Discover Otomi Console

One web based UI to access all integrated applications and self-service features

Click on an image to zoom in

1

7

Platform Applications

On the platform level, admins can access all the integrated and pre-configured platform-level applications like:

  • Drone; configured with a pipeline for configuration synchronization
  • Gitea; the local Git repository for storing the platform configuration files
  • KeyCloak; IdP configuration
  • Grafana; dashboards for all platform resources
  • Harbor: platform container registry management
  • Loki; log aggregation for all platform resources
  • Kubeapps; add chart repositories and install more apps
  • Vault; manage secrets and use them in your workloads
 
Enable inactive apps by dragging them to the active apps section.

2

7

Security Policies

In the Policies section, a platform admin can see and configure all the available security policies. By default, policies are enforced, but non-blocking. Click on a policy to configure parameters and to turn a policy on or off.

 

3

7

Otomi Teams

Teams are isolated spaces on Kubernetes and can be used for Projects, DevOps teams, or even DTAP. Platform admins can use the self-service flags to delegate permissions to a team. When a flag is set, members of the team can configure ingress for public exposure, change alerting receivers, change the OIDC group id or even change team resource quotas. By default all internal network traffic between Teams is disabled.

4

7

Otomi Services

A service in Otomi is a feature for publicly exposing pre-deployed Kubernetes or Knative services. Otomi will automatically create all ingress resources and configuration needed, including certificates, Istio virtual services, DNS records, or even an Oauth2 proxy for Single Sign-On.

Next to configuring exposure for a pre-deployed service, Otomi Console can also be used to create new Knative services without writing any YAML manifests. Just fill in the container image you would like to deploy and optionally configure environment variables, annotations, secrets, secret mounts, and/or files. 

Creating an Otomi Service with Knative removes the need to set up a CD pipeline. Coming soon: Use the Continuous Delivery option to automatically deploy new versions of your application based on a chosen tagging format.

5

7

Otomi Jobs

Use Otomi Jobs to create and run Kubernetes jobs and CronJobs.

A job creates one or more pods and will continue to retry the execution of the pods until a specified number of them successfully terminate. As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete.

Create a CronJob to create a Job that will run at specified times/dates.

6

7

Otomi Secrets

Secrets created and managed using HashiCorp Vault can be ‘mapped’ onto the Otomi configuration and then be used by Otomi Services (for public and private expose and to mount into the pod as an environment variable when creating a Knative service) and by any other pod within the team namespace.

Otomi supports three kinds of secrets:

  • Generic
  • Docker Registry
  • TLS

7

7

Team Applications

When Otomi multi-tenancy is enabled, each team will get access to:

  • A project in Harbor
  • A space in Vault
  • Loki to see logs of apps deployed by the team
  • Grafana to see metrics of apps deployed by the team
  • Kubeapps to install applications from a catalog
  • A dedicated Alertmanager and Prometheus instance