke-test |
Verify | Run smoke tests |
notify |
Notify | Send notification |
webhook |
Integration | Call external webhook |
trigger-ci |
Integration | Trigger CI pipeline |
rollback |
Recovery | Rollback deployment |
Security Terms
| Term | Description |
|---|---|
| mTLS | Mutual TLS - both client and server authenticate with certificates |
| JWT | JSON Web Token - used for API authentication |
| RBAC | Role-Based Access Control |
| OPA | Open Policy Agent - policy evaluation engine |
| SoD | Separation of Duties |
| PEP | Policy Enforcement Point |