Authentication
Platz delegates user authentication to an external OpenID Connect provider. There is no built-in user store, no password reset flow, no MFA management — those concerns belong to your IdP (Auth0, Keycloak, Okta, Dex, Google Workspace via an OIDC bridge, GitHub via an OIDC bridge, etc.). Platz only deals with what happens after the IdP says "yes, this is so-and-so".
Clusters
A cluster in Platz is a registered Kubernetes cluster that Platz can deploy into. Clusters are discovered (or registered manually) by the platz-k8s-agent worker and managed at /admin/clusters by site admins.
Envs
An env in Platz is a logical container for clusters, deployments, and the people who can touch them. You'll usually map envs to your existing operational tiers — production, staging, dev, dogfood, one per customer for multi-tenant setups, one per team for shared infrastructure.
Users
User management in Platz happens in two places, by design:
Bots
A bot in Platz is a service identity — a non-human account meant for automation. CI pipelines, GitOps controllers, chart back-ends that invoke Platz actions, anything that needs to authenticate against the API without using a person's credentials.
Helm Registries
A Helm registry in Platz is an OCI registry repository that holds Helm charts. The platz-chart-discovery worker watches these registries and surfaces new chart versions in the UI as soon as they're pushed.
Ingress
Platz has two layers of ingress concerns, both of which need to be set up correctly:
Logs
Platz integrates with Grafana + Loki to give users a one-click "open the logs for this deployment" link. The integration is configured per cluster (so different clusters can point at different Loki instances) and shows up as an Open Logs entry in each deployment's Actions menu.