Skip to content
Unicorn Delivery Service Unicorn Delivery Service

UDS Core

What is UDS Core?

Section titled “What is UDS Core?”

UDS Core is the runtime platform layer of the UDS ecosystem. It gives every application deployed on top of it a consistent, secure, and compliance-ready operating environment—so platform engineers do not have to rebuild those concerns for each project.

UDS Core is the secure foundation your applications run on. It provides shared platform services (identity, networking, logging, monitoring, runtime security, and more) with hardened defaults, and integrates those services automatically with applications that declare their needs through the UDS Package custom resource.

UDS Core is designed for teams operating in demanding environments: airgapped networks, classified enclaves, multi-cluster deployments, and edge systems where internet connectivity cannot be assumed.

Key Capabilities

Section titled “Key Capabilities”
Networking & Service Mesh Istio-based service mesh with mTLS, zero-trust network policies, and controlled ingress paths.
Identity & Access Management Keycloak SSO with opinionated defaults for realms, clients, and group-based access. Authservice protects applications that do not natively speak OIDC.
Logging Vector collects and ships logs from all cluster workloads. Loki provides storage and search. Grafana surfaces logs alongside metrics.
Monitoring & Observability Prometheus scrapes cluster and application metrics. Grafana provides pre-wired dashboards, Alertmanager handles alert routing, and Blackbox Exporter monitors external endpoints.
Runtime Security Falco delivers real-time threat detection and runtime security monitoring, with alerts routed to your observability stack.
Backup & Restore Velero handles backup and restore for cluster resources and persistent volumes.
Policy & Compliance Pepr enforces admission policies (protecting from over-privileged and malicious workloads) and manages exemptions for edge cases.

Security Posture

Section titled “Security Posture”

Security is built into UDS Core by default, not bolted on. The platform provides defense-in-depth across the software supply chain, network, identity, and runtime layers:

  • Secure supply chain with per-release CVE scans and SBOMs.
  • Airgap-native operation with no runtime external dependencies.
  • Zero-trust networking with default-deny network policies and Istio STRICT mTLS.
  • Centralized identity and SSO enforced at the mesh edge.
  • Admission control that blocks overly permissive workloads before they reach the cluster.
  • Runtime detection and alerting for malicious behavior.
  • Centralized logging and metrics for audit and incident response.

For the full security overview, see Security →.

Where to Go Next

Section titled “Where to Go Next”
Local Demo Try UDS Core locally with k3d. Explore capabilities and test integrations in about 15 minutes.
Production Deployment Deploy UDS Core to production infrastructure. Covers prerequisites, bundle building, and deploy.
Concepts Understand how a particular capability works under the hood before configuring it.
How-To Guides Step-by-step guides for configuring and operating each UDS Core capability.
Reference Exact configuration fields, CRD schemas, and UDS-specific reference material.
Operations & Maintenance Troubleshooting runbooks, upgrade guides, and day-2 operations for running UDS Core.
Cookie Settings Privacy Policy