Self-hosted PaaS for Kubernetes

Add developer- and operations-centric tools, automation and self-service on top of Kubernetes in any infrastructure or cloud. 1 install, 1 spec, and 1 console to build, deploy, secure, expose and monitor containerized applications.

Otomi helps

Developers - To focus on their apps only

• Build images from application code
• Deploy containerized workloads without writing any YAML
• Direct access to logs and metrics
• Store charts and images in a private registry
• Build and run custom CI pipelines
• Easy ingress and network policy configuration
• Manage your own secrets

Platform teams - To setup and manage production-ready Kubernetes-based platforms

• Onboard development teams in a comprehensive multi-tenant setup
• Get all the required K8s tools in an integrated and automated way
• Create your platform profile and deploy to any K8s
• One schema to manage all platform configuration
• Ensure governance with security policies
• Implement zero-trust networking
• Make development teams self-serving
• Change the desired state of the platform based on Configuration-as-Code
• Support multi- and hybrid cloud scenarios

Getting started

Helm

To install Otomi using Helm, make sure to have a K8s cluster running with at least:

• Version 1.23 up to 1.24
• A node pool with 6 vCPU and 8GB+ RAM (more is advised!)
• Calico CNI installed (or any other CNI that supports K8s network policies)
• When installing using the custom provider, make sure the K8s LoadBalancer Service created by Otomi can obtain an external accessible IP (using a cloud load balancer or MetalLB)

Add the Helm repository:

helm repo add otomi https://otomi.io/otomi-core
helm repo update

and then install the Helm chart:

helm install otomi otomi/otomi \
--set cluster.k8sVersion=$VERSION \ # 1.23 and 1.24 are supported
--set cluster.name=$CLUSTERNAME \
--set cluster.provider=$PROVIDER # use 'azure', 'aws', 'google', 'digitalocean', 'ovh', 'vultr', 'scaleway' or 'custom' for any other cloud or onprem K8s

When the installer job is completed, follow the activation steps.

Integrated K8s applications

Otomi installs, configures, integrates and automates all of your favorite K8s apps:

• Istio: The service mesh framework with end-to-end transit encryption
• Velero: Back up and restore your Kubernetes cluster resources and persistent volumes
• Argo CD: Declarative continuous deployment
• Knative: Deploy and manage serverless workloads
• Prometheus: Collecting container application metrics
• Grafana: Visualize metrics, logs, and traces from multiple sources
• Loki: Collecting container application logs
• Harbor: Container image registry with role-based access control, image scanning, and image signing
• HashiCorp Vault: Manage Secrets and Protect Sensitive Data
• Kubeapps: Launching and managing applications on Kubernetes
• Keycloak: Identity and access management for modern applications and services
• OPA/Gatekeeper: Policy-based control for cloud-native environments
• Let's Encrypt: A nonprofit Certificate Authority providing industry-recognized TLS certificates
• Jaeger: End-to-end distributed tracing and monitor for complex distributed systems
• Kiali: Observe Istio service mesh relations and connections
• External DNS: Synchronize exposed ingresses with DNS providers
• Drone: Continuous integration platform built on Docker
• Gitea: Self-hosted Git service
• Nginx Ingress Controller: Ingress controller for Kubernetes
• Minio: High performance Object Storage compatible with Amazon S3 cloud storage service
• Trivy: Kubernetes-native security toolkit
• Thanos: HA Prometheus setup with long term storage capabilities
• Falco: Cloud Native Runtime Security
• Opencost: Cost monitoring for Kubernetes
• Tekton Pipeline: K8s-style resources for declaring CI/CD pipelines.
• Paketo build packs: Cloud Native Buildpack implementations for popular programming language ecosystems
• KubeClarity: Detect vulnerabilities of container images

Otomi Features

• Activate capabilities to compose your own platform
• GitOps out-of-the-box
• Container image scanning (at the gate and during runtime)
• Security policies (at the gate and during runtime)
• Advanced ingress architecture
• Network policies for internal ingress and external egress
• Deploy workloads the GitOps way without writing any YAML
• Create and manage secrets in Vault and use them in workloads
• Role-based access to all integrated tools
• Comprehensive multi-tenant setup
• Automation tasks for Harbor, Keycloak, ArgoCD, Vault, Velero, Gitea and Drone
• Expose services on multiple (public/private) networks
• SOPS/KMS for encryption of sensitive configuration values
• BYO IdP, DNS and/or CA

And much more...

Otomi Projects

The open source Core of Otomi consists out of the following projects:

• Otomi Core (this project): The heart of Otomi
• Otomi Tasks: Autonomous jobs orchestrated by Otomi Core
• Otomi Clients: Factory to build and publish openapi clients used in the redkubes/otomi-tasks repo

Documentation

Check out the dev docs index for developer documentation or go to otomi.io for more detailed documentation.

Contribution

If you wish to contribute please read our Contributor Code of Conduct and Contribution Guidelines.

If you want to say thank you or/and support the active development of Otomi:

• Star the Otomi project on Github
• Feel free to write articles about the project on dev.to, medium or on your personal blog and share your experiences

This project exists thanks to all the people who have contributed

License

Otomi is licensed under the Apache 2.0 License.