Run the commands below to create a namespace for the application and the necessary CRDs.
namespace.yaml manifest assumes you'll be installing the application into the
okteto namespace. If you are not doing this, you'll need to update the file before creating the namespace.
Note: If you're running Kubernetes v1.16 or below, you will need to add the --validate=false flag to your kubectl apply command above else you will receive a validation error relating to the x-kubernetes-preserve-unknown-fields field in cert-manager's CustomResourceDefinition resources. This is a benign error and occurs due to the way kubectl performs resource validation.
helm install, we recommend that you create a yaml configuration file with your choices about how to install Okteto Enterprise. This guide will walk you through the most common options. A complete list of configuration options is available here.
You can use this sample configuration file as a starting point. The different configuration settings are explained below.
You'll need to provide the email of the application owner.
This is the public endpoint of your Kubernetes cluster. It will be used by Okteto when generating
Kubeconfig credentials for your users.
The domain (or subdomain) managed by your Okteto Enterprise installation.
Your users will be able to access your Okteto Enterprise instance at
okteto.$SUBDOMAIN. All ingresses created by okteto will be use it as well (e.g. https://app-$NAMESPACE.$SUBDOMAIN)
Okteto Enterprise is free for small teams. You get all the features of Okteto Enterprise for up to 3 users with 3 namespaces each.```
Want to use Okteto Enterprise with a bigger team? Let's talk
You can also use a secret to store the license.
Okteto Enterprise supports using Bitbucket, Github, Google, or OpenID Connect as authentication providers.
clientSecret that you created in the previous step.
- OpenID Connect
workspace field allows any Bitbucket user to authenticate.
organization field allows any Github user to authenticate.
group field allows any user to authenticate.
authorization endpoints must match the value returned in the provider config discovery.
Further configuration settings are described here.
You can also use a secret to store the sensitive part of these credentials.
Specify the cloud provider you'll use, as well as identity details.
- Digital Ocean
- Google Cloud
Create a secret named
okteto-cloud-secret to store the Cloud Provider credentials created in the preparation step.
- Digital Ocean
- Google Cloud
STORAGE_ACCESKEY: A storage account access key with read/write permissions to the storage container specified in the configuration.
SERVICE_PRINCIPAL_PASSWORD: The password of a Service Principal with read/write permissions to the Azure DNS zone specified in the configuration.
IAM_ACCESS_SECRET: The access secret of an IAM with read/write permissions to the bucket and Route53 zone specified in the configuration.
YOUR_PERSONAL_TOKEN: A personal token with read/write permissions to the domain specified in the configuration.
ACCESS_KEY: The access key of the storage space specified in the configuration.
key.json: A file containing the key of a service account with read/write permissions to the CloudDNS zone and storage bucket specified in the configuration.
You can also use the
okteto-cloud-secret secret to store the following values instead of setting them in your helm configuration file:
OKTETO_LICENSE: use this instead of
.Values.licensein your helm configuration file.
GOOGLE_CLIENTSECRET: use this instead of
.Values.auth.google.clientSecretin your helm configuration file.
GITHUB_CLIENTSECRET: use this instead of
.Values.auth.github.clientSecretin your helm configuration file.
BITBUCKET_CLIENTSECRET: use this instead of
.Values.auth.bitbucket.clientSecretin your helm configuration file.
OPENID_CLIENTSECRET: use this instead of
.Values.auth.openid.clientSecretin your helm configuration file.
helm install to deploy your Okteto Enterprise instance. In this example, we have named our Helm release okteto.
You can also use
--version version if you would like to install a specific version of Okteto Enterprise.
Check the status of the deployment by running
helm status okteto.
Once the chart is installed, follow the onscreen instructions to finalize the configuration.
You can access your Okteto Enterprise instance by going to https://okteto.$SUBDOMAIN. An account will be automatically created for you as part of the login process.