Developers - To focus on their apps only

• Easy deployment of containerized workloads
• Direct access to logs and metrics
• Store charts and images in a private registry
• Build and run custom CI pipelines
• Enable declarative end-to-end workload lifecycle management
• Easy ingress and network policy configuration
• Manage your own secrets

Platform teams - To setup and manage production-ready Kubernetes-based platforms

• Onboard development teams in a comprehensive multi-tenant setup
• Get all the required K8s tools in an integrated way
• Create your platform profile and deploy to any K8s
• One schema to manage all platform configuration
• Ensure governance with security policies
• Implement zero-trust networking
• Make development teams self-serving
• Change the desired state of the platform based on Configuration-as-Code
• Support multi and hybrid cloud scenarios

To install Otomi using Helm, make sure to have a K8s cluster running with at least:

• Version 1.20 up to 1.23
• A node pool with 6 vCPU and 8GB+ RAM (more is advised!)
• Calico CNI installed (or any other CNI that supports K8s network policies)
• When installing using the custom provider, make sure the K8s LoadBalancer Service created by Otomi can obtain an external accessible IP (using a cloud load balancer or MetalLB)

Add the Helm repository:

helm repo add otomi https://otomi.io/otomi-core \
helm repo update

and then install the Helm chart:

helm install otomi otomi/otomi \
--set cluster.k8sVersion=$VERSION \ # 1.20, 1.21, 1.22 and 1.23 are supported
--set cluster.name=$CLUSTERNAME \
--set cluster.provider=$PROVIDER # use 'azure', 'aws', 'google', 'digitalocean', 'ovh', 'vultr', or 'custom' for any other cloud or onprem K8s

When the installer job is completed, follow the activation steps.

Otomi installs, configures, integrates and automates all of your favorite K8s apps:

• Istio: The service mesh framework with end-to-end transit encryption
• Velero: Back up and restore your Kubernetes cluster resources and persistent volumes
• Argo CD: Declarative continuous deployment
• KubeClarity: Detect vulnerabilities of container images
• Knative: Deploy and manage serverless workloads
• Prometheus: Collecting container application metrics
• Grafana: Visualize metrics, logs, and traces from multiple sources
• Loki: Collecting container application logs
• Harbor: Container image registry with role-based access control, image scanning, and image signing
• HashiCorp Vault: Manage Secrets and Protect Sensitive Data
• Kubeapps: Launching and managing applications on Kubernetes
• Keycloak: Identity and access management for modern applications and services
• OPA/Gatekeeper: Policy-based control for cloud-native environments
• Let's Encrypt: A nonprofit Certificate Authority providing industry-recognized TLS certificates
• Jaeger: End-to-end distributed tracing and monitor for complex distributed systems
• Kiali: Observe Istio service mesh relations and connections
• External DNS: Synchronize exposed ingresses with DNS providers
• Drone: Continuous integration platform built on Docker
• Gitea: Self-hosted Git service
• Nginx Ingress Controller: Ingress controller for Kubernetes
• Minio: High performance Object Storage compatible with Amazon S3 cloud storage service
• Trivy: Kubernetes-native security toolkit
• Thanos: HA Prometheus setup with long term storage capabilities
• Falco: Cloud Native Runtime Security

• Drag and drop tools to create your own preferred suite
• GitOps out-of-the-box
• Container image scanning (at the gate and during runtime)
• Security policies (at the gate and during runtime)
• Advanced ingress architecture with self-service
• Network policies for internal ingress and external egress
• Deploy workloads without writing any YAML
• Create and manage secrets in Vault and use them in workloads
• Role-based access to all integrated tools
• Comprehensive multi-tenant setup
• Automation tasks for Harbor, Keycloak, ArgoCD, Vault, Gitea and Drone
• Expose services on multiple (public/private) networks
• SOPS/KMS for encryption of sensitive configuration values
• BYO IdP, DNS and/or CA

And much more...

The open source Core of Otomi consists out of the following projects:

• Otomi Core (this project): The heart of Otomi
• Otomi Tasks: Autonomous jobs orchestrated by Otomi Core
• Otomi Clients: Factory to build and publish openapi clients used in the redkubes/otomi-tasks repo

Check out the dev docs index for developer documentation or go to otomi.io for more detailed documentation.

If you wish to contribute please read our Contributor Code of Conduct and Contribution Guidelines.

If you want to say thank you or/and support the active development of Otomi:

• Star the Otomi project on Github
• Feel free to write articles about the project on dev.to, medium or on your personal blog and share your experiences

This project exists thanks to all the people who have contributed

Otomi is licensed under the Apache 2.0 License.