Basic Concepts

H2O AI Hybrid Cloud Appstore recognizes three actors:

  • App Developer: creates and publishes apps
  • App User: browses and runs apps, can be either user with "full access" or visitor
  • Admin: manages the platform

over four resource types:

  • App: runnable Wave app package
  • App instance: running instance of an app
  • App tag: label for categorizing apps withing the platform
  • App secret: sensitive information needed to run apps withing the platform


App is a runnable Wave app package with metadata, such as (grouped into categories):

  • Identity
    • a unique name and version identifier
  • Display/search
    • a title and description
    • icon and screenshots
    • search category and keywords
  • Authorization
    • owner (i.e., the person who imported it into H2O AI Hybrid Cloud Appstore)
    • visibility (PRIVATE, ALL_USERS)
  • Runtime
    • RAM/disk requirements
    • other runtime settings (e.g., pointers to dependencies and secrets to be injected at startup time)

Users can start/run multiple instances of each app (subject to authorization, see below).

Apps are mostly immutable, meaning once uploaded, they cannot be changed (except for visibility). To "update" an app, one has to upload a new version. This is to simplify the app lifecycle and remove the need for developers to address app upgrade/downgrade.


Internally, H2O AI Hybrid Cloud Appstore treats every app name/version combination as a separate entity. The UI then uses the app name to link several versions together; however each can have different title, description, owner, instances, etc.

App Instance

App instance is a running instance of an app with the following metadata:

  • pointer to the corresponding app
  • owner (the person who started it)
  • visibility (PRIVATE, ALL_USERS, PUBLIC)

The H2O AI Hybrid Cloud Appstore fully manages the app instance lifecycle on behalf of its users.

Instances can be stateless or stateful (depending on the app configuration) and can use external dependencies (e.g., AWS S3, Driverless AI).

Under the hood, each instance consists of several k8s resources, specifically, each instance is running in its own k8s pod, under its own k8s service, accessible via a H2O AI Hybrid Cloud Appstore subdomain (e.g., It can optionally include other resources, such as PVCs, Configmaps, etc.

App Tag

Tags are means of annotating apps in the platform (similar to GitHub issue labels). Beyond visually categorizing apps, tags also act as a mechanism by which apps are exposed to "visitors" (i.e., users without "full access"); see Authorization for Visitors for details.

Tags are standalone resources with the following metadata (grouped into categories):

  • Display/search properties
    • name, title, color, description
  • ACLs
    • admin roles (i.e., the users that can manage the tag)
    • visitor roles (i.e., the visitors that can view apps with this tag)

Tags are assigned to apps individually, each tag can be assigned to multiple apps, each app can have multiple tags assigned.

App Secret

Secrets are backed by Kubernetes secrets and a meant for storing sensitive information that can be mounted as an environment variable or file. Secrets are standalone resources with the following metadata:

  • name
  • visibility (PRIVATE, ALL_USERS)
  • owner (the person who created it)