/otomi-core

GitOps powered K8s app suite with developer self-service

Primary LanguageMustacheApache License 2.0Apache-2.0


Shift left with Otomi

Otomi makes developers self-serving and helps DevOps teams to guarantee application security and availability at the earliest stages in the development lifecycle when using Kubernetes while strongly relying on GitOps patterns, where desired state is reflected as code and the cluster state is automatically updated.

Install Otomi on your Kubernetes cluster and get a complete platform experience with developer self-service that works out-of-the-box.

Releases Docker pulls Build status Last commit License Contributions

⚡️ Quick start

Terraform

Use the Terraform quick start for Azure, GCP, and AWS to provision a Kubernetes cluster in your cloud of choice and install Otomi with minimal values. Go to the quickstart repository to get started.

When the installer job (in the default namespace) has finished, copy the URL and the generated password from the bottom of the logs of the job and complete the post-installion steps.

Helm Chart

To install Otomi with minimal values using the Helm chart, first create a values.yaml file with the following values:

cluster:
  k8sVersion: '1.20' # currently 1.18, 1.19, 1.20 and 1.21 are supported
  name: # the name of your cluster
  provider: # choose between aws, azure, google or onprem

add the Helm repository:

helm repo add otomi https://otomi.io/otomi-core
helm repo update

and then install the Helm chart:

helm install -f values.yaml otomi otomi/otomi

When the installer job (in the default namespace) has finished, copy the URL and the generated password from the bottom of the logs and complete the post-installation steps.

After installing Otomi, you can use Otomi Console to access all integrated applications and use the self-service features to create new Knative services, publicly expose pre-deployed services, create secrets and create Kubernetes Jobs / Cron Jobs.

Otomi Console

⚙️ Advanced configuration

Otomi can be installed with the following advanced configuration options:

  • Use a DNS zone with LetsEncrypt certificates
  • Configure Azure Active Directory as IdP
  • Use SOPS/KMS to encrypt sensitive configuration values

Go to otomi.io for more detailed instructions.

Key features

  • Developer self-service
  • Over 20 pre-configured and ready-to-use applications and add-ons
  • Application configuration management
  • Multi-tenancy
  • Implemented security policies
  • Single Sign-On
  • Automatic ingress configuration
  • Input/output validation
  • Automatic image vulnerability scanning
  • Secrets management
  • Full observability
  • Kubernetes best-practices
  • GitOps workflow

Learn more about Otomi at otomi.io.

Integrated applications

Otomi ships with the following pre-configured and ready-to-use applications and add-ons:

  • Istio: The service mesh framework with end-to-end transit encryption
  • Knative: Deploy and manage serverless workloads
  • Prometheus: Collecting container application metrics
  • Loki: Collecting container application logs
  • Harbor: Container image registry with role-based access control, image scanning, and image signing
  • HashiCorp Vault: Manage Secrets and Protect Sensitive Data
  • Kubeapps: Launching and managing applications on Kubernetes
  • Keycloak: Identity and access management for modern applications and services
  • OPA: Policy-based control for cloud-native environments
  • Let's Encrypt: A nonprofit Certificate Authority providing industry-recognized TLS certificates
  • Jaeger: End-to-end distributed tracing and monitor for complex distributed systems
  • Kiali: Observe Istio service mesh relations and connections
  • External DNS: Synchronize exposed ingresses with DNS providers
  • Drone: Continuous integration platform built on Docker

Projects

Otomi consists out of multiple projects:

  • Otomi Core (this project): The heart of Otomi
  • Otomi Tasks: Autonomous jobs orchestrated by Otomi Core
  • Otomi API: The brain of Otomi, handling console input and talking to Otomi Core
  • Otomi Console: The UI of Otomi for admins and teams, talking to Otomi API
  • Otomi Clients: Factory to build and publish openapi clients used in the redkubes/otomi-tasks repo

📖 Documentation

Check out the dev docs index for developer documentation or go to otomi.io for more detailed documentation.

Contribution

If you wish to contribute please read our Contributor Code of Conduct and Contribution Guidelines.

If you want to say thank you or/and support the active development of Otomi:

  • Add a GitHub Star to the project
  • Write interesting articles about the project on Dev.to, Medium or on your personal blog

⚠️ License

Otomi is free and open-source software licensed under the Apache 2.0 License.