Skip to main content

Architecture

The AI App Store is the unified UI for H2O AI Cloud (HAIC). It always runs as part of HAIC and cannot be deployed on its own.

This page covers the architecture of the App Store itself: how it catalogs, schedules, and routes traffic to H2O Wave apps on Kubernetes. For the rest of the platform (MLOps, Feature Store, Workflows, AI Engines, Notebooks), see HAIC architecture.

Across HAIC, workspaces are the primary organizing unit: app instances, AI engines, and Drive files all exist within a workspace. The App Store enforces workspace-based access control through AuthZ, so every request to an app instance is authorized against the workspace it belongs to before the router forwards it.

Components

The App Store runs as a replicated server made of a few cooperating components:

  • Server: Exposes the App Store UI and API, handles authorization, and proxies traffic to and from running app instances.
  • Router: Authorizes each request against the target instance's workspace, then forwards it to the relevant Kubernetes service. Asks the scheduler which service to use.
  • Scheduler: Manages app instances through a Helm client, which acts as an abstraction over the Kubernetes API. Instance metadata lives in the Kubernetes API via Helm, not in the App Store's database.
  • Metadata database (PostgreSQL): Stores app metadata (tags, owners, pointers to icons and bundles) and browser session data.
  • Bundle storage: Stores .wave archives and extracted static assets (icons, screenshots). Uses object storage (S3, Azure Blob Storage, or GCS) when configured, with a Persistent Volume as the default fallback. Object storage is preferred for scalability and reliability.

Running an app

Each running app instance is a single-pod deployment with a Kubernetes service (ClusterIP by default, optionally LoadBalancer) and optional PVCs. The pod runs one generic container whose main process is HAIC Launcher, a small booster binary that:

  1. Downloads the app code from bundle storage.
  2. Installs the app's Python dependencies.
  3. Starts Waved (the Wave server).
  4. Starts the app.

Once running, the app is reachable only through the App Store router, which enforces access control on every request.

Single source of truth for instance state

Because instance state lives in the Kubernetes API (through Helm), the App Store and other tools see the same source of truth. An app started, updated, or deleted out of band, for example with Helm from the command line, is still visible to the App Store. This makes the system resilient to changes made outside the UI.

Feedback