Integrations
Pre-configured Apps and Automation
Generic Integration Features
Benefit from generic integration features such as an advanced ingress architecture
Pre-configured Applications
All Apps in the suite have configured to accommodate common business scenarios
Otomi offers a complete suite of pre-configured Kubernetes applications combined with automation and developer self-service
The configuration of all pre-configured apps can be modified based on Configuration as Code
1
3
Generic Integration Features
Otomi is highly modular. All Apps in the suite take advantage of generic integration features like:
- SSO Authentication
- Awareness of users, roles, and permissions
- A service mesh to enable mTLS between all services
- Abstraction of cloud-native differences
- Use of GitHub or GitLab as code repository
- Bring your own IdP
2
3
Pre-configured Applications
Each integrated application is configured to accommodate the most common business scenarios while exposing parameters to be able to control changing factors over time. Let’s look at some of the custom work that went into them:
- Cert-manager: Any service with automatic certs turned on will generate a Letsencrypt Certificate resource
- Drone: A pre-configured runner that detects configuration changes to the Otomi values-repo and deploys changes in the desired state
- OPA/gatekeeper: A single source of policies is checked at compile-time, and translated on the fly during deployment to enable Gatekeeper to use those in the cluster at runtime
- Istio: All parts are tuned and configured to work together
- All integrated application resources and scaling are pre-configured
- All resources are monitored and visualized in Grafana
- Keycloak is configured with mappers that normalize incoming identities from the IDP to have a predictable format and list of groups (OIDC, JWT)
- Loki is configured in multi-tenant mode. Each team is a tenant and logs are segregated per tenant
- HashiCorp Vault community edition is given RBAC awareness of users, allowing teams to self-manage their secrets and integrate them into their workloads
Otomi is open source and can be installed on any Kubernetes cluster. Learn how to install Otomi on your Kubernetes cluster and how to use the Otomi UI and CLI
3
3
Automation
In addition to the generic integration features and the pre-configured applications, Otomi also offers significant automation capabilities:
- Teams are each given a project in Harbor, allowing team users to push and pull container images and create secrets for automation
- Istio Virtual services are automatically generated for team services, tying a generic ingress architecture to service endpoints in a predictable way
- Mutual TLS is automatically started between workloads that are part of the mesh
- Two ingress gateways are automatically configured per team: one for SSO traffic and one for public exposure
- Nginx-ingress ingress resources are automatically generated for all integrated applications and for team services. There is also configuration exposed allowing admins to turn on special Nginx features like throttling or OWASP rule checking
- All teams automatically get their own Prometheus, Alertmanager, and Grafana instance, allowing them to view only their own resources
The Otomi app suite includes the following industry-leading open source applications
OAuth2/ OpenID
Authentication of users against any OIDC provider, or Active Directory / LDAP
Weave Scope
Understand your application quickly by seeing it in a real time interactive display
Hashicorp Vault
Store and tightly control access to tokens, passwords, certificates, and API keys
Cert-manager
A nonprofit Certificate Authority providing industry-recognized TLS certificates
