DNS and certificates

As part of the installation, Okteto will create a wild-card certificate for the ingress to use, by issuing a request to LetsEncrypt. In order for the certificate to be validated, the chart needs to be able to create TXT entries.

Cloud DNS

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts/create, and create a new service account with the DNS Administrator role. Make sure that you're creating it in the same project that you'll use for Okteto.
  2. Once the account is created, create a key for it with JSON format, and save it locally. You'll need this file when installing Okteto Enterprise.

Make sure that the account and secret are created in the same project and namespace where you'll be installing Okteto Enterprise.

Further information on this is available here.

Route 53

There are two ways to configure route53: 1. Configure the IAM your kubernetes nodes are using to have access to Route53. If following this approach, then you don't need to perform any additional tasks. 1. Create a dedicated IAM with the permissions described below. Save the Access Key ID and Secret Access Key somewhere safe, you'll need these values when installing or upgrading Okteto Enterprise.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}

Further information on this is available here.

Digital Ocean

  1. Go to https://cloud.digitalocean.com/account/api/tokens and generate a new personal access token with read and write access.

  2. Save the key somewhere safe. You'll need it when installing Okteto Enterprise.

Further information on this is available here.