docs(glossary): adds new glossary of strimzi terms (strimzi#11962)

Signed-off-by: prmellor <pmellor@redhat.com>

Author: PaulRMellor

Makefile

@@ -111,6 +111,7 @@ docu_html: docu_htmlclean docu_versions docu_check
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/deploying/deploying.adoc -o documentation/html/deploying.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/configuring/configuring.adoc -o documentation/html/configuring.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/overview/overview.adoc -o documentation/html/overview.html
+	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/glossary/glossary.adoc -o documentation/html/glossary.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/contributing/contributing.adoc -o documentation/html/contributing.html
 
 docu_htmlnoheader: docu_htmlnoheaderclean docu_versions docu_check
@@ -119,13 +120,15 @@ docu_htmlnoheader: docu_htmlnoheaderclean docu_versions docu_check
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) -s documentation/deploying/deploying.adoc -o documentation/htmlnoheader/deploying-book.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) -s documentation/configuring/configuring.adoc -o documentation/htmlnoheader/configuring-book.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) -s documentation/overview/overview.adoc -o documentation/htmlnoheader/overview-book.html
+	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) -s documentation/glossary/glossary.adoc -o documentation/htmlnoheader/glosary-book.html
 	asciidoctor -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) -s documentation/contributing/contributing.adoc -o documentation/htmlnoheader/contributing-book.html
 
 docu_pdf: docu_pdfclean docu_versions docu_check
 	mkdir -p documentation/pdf
 	asciidoctor-pdf -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/deploying/deploying.adoc -o documentation/pdf/deploying.pdf
 	asciidoctor-pdf -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/configuring/configuring.adoc -o documentation/pdf/configuring.pdf
 	asciidoctor-pdf -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/overview/overview.adoc -o documentation/pdf/overview.pdf
+	asciidoctor-pdf -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/glossary/glossary.adoc -o documentation/pdf/glossary.pdf
 	asciidoctor-pdf -v --failure-level WARN -t -dbook -a ProductVersion=$(RELEASE_VERSION) -a BridgeVersion=$(BRIDGE_VERSION) -a GithubVersion=$(GITHUB_VERSION) -a OAuthVersion=$(OAUTH_VERSION) documentation/contributing/contributing.adoc -o documentation/pdf/contributing.pdf
 
 docu_check:
@@ -151,9 +154,11 @@ release_docu: docu_html docu_htmlnoheader docu_pdf
 	$(CP) -rv documentation/pdf/overview.pdf strimzi-$(RELEASE_VERSION)/docs/pdf/
 	$(CP) -rv documentation/pdf/deploying.pdf strimzi-$(RELEASE_VERSION)/docs/pdf/
 	$(CP) -rv documentation/pdf/configuring.pdf strimzi-$(RELEASE_VERSION)/docs/pdf/
+	$(CP) -rv documentation/pdf/glossary.pdf strimzi-$(RELEASE_VERSION)/docs/pdf/
 	$(CP) -rv documentation/html/overview.html strimzi-$(RELEASE_VERSION)/docs/html/
 	$(CP) -rv documentation/html/deploying.html strimzi-$(RELEASE_VERSION)/docs/html/
 	$(CP) -rv documentation/html/configuring.html strimzi-$(RELEASE_VERSION)/docs/html/
+	$(CP) -rv documentation/html/glossary.html strimzi-$(RELEASE_VERSION)/docs/html/
 	$(CP) -rv documentation/html/images/ strimzi-$(RELEASE_VERSION)/docs/html/images/
 
 docu_clean: docu_htmlclean docu_htmlnoheaderclean docu_pdfclean
@@ -197,4 +202,4 @@ checksum_install:
 checksum_helm:
 	@$(FIND) ./helm-charts/ -type f -print0 | LC_ALL=C $(SORT) -z | $(XARGS) -0 $(SHA1SUM) | $(SHA1SUM)
 
-.PHONY: all $(SUBDIRS) $(DOCKERDIRS) $(DOCKER_TARGETS) docu_versions spotbugs docu_check prerequisites_check
+.PHONY: all $(SUBDIRS) $(DOCKERDIRS) $(DOCKER_TARGETS) docu_versions spotbugs docu_check prerequisites_check

documentation/glossary/glossary.adoc

@@ -0,0 +1,28 @@
+:experimental:
+include::shared/attributes.adoc[]
+//turns off numbering
+:sectnums!:
+
+:context: str
+
+[id="glossary-book_{context}"]
+= Strimzi Glossary
+
+[role="_abstract"]
+This glossary explains terminology unique to Strimzi and its components. 
+It supports consistent usage and understanding across Strimzi documentation. 
+Terms from Kafka and Kubernetes are outside its scope.
+
+//glossary entries
+include::modules/glossary/a.adoc[leveloffset=+1]
+include::modules/glossary/c.adoc[leveloffset=+1]
+include::modules/glossary/d.adoc[leveloffset=+1]
+include::modules/glossary/e.adoc[leveloffset=+1]
+include::modules/glossary/f.adoc[leveloffset=+1]
+include::modules/glossary/k.adoc[leveloffset=+1]
+include::modules/glossary/l.adoc[leveloffset=+1]
+include::modules/glossary/m.adoc[leveloffset=+1]
+include::modules/glossary/n.adoc[leveloffset=+1]
+include::modules/glossary/s.adoc[leveloffset=+1]
+include::modules/glossary/t.adoc[leveloffset=+1]
+include::modules/glossary/u.adoc[leveloffset=+1]

documentation/glossary/modules

@@ -0,0 +1 @@
+../modules

documentation/glossary/shared

@@ -0,0 +1 @@
+../shared

documentation/modules/glossary/a.adoc

@@ -0,0 +1,54 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= A
+
+[id="glossary-access-operator_{context}"]
+== Access Operator
+An optional operator that simplifies the sharing of Kafka connection information and credentials between namespaces. 
+Connection details are stored centrally in a `Secret` resource.
+
+[id="glossary-authentication_{context}"]
+== Authentication 
+Defines how clients prove their identity to the Kafka cluster. 
+Strimzi manages authentication as a client-server relationship:
+
+* *Server-Side*: The Kafka cluster's listeners are configured to require a specific authentication type.
+* *Client-Side*: A client (a `KafkaUser` or a client-based Kafka component managed by Strimzi) must be configured to provide matching credentials.
+
+Listener authentication (Server-Side):: 
+Listener authentication is configured per listener in the `spec.kafka.listeners` array of the `Kafka` custom resource. 
+Supported types include `tls`, `scram-sha-512`, and `custom`.
+
+Client authentication (Kafka user)::
+For Kafka users, authentication is managed using the `KafkaUser` custom resource. Supported types are `tls`, `tls-external` (using an external CA), and `scram-sha-512`. 
+Strimzi automatically creates the necessary `Secret` resources for the user.
+
+Client authentication (Kafka components)::
+For Strimzi-managed components, authentication is managed in the custom resource of the component, such as `KafkaConnect`.
+Supported types include `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, and `custom`. 
+
+For more information, see the following:
+
+* {BookURLDeploying}#con-securing-kafka-authentication-str[Configuring client authentication on listeners^]
+* {BookURLDeploying}#con-securing-client-authentication-str[Configuring user authentication^]
+
+[id="glossary-authorization_{context}"]
+== Authorization (cluster-wide)
+Defines which actions an authenticated client is permitted to perform on Kafka resources, such as writing to or reading from a topic. 
+Configuration involves setting a cluster-wide mechanism and then, if required, defining user-specific rules.
+
+Cluster-wide authorization::
+This defines the overall mechanism used by the Kafka cluster to control client actions. 
+It's configured in the `spec.kafka.authorization` section of the `Kafka` custom resource. 
+Supported types include `simple` (using the Kafka's built-in authorizer) and `custom` (using custom authorizers).
+
+User authorization (ACLs)::
+This defines specific Access Control Lists (ACLs) for a user, granting permissions to perform actions on `Kafka` resources. 
+The ACLs are defined in the `spec.authorization` section of the `KafkaUser` custom resource.
+If using a custom authorization mechanism, user permissions are typically managed within the external authorization system and not through the `KafkaUser` resource.
+
+For more information, see the following:
+
+* {BookURLDeploying}#con-securing-kafka-authorization-str[Configuring authorized access to Kafka^]
+* {BookURLDeploying}#con-securing-client-authorization-str[Configuring user authorization^]

documentation/modules/glossary/c.adoc

@@ -0,0 +1,34 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= C
+
+== Clients CA
+[id="glossary-clients-ca_{context}"]
+A Certificate Authority managed by the Strimzi Cluster Operator that issues TLS certificates for Kafka clients.
+These certificates are used for mutual TLS (mTLS) authentication between external clients and Kafka brokers.
+
+== Cluster CA
+[id="glossary-cluster-ca_{context}"]
+A Certificate Authority managed by the Strimzi Cluster Operator that issues TLS certificates to secure communication between Kafka brokers, internal components, and Kafka clients. 
+These certificates enable encrypted and authenticated communication over TLS.
+
+== Cluster Operator
+[id="glossary-cluster-operator_{context}"]
+The central operator responsible for deploying and managing Kafka clusters, Kafka Connect, Kafka MirrorMaker, and related components.
+
+For more information, see the following:
+
+* {BookURLOverview}#overview-components-cluster-operator-str[Cluster Operator^]
+* {BookURLDeploying}#ref-operator-cluster-str[Configuring the Cluster Operator^]
+
+== Cruise Control
+[id="glossary-cruise-control_{context}"]
+A component that provides automated Kafka cluster rebalancing and optimization.
+Cruise Control is configured through the `Kafka` custom resource, while rebalancing operations are managed using the `KafkaRebalance` custom resource.
+
+For more information, see the following:
+
+* {BookURLDeploying}#cruise-control-concepts-str[Using Cruise Control for cluster rebalancing^]
+* {BookURLDeploying}#proc-cruise-control-topic-replication-str[Using Cruise Control to modify topic replication factor^]
+* {BookURLDeploying}#proc-cruise-control-moving-data-str[Using Cruise Control to reassign partitions on JBOD disks^]

documentation/modules/glossary/d.adoc

@@ -0,0 +1,10 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= D
+
+== Drain Cleaner
+[id="glossary-drain-cleaner_{context}"]
+A utility installed as a separate component that ensures safe pod evictions during rolling updates to prevent data loss or downtime.
+
+For more information, see {BookURLDeploying}#assembly-drain-cleaner-str[Evicting pods with the Strimzi Drain Cleaner^].

documentation/modules/glossary/e.adoc

@@ -0,0 +1,13 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= E
+
+== Encryption
+[id="glossary-encryption_{context}"]
+Strimzi supports Transport Layer Security (TLS) to encrypt communication between Kafka and its clients. 
+TLS is enabled per listener in the `Kafka` custom resource, and communication between internal components is always encrypted.
+
+== Entity Operator
+[id="glossary-entity-operator_{context}"]
+The Entity Operator runs the Topic Operator and User Operator in separate containers within its pod, allowing them to handle topic and user management.

documentation/modules/glossary/f.adoc

@@ -0,0 +1,11 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= F
+
+== Feature gate
+[id="glossary-feature-gate_{context}"]
+Used to enable or disable specific features and functions managed by Strimzi operators.
+New features may be introduced initially through feature gates.
+
+For more information, see {BookURLDeploying}#ref-operator-cluster-feature-gates-str[Feature gates^].

documentation/modules/glossary/k.adoc

@@ -0,0 +1,79 @@
+:_mod-docs-content-type: REFERENCE
+
+[role="_abstract"]
+= K
+
+== Kafka (custom resource)
+[id="glossary-kafka-cr_{context}"]
+A custom resource for deploying and configuring a Kafka cluster, including settings for nodes, listeners, storage, security, and internal components like Cruise Control and the Entity Operator.
+
+For more information, see the {BookURLConfiguring}#type-Kafka-reference[`Kafka` schema reference^].
+
+== Kafka Bridge
+[id="glossary-kafka-bridge_{context}"]
+Provides a RESTful interface that allows HTTP-based clients to interact with a Kafka cluster.
+
+For more information, see {BookURLBridge}[Using the Kafka Bridge^].
+
+== KafkaBridge (custom resource)
+[id="glossary-kafkabridge-cr_{context}"]
+A custom resource used to deploy and configure a Kafka Bridge instance, specifying replicas, authentication, and connection details.
+
+For more information, see the {BookURLConfiguring}#type-KafkaBridge-reference[`KafkaBridge` schema reference^].
+
+== KafkaConnect (custom resource)
+[id="glossary-kafkaconnect-cr_{context}"]
+A custom resource used to deploy and configure a Kafka Connect cluster for integrating external systems with Kafka.
+
+For more information, see the {BookURLConfiguring}#type-KafkaConnect-reference[`KafkaConnect` schema reference^].
+
+== KafkaConnector (custom resource)
+[id="glossary-kafkaconnector-cr_{context}"]
+A custom resource for managing individual Kafka connectors in a Kafka Connect cluster declaratively and independently of the `KafkaConnect` deployment.
+
+For more information, see the {BookURLConfiguring}#type-KafkaConnector-reference[`KafkaConnector` schema reference^].
+
+== KafkaExporter
+[id="glossary-kafkaexporter_{context}"]
+The Kafka Exporter exposes Kafka metrics for Prometheus. 
+It is configured as part of the `Kafka` custom resource.
+
+For more information, see the {BookURLConfiguring}#type-KafkaExporterSpec-reference[`KafkaExporterSpec` schema reference^].
+
+== KafkaMirrorMaker2 (custom resource)
+[id="glossary-kafkamirrormaker2-cr_{context}"]
+A custom resource for deploying a Kafka MirrorMaker 2 instance to replicate data between Kafka clusters.
+
+For more information, see the {BookURLConfiguring}#type-KafkaMirrorMaker2-reference[`KafkaMirrorMaker2` schema reference^].
+
+== KafkaNodePool (custom resource)
+[id="glossary-kafkanodepool-cr_{context}"]
+A custom resource used to configure distinct groups of nodes within a Kafka cluster.
+Nodes in a node pool can be configured to operate as Kafka brokers, controllers, or both.
+
+For more information, see the {BookURLConfiguring}#type-KafkaNodePool-reference[`KafkaNodePool` schema reference^].
+
+== KafkaRebalance (custom resource)
+[id="glossary-kafkarebalance-cr_{context}"]
+A custom resource that triggers and manages cluster rebalancing through Cruise Control by setting optimization goals.
+
+Rebalance modes:
+
+full:: Load rebalanced across all brokers  
+add-brokers:: Replicas moved to newly added brokers  
+remove-brokers:: Replicas moved off brokers being removed  
+remove-disks:: Data moved between storage volumes within the same broker
+
+For more information, see the {BookURLConfiguring}#type-KafkaRebalance-reference[`KafkaRebalance` schema reference^].
+
+== KafkaTopic (custom resource)
+[id="glossary-kafkatopic-cr_{context}"]
+A custom resource for managing Kafka topics (creation, configuration, deletion) through the Topic Operator.
+
+For more information, see the {BookURLConfiguring}#type-KafkaTopic-reference[`KafkaTopic` schema reference^].
+
+== KafkaUser (custom resource)
+[id="glossary-kafkauser-cr_{context}"]
+A custom resource for managing Kafka users (creation, configuration, deletion) through the User Operator, including their authentication credentials and access permissions.
+
+For more information, see the {BookURLConfiguring}#type-KafkaUser-reference[`KafkaUser` schema reference^].