Tillered Docs

Glossary

Definitions for key terms used in Tillered Self-Hosted documentation

Agent

The Arctic process that runs on each Linux host in your cluster. The agent manages encrypted tunnels, enforces routing policies, and synchronizes state with other peers. See Installation for how to install the agent.

Bootstrap

The initial operation that registers an Arctic agent with a license and establishes its identity within a cluster. Bootstrapping is the first step after installing the agent. See CLI reference for the bootstrap command.

Cluster

A group of Arctic agents that share the same license and coordinate to provide overlay networking. Peers in a cluster discover each other, synchronize configuration, and establish encrypted tunnels automatically. See Clustering for how clusters work.

Compose

A declarative configuration format for Arctic deployments. Compose files define peers, services, routes, and network topology in a single YAML document, letting you manage your cluster as infrastructure as code. See Declarative Cluster Management for usage.

License

A credential that identifies an Arctic cluster and establishes the trust boundary between peers. Every agent in the same cluster shares the same license. The license is provided during bootstrap. See Prerequisites for license requirements.

MACVLAN interface

A virtual network interface created by Arctic on a peer to attach services to a dedicated IP address on the host's network. MACVLAN interfaces allow Arctic to receive and route traffic without conflicting with the host's primary network configuration. See Service management for how services use MACVLAN interfaces.

Peer

An individual Arctic agent participating in a cluster. Each peer has a unique identity, maintains encrypted connections to other peers, and can host services and routes. See Peer management for how to add and remove peers.

Route

A rule within a service that matches traffic by destination address and directs it to a target peer through an encrypted tunnel. Routes can match specific IPs, subnets, or ranges. See Routing for how routes are evaluated.

Service

A named group of routes and traffic policies applied to a peer. Services control how traffic entering a peer is matched, forwarded, and optionally rate-limited. See Service management for how to create and manage services.

Transparent mode

A feature that preserves the original source IP address when routing TCP traffic through Arctic tunnels. By default, the destination sees the exit peer's IP. Transparent mode uses TProxy to maintain the client's real address. See Transparent Mode for details.

Transparent Mode

Understanding how Transparent Mode preserves source IP addresses through TProxy tunnels

On this page

AgentBootstrapClusterComposeLicenseMACVLAN interfacePeerRouteServiceTransparent mode