diff --git a/content/en/docs/reference/glossary/ambient.md b/content/en/docs/reference/glossary/ambient.md
new file mode 100644
index 0000000000..842d2590cf
--- /dev/null
+++ b/content/en/docs/reference/glossary/ambient.md
@@ -0,0 +1,7 @@
+---
+title: Ambient
+test: n/a
+---
+
+Ambient refers to a [data plane mode](/docs/reference/glossary/#data-plane-mode) consisting of a per-node and optionally a per-namespace component.
+Ambient mode is an alternative to a [sidecar](/docs/reference/glossary/#sidecar) based deployment.
diff --git a/content/en/docs/reference/glossary/dataplane-mode.md b/content/en/docs/reference/glossary/dataplane-mode.md
new file mode 100644
index 0000000000..81558faede
--- /dev/null
+++ b/content/en/docs/reference/glossary/dataplane-mode.md
@@ -0,0 +1,7 @@
+---
+title: Data Plane Mode
+test: n/a
+---
+
+The data plane mode refers to which deployment mode the [data plane](/docs/reference/glossary/#data-plane) is using.
+Istio currently supports three modes: [sidecar](/docs/reference/glossary/#sidecar), [ambient](/docs/reference/glossary/#ambient), and [proxyless](/docs/reference/glossary/#proxyless).
diff --git a/content/en/docs/reference/glossary/hbone.md b/content/en/docs/reference/glossary/hbone.md
new file mode 100644
index 0000000000..84f04f4f06
--- /dev/null
+++ b/content/en/docs/reference/glossary/hbone.md
@@ -0,0 +1,7 @@
+---
+title: HBONE
+test: n/a
+---
+
+HBONE (or HTTP-Based Overlay Network Environment) is a secure tunneling protocol used between Istio components.
+In HBONE, users traffic is securely tunneled over HTTP `CONNECT` tunnels encrypted with [Mutual TLS Authentication](/docs/reference/glossary/#mutual-tls-authentication).
diff --git a/content/en/docs/reference/glossary/proxyless.md b/content/en/docs/reference/glossary/proxyless.md
new file mode 100644
index 0000000000..37d8c726af
--- /dev/null
+++ b/content/en/docs/reference/glossary/proxyless.md
@@ -0,0 +1,9 @@
+---
+title: Proxyless
+test: n/a
+---
+
+Proxyless refers to a [data plane mode](/docs/reference/glossary/#data-plane-mode) that runs without proxies by instead
+moving mesh functionality directly into applications.
+Currently, Istio supports a [Proxyless gRPC](/blog/2021/proxyless-grpc/) mode,
+which enables mesh functionality in the [gRPC framework](https://grpc.io/).
diff --git a/content/en/docs/reference/glossary/sidecar.md b/content/en/docs/reference/glossary/sidecar.md
new file mode 100644
index 0000000000..3fcc7c4ef7
--- /dev/null
+++ b/content/en/docs/reference/glossary/sidecar.md
@@ -0,0 +1,8 @@
+---
+title: Sidecar
+test: n/a
+---
+
+A sidecar, generally, is a container that runs alongside a primary application to provide additional functionality.
+In Istio, sidecar is a [data plane mode](/docs/reference/glossary/#data-plane-mode) that runs an [Envoy](/docs/reference/glossary/#envoy) proxy alongside each
+[Pod](/docs/reference/glossary/#pod).
diff --git a/content/en/docs/reference/glossary/waypoint.md b/content/en/docs/reference/glossary/waypoint.md
new file mode 100644
index 0000000000..5444ecf3d3
--- /dev/null
+++ b/content/en/docs/reference/glossary/waypoint.md
@@ -0,0 +1,7 @@
+---
+title: Waypoint
+test: n/a
+---
+
+A waypoint refers to the HTTP proxy component of [ambient](/docs/reference/glossary/#ambient) data plane mode.
+A waypoint runs on a per-namespace on per-service account basis and handles all traffic entering that namespace.
diff --git a/content/en/docs/reference/glossary/ztunnel.md b/content/en/docs/reference/glossary/ztunnel.md
new file mode 100644
index 0000000000..ad71322d03
--- /dev/null
+++ b/content/en/docs/reference/glossary/ztunnel.md
@@ -0,0 +1,7 @@
+---
+title: ztunnel
+test: n/a
+---
+
+Ztunnel refers to the node proxy component of [ambient](/docs/reference/glossary/#ambient) data plane mode.
+Ztunnel runs on each node and securely transmits traffic using the [HBONE](/docs/reference/glossary/#hbone) protocol.