Glossary
This page describes the terms used within the context of Holos.
Platform
In Holos, a Platform is a comprehensive environment configured using the Kubernetes resource model. It extends beyond traditional Kubernetes functionality by integrating cloud resources through Crossplane, allowing for a unified management approach across both Kubernetes and cloud infrastructure. A Platform typically consists of one Management Cluster, which handles control and secret management, and one or more Workload Clusters, where application workloads are deployed and run. This architecture enables a consistent and scalable approach to managing diverse resources and services within the cloud-native ecosystem.
Management Cluster
In the context of Holos, a Management Cluster is a special Kubernetes cluster that hosts Kubernetes controllers. For example, cert-manager, Cluster api, and Crossplane. A management cluster manages a single platform. The primary function of this cluster is to securely store and manage secrets, ensuring the secure handling of sensitive information such as credentials, API keys, and other confidential data. The Management Cluster serves as a centralized and secure control plane for the platform, facilitating the orchestration and management of other components.
Workload Cluster
In Holos, a Workload Cluster is a Kubernetes cluster designed to host and run application workloads. Unlike the Management Cluster, which focuses on control and secret management, Workload Clusters are dedicated to executing the actual applications and services. These clusters can vary in size and configuration based on the specific needs of the applications they support. Workload Clusters leverage Kubernetes' orchestration capabilities to manage the deployment, scaling, and operation of containerized applications, providing a flexible and scalable environment for running production workloads within the platform.
Platform Form
In Holos, a Platform Form is a customizable web form defined by JSON data. Each platform within Holos has a unique Platform Form, which serves as an interface for configuring and managing the platform's settings and resources. Platform engineers can customize the Platform Form by modifying the underlying CUE (Configuration Unified Engine) code, allowing for tailored configurations that meet specific requirements. This flexibility enables platform engineers to create a user-friendly and specific interface for managing the platform's components and operations.
Platform Model
In Holos, the Platform Model represents the collection of values submitted through the Platform Form. It encapsulates the specific configuration details and settings defined by the platform engineers, serving as the blueprint for the platform's setup and operation. The Platform Model is essential for translating the customized options and parameters from the Platform Form into actionable configurations within the Holos ecosystem, ensuring that the platform operates according to the specified requirements and guidelines.
Secret Store
In Holos, a SecretStore is a repository for securely storing and managing sensitive data such as passwords, API keys, and other confidential information. It is compatible with any secret store supported by the External Secrets Operator. By default, the management cluster serves as the SecretStore to minimize dependencies and simplify the architecture. This setup ensures that secrets are managed in a secure and centralized manner, aligning with the overall security framework of the platform.
Service Mesh
In Holos, a Service Mesh is a dedicated infrastructure layer for managing, observing, and securing service-to-service communications within a microservices architecture. It typically includes features such as load balancing, traffic routing, service discovery, and security policies like mutual TLS and access control. The Service Mesh abstracts these functionalities away from the application code, providing a centralized control plane for managing the interactions between microservices. This facilitates better observability, resilience, and security in complex, distributed environments.
Zero Trust
In the context of Holos and broader security practices, Zero Trust is a security model that assumes no implicit trust is granted to any user, system, or component inside or outside the network. Instead, every request for access is treated as potentially malicious, and verification is required at every stage. This model enforces strict identity verification, continuous monitoring, and least-privilege access policies.