Overview¶
A Lane7 Blueprint is a pre-composed, ready-to-deploy Kubernetes application network. The ZIP bundle you download contains everything needed to run a Zero Trust secured network in your cluster — no additional tooling, no manual certificate setup, no PKI.
What's in the ZIP¶
Every blueprint bundle contains the following structure:
blueprint-name/
├── gateway/ ← one directory per pod
│ ├── 01-namespace.yaml
│ ├── 02-secrets.yaml ← credentials pre-filled at delivery
│ ├── 03-deployment.yaml
│ └── app/
│ ├── app.py ← your business logic goes in Section 1
│ └── Dockerfile
├── [additional pod dirs]/
├── deploy.sh
├── teardown.sh
├── pinhole-setup.sh ← boundary-pod blueprints only
├── blueprint.yaml
├── README.md
└── EULA.md
Credentials are injected at delivery
HOPR_LICENSE, HOPR_KEY, CHIPS_ALGORITHM, HOPR_API_TOKEN, and .dockerconfigjson are written into each pod's 02-secrets.yaml when your bundle is generated. Do not attempt to deploy before downloading your blueprint bundle.
Two concepts to understand¶
Before deploying, two concepts are worth knowing — though neither blocks you from running your first deployment.
WoSP — the Envoy WASM filter running as a sidecar in every pod. It handles all inter-pod authentication and encryption automatically. You configure it via secrets; it operates autonomously. Learn how WoSP works →
Section 1 — the clearly marked block at the top of each pod's app.py where your business logic goes. Section 2 (below it) is the WoSP networking layer — do not modify it. Learn about the Section model →
Tip
You don't need to understand WoSP to deploy a blueprint. Fill the credentials, run deploy.sh, confirm the auto-trigger. Everything else is optional depth.