KOTO: A Kubernetes-Based Platform for Secure and Scalable OT Orchestration in Industry 5.0

The progressive digitization of Operation Technology (OT), thanks also to the integration of Industrial Internet of Things (IIoT) devices, is reshaping the landscape of modern industrial systems. This introduces additional complexity and amplifies the heterogeneity across hardware and software ecosystems, thus exacerbating the challenges of orchestration and lifecycle management, which become particularly intricate and demanding. To meet these challenges, modern DevOps practices, such as Continuous Integration and Continuous Deployment (CI/CD), runtime observability, and fine-grained access control, are essential to shorten time-to-market, ensure service quality, manage operational complexity, while providing security guarantees. Moving a step toward seamless integration of OT into cloud-native ecosystems, we propose Kubernetes-based OT Orchestrator (KOTO), an orchestration platform that extends Kubernetes to enable comprehensive lifecycle management of OT devices in industrial environments. KOTO bridges the gap between IT and OT by seamlessly integrating with existing CI/CD pipelines and implementing Role-Based Access Control (RBAC) mechanisms tailored to device-level permissions. It abstracts the management of heterogeneous, multi-vendor hardware through a unified abstraction, enabling scalable and secure operations across diverse industrial setups. Without loss of generality, we demonstrate the use of the platform in managing Programmable Logic Controllers (PLCs). We then perform extensive evaluations in a realistic deployment environment, validating KOTO's effectiveness in enhancing operational resilience and responsiveness.