Otomi Container Platform CE Sneak Preview

We recently announced that the Otomi Container Platform will be made available as Open Source. The list below provides a sneak preview of what is offered with Otomi Container Platform Community Edition:

Otomi Core

Otomi Core is a monorepo that holds the following:

  • Otomi CLI:
    • To generate, operate on, and work with an external encrypted git repo holding the configuration for Otomi Core
    • Validate the state of the values
    • To apply the desired state to target clusters
  • Preconfigured jobs and core apps working in tandem:
    • [Monitoring & Alerting] Prometheus Operator with extra Grafana dashboards for teams
    • [Service Mesh] Istio Operator for easier lifecycle management of Istio control-plane
    • [Autoscalable Services] Knative Operator: team services are served by knative serving
  • Encryption of all secrets with SOPS
  • A lot of integrated apps that can be toggled on or off:
    • [Security] Harbor registry with image scanning: only deploy what has been approved.
    • [Security] Gatekeeper Operator: enforce OPA policies on all resources, allow only images from Harbor
    • See the full list
  • SSO: Keycloak as IDP, optionally proxying to external IDP like Azure AD
  • GitOps: Drone running in each cluster reconciling with external git repo (webhook based)
  • Configuration of teams and their resources:
    • OIDC settings for Kubectl access, SSO for web apps
    • Secrets (certs, docker, generic)
    • Containerized workloads: registry image, resources, labels, annotations, scale to zero
  • Ingress management:
    • Public exposure of a service on a custom URL
    • Optional SSO with RBAC permissions, even per path
  • Role-Based Access Control (admin / team-admin / team-member / viewer) to:
    • all the stack web apps
    • k8s resources
  • Dev tools:
    • Jsonschema spec for validation of input values, easing developer workflow
    • Validation (Kubeval) of all k8s output resources against the target k8s versions
    • VSCode configuration for out-of-the-box everything automated: autoformatting and linting of all things YAML (k8s resources, values), commitizen for meaningful commits, spell checks, lots of best practices!
  • Ops tools:
    • Smoke tests for core apps
    • Service probes and alerts for exposed services
    • Alerts for all things that need to be looked at: workload issues (Kube-Prometheus rules), services not available (prom-BlackBox rules)

Otomi Console CE

In CE mode (no API found) the console will fall back to only showing the list of core apps available for the role(s) of the logged-in user.

We recently announced that Otomi Container Platform will be made available as Open Source. The list below provides a sneak preview on what is offered with Otomi Container Platform Community Edition:

Share this article

Share on twitter
Share on reddit
Share on linkedin
Share on email
Share on facebook

Other Articles You Might Find Interesting


Otomi, looking back and ahead


Developer self-service for Kubernetes with Otomi

Discover the upsides and downsides of building your own Kubernetes-based container platform

Deep dive into the strategic risks IT Leaders will face in 6 to 12 months after deciding to build their own Kubernetes-based container platform solution.