Lattice Documentation

Install, uninstall, login, and manage clusters from the command line.

Cloud credentials and provider configuration. AWS, Proxmox, OpenStack, Docker.

Infrastructure, node pools, and the pivot. Multi-provider cluster lifecycle.

ESO ClusterSecretStore configuration. Vault, AWS Secrets Manager, webhook, and more.

Backup storage configuration. S3, GCS, Azure, and S3-compatible providers.

Cluster-wide backup schedules and scope using Velero. Control plane and workload backups.

Restore from Velero backups. Tracks restore progress and completion.

Workload definition with containers, resources, bilateral agreements, autoscaling, and deploy strategies.

Batch workloads with gang scheduling via Volcano. Master/worker topologies, GPU allocation, and retry policies.

Model serving with disaggregated inference. Separate entry and worker roles, GPU sharing, and model-aware scheduling.

External service endpoints outside the cluster mesh. Creates Istio ServiceEntry and Cilium egress policies.

Organization-wide policies applied to LatticeServices via label selectors. Backup, compliance, and standards.

Enroll namespaces into the Istio ambient mesh with Cilium integration. Manages waypoint proxies and mesh labels.

Authorization rules using the Cedar policy language. Control user and group access to clusters.

How Cedar policies are evaluated at compile time. Security overrides, workload authorization, and default-deny semantics.

OIDC identity provider for the auth proxy. JWT token validation, JWKS discovery, and claim mapping.

Tetragon eBPF kernel-level enforcement. Binary allowlists, rootfs write protection, and capability restrictions.