Integrations
Out-Of-The-Box, Preconfigured Apps and Automation
Generic Integration Features
Benefit from generic integration features such as SSO and sane configuration defaults
Preconfigured Applications
All Apps in the suite have configured to accommodate common business scenarios
Otomi is an enterprise-grade and production-ready DevOps platform solution that acts as a value-added layer on top of Kubernetes
Otomi offers a suite of integrated and pre-configured industry-leading open source applications, combined with automation and self-service
1
3
Generic Integration Features
Otomi is highly modular. All Apps in the suite take advantage of generic integration features like:
- SSO Authentication
- Awareness of users, roles, and permissions.
- Secure access with Let’s Encrypt TLS certificates
- Abstraction of cloud-native differences
- Sane configuration defaults
2
3
Preconfigured Applications
Each application has been custom configured to accommodate common business scenarios and use cases while exposing parameters to be able to control changing factors over time. Let’s look at some of the custom work that went into them:
- Cert-manager: any service with automatic certs turned on will generate a Letsencrypt Certificate resource
- Drone: preconfigured runner that detects configuration changes to the Otomi values-repo and deploys changes in the desired state
- OPA/gatekeeper: a single source of policies is checked at compile-time, and translated on the fly during deployment to enable Gatekeeper to use those in the cluster at runtime
- Istio: all parts are tuned and configured to work together
- All integrated applications resources and scaling are pre-configured
- All resources are monitored and visualized in Grafana
- Keycloak is configured with mappers that normalize incoming identities from the IDP to have a predictable format and list of groups (OIDC, JWT)
- Loki is configured in multi-tenant mode. Each team is a tenant and logs are segregated per tenant
- Hashicorp vault community edition is given RBAC awareness of users, allowing teams to self-manage their secrets and integrate them into their workloads
3
3
Automation
In addition to the generic integration features and the pre-configured applications, Otomi also offers significant automation capabilities:
- Teams are each given a project in Harbor, allowing team users to push and pull container images and create secrets for automation
- Istio Virtual services are automatically generated for team services, tying a generic ingress architecture to service endpoints in a predictable way
- Mutual TLS is automatically started between workloads that are part of the mesh
- Two ingress gateways are automatically configured per team: one for SSO traffic and one for public exposure
- Nginx-ingress ingress resources are automatically generated for all integrated applications and for team services. There is also configuration exposed allowing admins to turn on special Nginx features like throttling or OWASP rule checking
- All teams automatically get their own Prometheus, Alertmanager, and Grafana instance, allowing them to view only their own resources
The suite of integrated apps consists of the following industry-leading open source applications
OAuth2/ OpenID
Authentication of users against any OIDC provider, or Active Directory / LDAP
Knative
Deploy and manage modern serverless workloads like functions and auto scalable container deployments
Harbor
A container image registry with role-based access control, image scanning, and image signing
Weave Scope
Understand your application quickly by seeing it in a real time interactive display
Hashicorp Vault
Store and tightly control access to tokens, passwords, certificates, and API keys
Cert-manager
A nonprofit Certificate Authority providing industry-recognized TLS certificates
