Hi all, not sure if it is good place to ask but I'm looking for an IDP solution (OSS prefered) that can be self-hosted due to security compliant. Any advice/suggestion?

Try Backstage. I had it implemented in the organization.

Curious what you mean by IDP? Backstage is a great suggestion for a portal but may be more difficult for other definitions of IDP 🤔 Might help if you share some of the user experiences / journeys you plan to offer?

Internal Developer Platform, I mean. We are now developing Azure AKS-base dev box for every developers in the company. The problem is, the process of provisioning and maintaining a dev box is quite cumbersome and mostly done with CLI and ArgoCD. We are looking for a solution with friendly UI so that any developer (even new hired) can easily spin up their own dev box and monitor it.

Got it. So you have a bunch of automation already, and are thinking about how to make the interface a bit nicer for your users. Backstage very well might do the trick! Word of caution it is a whole lotta JS by default, and tempts you into adding your business logic directly into the UI framework which can be a nightmare to maintain / evolve long term. All solvable things but good to go into it with those design patterns in mind!

Hi @Hung Tran what are the security measures you need to comply with? Atlassian Compass is really easy to use and requires little admin work compared to something that needs to be self-hosted, you can literally have an IDP setup and populated in under an hour. The Atlassian SaaS products are used by banks globally and are compliant with their security needs… Just wondering if there is some security requirement that I’m not across?

At Open Infrastructure Services, we've built a holistic platform of deeply integrated off the shelf open source projects. It focuses on the developer's experience of build / test / deploy by paving golden paths for authn/authz, safe rollouts (blue/green, canary analysis), and secrets management. Please reach out to me if you'd like to learn more, we provide services to get it up and running quickly and customize it. The integrated platform is a self hosted combination of: • Keycloak for identity and oidc • Prometheus/Thanos/AlertManager/Grafana for Observability • Hashicorp Vault and External Secrets Operator for secrets management • ArgoCD and Argo Rollouts for blue/green and canary roll-outs • Istio & Kiali for authentication, authorization, and blue/green deployments • Kubernetes for the cluster API and workload orchestration

@Andrew Boyagi all our infra component are not allowed to access from outside. Everything must be self-hosted or Azure PaaS with private endpoint to connect to our internal VNET

Tough requirement @Hung Tran! Let me know if I can be of any help.