We recently announced that Otomi Container Platform will be made available as Open Source. The list below provides a sneak preview on what is offered with Otomi Container Platform Community Edition:
Otomi Core
Otomi Core is a monorepo which holds the following:
Otomi CLI:
To generate, operate on and work with an external encrypted git repo holding the configuration for Otomi Core
Validate the state of the values
To apply desired state to target clusters
Preconfigured jobs and core apps working in tandem:
[Monitoring & Alerting] Prometheus Operator with extra Grafana dashboards for teams
[Service Mesh] Istio Operator for easier lifecycle management of Istio controlplane
[Autoscalable Services] Knative Operator: team services are served by knative serving
Encryption of all secrets with SOPS
Lot of integrated apps that can be toggled on or off:
[Security] Harbor registry with image scanning: only deploy what has been approved.
[Security] Gatekeeper Operator: enforce OPA policies on all resources, allow only images from Harbor
SSO: Keycloak as IDP, optionally proxying to external IDP like Azure AD
GitOps: Drone running in each cluster reconciling with external git repo (webhook based)
Configuration of teams and their resources:
OIDC settings for kubectl access, SSO for web apps
Secrets (certs, docker, generic)
Containerized workloads: registry image, resources, labels, annotations, scale to zero
Ingress management:
Public exposure of a service on a custom url
Optional SSO with RBAC permissions, even per path
Role Based Access Control (admin / team-admin / team-member / viewer) to:
all the stack web apps
k8s resources
Dev tools:
Jsonschema spec for validation of input values, easing developer workflow
Validation (Kubeval) of all k8s output resources against the target k8s versions
VSCode configuration for out of the box everything automated: autoformatting and linting of all things yaml (k8s resources, values), commitizen for meaningful commits, spell checks, lots of best practices!
Ops tools:
Smoke tests for core apps
Service probes and alerts for exposed services
Alerts for all things that need to be looked at: workload issues (kube-prometheus rules), services not available (prom-blackbox rules)
Otomi Console CE
In CE mode (no API found) the console will fall back to only showing the list of core apps available for the role(s) of the logged in user.