We recently announced that Otomi Container Platform will be made available as Open Source. The list below provides a sneak preview on what is offered with Otomi Container Platform Community Edition:
Otomi Core
Otomi Core is a monorepo which holds the following:
- Otomi CLI:
- To generate, operate on and work with an external encrypted git repo holding the configuration for Otomi Core
- Validate the state of the values
- To apply desired state to target clusters
- Preconfigured jobs and core apps working in tandem:
- [Monitoring & Alerting] Prometheus Operator with extra Grafana dashboards for teams
- [Service Mesh] Istio Operator for easier lifecycle management of Istio controlplane
- [Autoscalable Services] Knative Operator: team services are served by knative serving
- Encryption of all secrets with SOPS
- Lot of integrated apps that can be toggled on or off:
- [Security] Harbor registry with image scanning: only deploy what has been approved.
- [Security] Gatekeeper Operator: enforce OPA policies on all resources, allow only images from Harbor
- See full list here
- SSO: Keycloak as IDP, optionally proxying to external IDP like Azure AD
- GitOps: Drone running in each cluster reconciling with external git repo (webhook based)
- Configuration of teams and their resources:
- OIDC settings for kubectl access, SSO for web apps
- Secrets (certs, docker, generic)
- Containerized workloads: registry image, resources, labels, annotations, scale to zero
- Ingress management:
- Public exposure of a service on a custom url
- Optional SSO with RBAC permissions, even per path
- Role Based Access Control (admin / team-admin / team-member / viewer) to:
- all the stack web apps
- k8s resources
- Dev tools:
- Jsonschema spec for validation of input values, easing developer workflow
- Validation (Kubeval) of all k8s output resources against the target k8s versions
- VSCode configuration for out of the box everything automated: autoformatting and linting of all things yaml (k8s resources, values), commitizen for meaningful commits, spell checks, lots of best practices!
- Ops tools:
- Smoke tests for core apps
- Service probes and alerts for exposed services
- Alerts for all things that need to be looked at: workload issues (kube-prometheus rules), services not available (prom-blackbox rules)
Otomi Console CE
In CE mode (no API found) the console will fall back to only showing the list of core apps available for the role(s) of the logged in user.