Skip to content

holos-run/holos-console

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,891 Commits
.github
.github
 
 
.vscode
.vscode
 
 
api
api
 
 
cli
cli
 
 
cmd
cmd
 
 
config
config
 
 
console
console
 
 
cue.mod
cue.mod
 
 
docs
docs
 
 
frontend
frontend
 
 
gen/holos/console/v1
gen/holos/console/v1
 
 
hack
hack
 
 
internal
internal
 
 
manifests
manifests
 
 
proto/holos/console/v1
proto/holos/console/v1
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
.mcp.json
.mcp.json
 
 
AGENTS.md
AGENTS.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.console
Dockerfile.console
 
 
Dockerfile.secret-injector
Dockerfile.secret-injector
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PROJECT
PROJECT
 
 
README.md
README.md
 
 
agent-browser.json
agent-browser.json
 
 
buf.gen.yaml
buf.gen.yaml
 
 
buf.yaml
buf.yaml
 
 
generate.go
generate.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
tools.go
tools.go
 
 

Repository files navigation

Holos Console

A Go HTTPS server with a React frontend that serves a web console UI and exposes ConnectRPC services. The built UI is embedded into the Go binary via go:embed.

Quick Start

A first-time cluster operator can bootstrap the full cluster surface — CRDs, admission policies, RBAC, and the secret-injector ServiceAccount — and reach a running server with a handful of commands.

Prerequisites

  • A Kubernetes cluster. Run make cluster to create a local k3d cluster (installs DNS, k3d, and a local mkcert CA). Alternatively, point kubectl at any existing cluster.
  • kubectl context set to that cluster.
  • mkcert for local TLS certificates.
  • Go 1.25+ and Node 18+ / npm for building the server and frontend.

See CONTRIBUTING.md for full toolchain setup instructions, including Debian 13 / fresh-VM steps.

Apply the cluster surface

The kustomize overlays are split into two layers. Namespace-scoped resources (the holos-secret-injector ServiceAccount, Role, and RoleBinding in holos-system) must be applied before the cluster-scoped overlay because the ClusterRoleBindings in that overlay reference the ServiceAccount by name. See config/secret-injector/namespace-scoped/README.md for the rationale.

The holos-system namespace must exist before the namespace-scoped overlay is applied. Kustomize overlays intentionally do not declare the Namespace resource itself (M1 deferral), so create it first, idempotently:

kubectl create namespace holos-system --dry-run=client -o yaml | kubectl apply -f -
kubectl apply -k config/namespace-scoped/
kubectl apply -k config/cluster-scoped/

This is the same sequence that make kind-up (via scripts/kind-up) runs for automated cluster bootstrap.

Run the server

make certs
make run

The server listens on https://localhost:8443. With the cluster surface in place the controller manager primes its informers cleanly — you will not see no matches for kind "RenderState" or missing RBAC errors in the logs.

For deeper context on project conventions, testing, and architecture, see AGENTS.md.

Development

See AGENTS.md for project conventions and the Makefile for common tasks:

  • make test runs Go and UI unit tests (test-go and test-ui)
  • make generate regenerates code when proto or schema files change
  • make test-e2e runs Playwright end-to-end tests; the Playwright config starts the Go backend and Vite dev server automatically

About

Holos web console and RPC server

holos.run

Topics

react go typescript grpc oidc pkce holos connectrpc

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

v0.22.1 Latest
Apr 16, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages