Deploy Okteto Enterprise
Create the Okteto Namespace
Run the commands below to create a namespace for the application and the necessary CRDs.
$ kubectl apply -f https://charts.okteto.com/namespace.yaml
$ kubectl apply -f https://charts.okteto.com/crds.yaml
The namespace.yaml
manifest assumes you'll be installing the application into the okteto
namespace. If you are not doing this, you'll need to update the file before creating the namespace.
Note: If you are running Kubernetes v1.15 or below, you will need to add the --validate=false flag to your kubectl apply command above else you will receive a validation error relating to the x-kubernetes-preserve-unknown-fields field in cert-manager's CustomResourceDefinition resources. This is a benign error and occurs due to the way kubectl performs resource validation.
Configuration file
Before running helm install
, we recommend that you create a yaml configuration file with your choices about how to install Okteto Enterprise. This guide will walk you through the most common options. A complete list of configuration options is available here.
You can use this sample configuration file as a starting point. The different configuration settings are explained below.
You'll need to provide the email of the application owner.
Cluster Endpoint
This is the public endpoint of your Kubernetes cluster. It will be used by Okteto when generating Kubeconfig
credentials for your users.
cluster: endpoint: "https://52.30.32.1"
Domain
The domain (or subdomain) managed by your Okteto Enterprise installation.
Your users will be able to access your Okteto Enterprise instance at okteto.$SUBDOMAIN
. All ingresses created by okteto will be use it as well (e.g. https://app-$NAMESPACE.$SUBDOMAIN)
subdomain: "example.com"
License
Okteto Enterprise is free to try. Without a license, you'll be limited to managing up to 3 users with 3 namespaces each.
license: XXXXX
Don't have a license? Talk to us and start your free trial today.
You can also use a secret to store the license.
Authentication
Okteto Enterprise supports using Bitbucket, Github, Google, or OpenID Connect as authentication providers.
Use the clientId
and clientSecret
that you created in the previous step.
- Bitbucket
- Github
- OpenID Connect
auth: github: enabled: true clientId: clientID clientSecret: clientSecret organization: my-org
An empty organization
field allows any Github user to authenticate.
You can also use a secret to store the sensitive part of these credentials.
Cloud Provider
Specify the cloud provider you will use, as well as identity details.
- Azure
- AWS
- Digital Ocean
- Google Cloud
cloud: provider: aws: enabled: true bucket: "Bucket Name" region: "AWS region" iam: accessKeyID: "IAM Access Key"
Cloud Provider Secret
Create a secret named okteto-cloud-secret
to store the Cloud Provider credentials created in the preparation step.
- Azure
- AWS
- Digital Ocean
- Google Cloud
$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=IAM_ACCESS_SECRET
IAM_ACCESS_SECRET
: The access secret of an IAM with read/write permissions to the bucket and Route53 zone specified in the configuration.
Deploy the Okteto Enterprise Chart
Run helm install
to deploy your Okteto Enterprise instance. In this example, we have named our Helm release okteto.
$ helm repo add okteto https://charts.okteto.com$ helm repo update$ helm install okteto okteto/okteto-enterprise -f config.yaml --namespace=okteto
You can also use --version version
if you would like to install a specific version of Okteto Enterprise.
Check the status of the deployment by running helm status okteto
.
Post Install Configuration
Once the chart is installed, follow the onscreen instructions to finalize the configuration.
Initial login
You can access your Okteto Enterprise instance by going to https://okteto.$SUBDOMAIN. An account will be automatically created for you as part of the login process.