Otterize is a platform for implementing intent-based access control (IBAC) for workloads. The platform is composed of Otterize OSS, which is tailored for a single Kubernetes cluster, and Otterize Cloud, which adds visibility and operationalization across Kubernetes clusters and non-Kubernetes infrastructures.
Otterize enables platform engineers to easily implement, expand, and unify secured access for their Kubernetes workloads.
Dive right in with simple demos to:
- Create and manage network policies.
- Configure secure access for Kafka.
- Get full visibility into pod-to-pod traffic.
- Roll out mTLS.
Or, just as quickly and a bit more visually, use a demo ecommerce application to:
- Discover its access graph, including pod-to-pod traffic and access status.
- Gradually roll out IBAC with network policies, first in shadow mode and then with enforcement.
- Gradually roll out IBAC for Kafka.
The Otterize OSS components are standalone open-source projects that implement intent-based access control (IBAC) for a single Kubernetes cluster. This same set of components is used to integrate with Otterize Cloud.
- The Otterize intents operator translates ClientIntents resources to access controls: currently, network policies for pod-to-pod access, and ACLs for in-cluster Kafka client access. See it in GitHub
- The Otterize credentials operator integrates with SPIFFE/SPIRE to handle pod identities and manage certificates. See it in GitHub
- The Otterize network mapper sniffs pod-to-pod traffic and builds a network map, which is useful on its own and may also be exported as client intents files for bootstrapping IBAC. See it in GitHub
The Otterize CLI is used to control the network mapper or output its data, convert non-Kubernetes client intents files (if needed) to Kubernetes custom resource YAMLs, interface with the Otterize Cloud.
Open source and Cloud
Otterize OSS is a standalone open-source implementation of intent-based access control (IBAC) for a single Kubernetes cluster. As well as being open source, Otterize OSS is completely free, licensed under the Apache 2.0 license and does not require Otterize Cloud.
Otterize Cloud adds unified visibility and operationalization, and spans multiple Kubernetes clusters as well as (coming soon) non-Kubernetes infrastructures.
Read more in our product page.