Integrations

Pre-configured Apps and Automation

Generic Integration Features

Benefit from generic integration features such as an advanced ingress architecture

Pre-configured Applications

All Apps in the suite have configured to accommodate common business scenarios

Automation

Increase productivity with out-of-the-box automation features

Otomi offers a complete suite of pre-configured Kubernetes applications combined with automation and developer self-service

The configuration of all pre-configured apps can be modified based on Configuration as Code

1

3

Generic Integration Features

Otomi is highly modular. All Apps in the suite take advantage of generic integration features like:

  • SSO Authentication
  • Awareness of users, roles, and permissions
  • A service mesh to enable mTLS between all services
  • Abstraction of cloud-native differences
  • Use of GitHub or GitLab as code repository
  • Bring your own IdP

2

3

Pre-configured Applications

Each integrated application is configured to accommodate the most common business scenarios while exposing parameters to be able to control changing factors over time. Let’s look at some of the custom work that went into them:

  • Cert-manager: Any service with automatic certs turned on will generate a Letsencrypt Certificate resource
  • Drone: A pre-configured runner that detects configuration changes to the Otomi values-repo and deploys changes in the desired state
  • OPA/gatekeeper: A single source of policies is checked at compile-time, and translated on the fly during deployment to enable Gatekeeper to use those in the cluster at runtime
  • Istio: All parts are tuned and configured to work together
  • All integrated application resources and scaling are pre-configured
  • All resources are monitored and visualized in Grafana
  • Keycloak is configured with mappers that normalize incoming identities from the IDP to have a predictable format and list of groups (OIDC, JWT)
  • Loki is configured in multi-tenant mode. Each team is a tenant and logs are segregated per tenant
  • HashiCorp Vault community edition is given RBAC awareness of users, allowing teams to self-manage their secrets and integrate them into their workloads

Otomi is open source and can be installed on any Kubernetes cluster. Learn how to install Otomi on your Kubernetes cluster and how to use the Otomi UI and CLI

3

3

Automation

In addition to the generic integration features and the pre-configured applications, Otomi also offers significant automation capabilities:

  • Teams are each given a project in Harbor, allowing team users to push and pull container images and create secrets for automation
  • Istio Virtual services are automatically generated for team services, tying a generic ingress architecture to service endpoints in a predictable way
  • Mutual TLS is automatically started between workloads that are part of the mesh
  • Two ingress gateways are automatically configured per team: one for SSO traffic and one for public exposure
  • Nginx-ingress ingress resources are automatically generated for all integrated applications and for team services. There is also configuration exposed allowing admins to turn on special Nginx features like throttling or OWASP rule checking
  • All teams automatically get their own Prometheus, Alertmanager, and Grafana instance, allowing them to view only their own resources

The Otomi app suite includes the following industry-leading open source applications

Prometheus Operator

The current standard in collecting container application metrics

Loki

The next standard in collecting container application logs

Grafana

The famous dashboard for viewing application traces, metrics and logs

Istio

The service mesh framework with end-to-end transit encryption and much more

Jaeger

End-to-end distributed tracing and monitor for complex distributed systems 

Kiali

Observe the Istio service mesh relations and connections

Open Policy Agent

Policy-based control for cloud-native environments

OAuth2/ OpenID

Authentication of users against any OIDC provider, or Active Directory / LDAP

keycloak_deliverables

Keycloak

Open source IAM for modern applications and services

External DNS

Making sure your service IPs are found on the internet using hostnames

Knative

Deploy and manage modern serverless workloads

Harbor

A container image registry with role-based access control, scanning and signing

Velero

Back up Kubernetes objects and Persistent Volumes

Gitlab-CI

A complete DevOps platform delivered as a single application

Drone

A self-service Continuous Integration platform for busy development teams

Ingress Control

Create and configure supporting Cloud resources for ingress

Weave Scope

Understand your application quickly by seeing it in a real time interactive display

Kubeapps

Deploy your applications in Kubernetes using an app catalog

Hashicorp Vault

Store and tightly control access to tokens, passwords, certificates, and API keys

Cert-manager

A nonprofit Certificate Authority providing industry-recognized TLS certificates

Gitea

A painless self-hosted Git service to store Otomi configuration values