Otterize is a platform for implementing intent-based access control (IBAC) for workloads. The platform is composed of Otterize OSS, which is tailored for a single Kubernetes cluster, and Otterize Cloud, which adds visibility and operationalization across Kubernetes clusters and non-Kubernetes infrastructures.
Otterize enables platform engineers to easily implement, expand, and unify secured access for their Kubernetes workloads.
Dive right in with simple demos to manage access control:
- Create and manage network policies.
- Network policies on AWS EKS with the VPC CNI.
- Create and manage Istio authorization policies.
- Configure secure access for Kafka using Otterize Cloud mTLS, or using cert-manager mTLS.
Or visualize communication in your cluster:
- Network mapping a Kubernetes cluster.
- Istio HTTP-level access mapping.
- Kafka topic-level access mapping.
The Otterize OSS components are standalone open-source projects that implement intent-based access control (IBAC) for a single Kubernetes cluster. This same set of components is used to integrate with Otterize Cloud.
- The Otterize intents operator translates ClientIntents resources to access controls: currently, network policies for pod-to-pod access, and ACLs for in-cluster Kafka client access. See it in GitHub
- The Otterize credentials operator integrates with SPIFFE/SPIRE to handle pod identities and manage certificates. See it in GitHub
- The Otterize network mapper sniffs pod-to-pod traffic and builds a network map, which is useful on its own and may also be exported as client intents files for bootstrapping IBAC. See it in GitHub
The Otterize CLI is used to control the network mapper or output its data, convert non-Kubernetes client intents files (if needed) to Kubernetes custom resource YAMLs, interface with the Otterize Cloud.
Open source and Cloud
Otterize OSS is a standalone open-source implementation of intent-based access control (IBAC) for a single Kubernetes cluster. As well as being open source, Otterize OSS is completely free, licensed under the Apache 2.0 license and does not require Otterize Cloud.
Otterize Cloud adds unified visibility and operationalization, and spans multiple Kubernetes clusters as well as (coming soon) non-Kubernetes infrastructures.
Read more in our product page.