Deploy Okteto Enterprise

Create the Okteto Namespace

Run the command below to create a namespace for the application and the necessary CRDs.

$ kubectl apply -f https://charts.okteto.com/namespace.yaml
$ kubectl apply --validate=false -f https://charts.okteto.com/crds.yaml

The namespace.yaml manifest assumes you'll be installing the application into the okteto namespace. If you are not doing this, you'll need to update the file before creating the namespace.

Note: If you are running Kubernetes v1.15 or below, you will need to add the --validate=false flag to your kubectl apply command above else you will receive a validation error relating to the x-kubernetes-preserve-unknown-fields field in cert-manager’s CustomResourceDefinition resources. This is a benign error and occurs due to the way kubectl performs resource validation.

Configuration file

Before running helm install, we recommend that you create a yaml configuration file with your choices about how to install Okteto Enterprise. This guide will walk you through the most common options. A complete list of configuration options is available here.

You can use this sample configuration file as a starting point. The different configuration settings are explained below.

Email

You'll need to provide the email of the application owner.

Cluster Endpoint

This is the public endpoint of your Kubernetes cluster. It will be used by Okteto when generating Kubeconfig credentials for your users.

cluster:
endpoint: "https://52.30.32.1"

Domain

The domain (or subdomain) managed by your Okteto Enterprise installation.

Your users will be able to access your Okteto Enterprise instance at okteto.$SUBDOMAIN. All ingresses created by okteto will be use it as well (e.g. https://app-$NAMESPACE.$SUBDOMAIN)

subdomain: "example.com"

License

Okteto Enterprise is free to try. Without a license, you'll be limited to managing up to 3 users with 3 namespaces each.

license: XXXXX

Don't have a license? Talk to us and start you free trial today.

Authentication

Okteto Enterprise supports using Github or Google as authentication providers.

Use the clientId and clientSecret that you created in the previous step.

auth:
github:
enabled: true
clientId: clientID
clientSecret: clientSecret
whitelist:
- githubID-1
- githubID-2
- ...
- githubID-N

An empty whitelist field authorizes all github users.

Cloud Provider

Specify the cloud provider you'll use, as well as identity details.

cloud:
provider:
aws:
enabled: true
bucket: "Bucket Name"
region: "AWS region"
iam:
accessKeyID: "IAM Access Key"

Cloud Provider Secret

Create a secret named okteto-cloud-secret to store the Cloud Provider credentials created in the preparation step.

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=IAM_ACCESS_SECRET

Deploy the Okteto Enterprise Chart

Run helm install to deploy your Okteto Enterprise instance. In this example, we’ve named our Helm release okteto.

$ helm repo add okteto https://charts.okteto.com
$ helm repo update
$ helm install okteto okteto/okteto-enterprise -f config.yaml --namespace=okteto

You can also use --version version if you would like to install a specific version of Okteto Enterprise.

The status of the deployment can be checked by running helm status okteto.

Post Install Configuration

Once the chart is installed, follow the onscreen instructions to finalize the configuration.

Initial login

You can access your Okteto Enterprise instance by going to https://okteto.$SUBDOMAIN. An account will be automatically created for when you successfully authenticate with your authentication provider.