Integrations

Out-Of-The-Box, Preconfigured Apps and Automation

Generic Integration Features

Benefit from generic integration features such as SSO and sane configuration defaults

Preconfigured Applications

All Apps in the suite have configured to accommodate common business scenarios

Automation

Increase productivity with out-of-the-box automation features

Otomi is an enterprise-grade and production-ready DevOps platform solution that acts as a value-added layer on top of Kubernetes

Otomi offers a suite of integrated and pre-configured industry-leading open source applications, combined with automation and self-service

1

3

Generic Integration Features

Otomi is highly modular. All Apps in the suite take advantage of generic integration features like:

  • SSO Authentication
  • Awareness of users, roles, and permissions.
  • Secure access with Let’s Encrypt TLS certificates
  • Abstraction of cloud-native differences
  • Sane configuration defaults

2

3

Preconfigured Applications

Each application has been custom configured to accommodate common business scenarios and use cases while exposing parameters to be able to control changing factors over time. Let’s look at some of the custom work that went into them:

  • Cert-manager: any service with automatic certs turned on will generate a Letsencrypt Certificate resource
  • Drone: preconfigured runner that detects configuration changes to the Otomi values-repo and deploys changes in the desired state
  • OPA/gatekeeper: a single source of policies is checked at compile-time, and translated on the fly during deployment to enable Gatekeeper to use those in the cluster at runtime
  • Istio: all parts are tuned and configured to work together
  • All integrated applications resources and scaling are pre-configured
  • All resources are monitored and visualized in Grafana
  • Keycloak is configured with mappers that normalize incoming identities from the IDP to have a predictable format and list of groups (OIDC, JWT)
  • Loki is configured in multi-tenant mode. Each team is a tenant and logs are segregated per tenant
  • Hashicorp vault community edition is given RBAC awareness of users, allowing teams to self-manage their secrets and integrate them into their workloads
Otomi container platform integrations

3

3

Automation

In addition to the generic integration features and the pre-configured applications, Otomi also offers significant automation capabilities:

  • Teams are each given a project in Harbor, allowing team users to push and pull container images and create secrets for automation
  • Istio Virtual services are automatically generated for team services, tying a generic ingress architecture to service endpoints in a predictable way
  • Mutual TLS is automatically started between workloads that are part of the mesh
  • Two ingress gateways are automatically configured per team: one for SSO traffic and one for public exposure
  • Nginx-ingress ingress resources are automatically generated for all integrated applications and for team services. There is also configuration exposed allowing admins to turn on special Nginx features like throttling or OWASP rule checking
  • All teams automatically get their own Prometheus, Alertmanager, and Grafana instance, allowing them to view only their own resources

The suite of integrated apps consists of the following industry-leading open source applications

Prometheus Operator

The current standard in collecting container application metrics

Loki

The next standard in collecting container application logs

Grafana

The famous dashboard for viewing application traces, metrics and logs

Istio

The service mesh framework with end-to-end transit encryption and much more

Jaeger

End-to-end distributed tracing and monitor for complex distributed systems 

Kiali

Observe the Istio service mesh relations and connections

Open Policy Agent

Policy-based control for cloud-native environments

OAuth2/ OpenID

Authentication of users against any OIDC provider, or Active Directory / LDAP

keycloak_deliverables

Keycloak

Open source Identity and Access Management for modern applications and services

External DNS

Making sure your service IPs are found on the internet using hostnames

Knative

Deploy and manage modern serverless workloads like functions and auto scalable container deployments

Harbor

A container image registry with role-based access control, image scanning, and image signing

Velero

Back up Kubernetes objects and Persistent Volumes

Gitlab-CI

A complete DevOps platform delivered as a single application

Drone

A self-service Continuous Integration platform for busy development teams

Ingress Control

Create and configure supporting Cloud resources for ingress

Weave Scope

Understand your application quickly by seeing it in a real time interactive display

Kubeapps

Deploy your applications in Kubernetes using an app catalog

Hashicorp Vault

Store and tightly control access to tokens, passwords, certificates, and API keys

Cert-manager

A nonprofit Certificate Authority providing industry-recognized TLS certificates

Gitea

A painless self-hosted Git service to store Otomi configuration values