Installation Guide

Okteto Enterprise is a development platform for Kubernetes applications. Build better applications by developing and testing your code directly in your own Kubernetes infrastructure. Give your team the power of Okteto Cloud, with the control and flexibility of running in your own infrastructure.

Okteto Enterprise is free to try. The free trial includes all the Okteto Enterprise features for up to 3 users with 3 namespaces each. Want to try Okteto Enterprise with a bigger team? Let's talk 😎.

Okteto Enterprise is distributed as a Helm chart. This guide will walk you through the requirements and show you how to install Okteto Enterprise in your own Kubernetes cluster.

1. Prerequisites

1.1. Kubernetes

You need a running Kubernetes cluster v1.13+. If you do not have one, find options and installation instructions here.

MutatingAdmissionWebhook and ValidatingAdmissionWebhook must be enabled. They are enabled by default.

1.2. Helm

We recommend installing Helm v3.0.2 or later. See their quickstart guide for details.

Once Helm is installed and initialized, run the following:

helm repo add okteto https://charts.okteto.com
helm repo update

1.3. DNS

Okteto creates certificates and endpoints for your services automatically. You'll need to provide a top-level domain (TLD) or a subdomain, and it needs to be managed by Route53, Cloud DNS or Digital Ocean. You'll also need to provide credentials for Okteto to be able to create entries there. This is required in order to generate valid TLS certificates for your applications and development environments.

We recommend giving Okteto a dedicated subdomain to prevent DNS collisions with other applications or services.

Follow these instructions to create the necessary accounts and secrets.

1.4. OAuth Credentials

You can choose between Google or Github for authenticating your team members:

1.4.1. Google OAuth Credentials

You need to provide a set of OAuth 2 credentials for authentication.

The credentials should be configured as follows:

Authorized javascript origin:

https://okteto.SUBDOMAIN

Authorized redirect URIs:

https://okteto.SUBDOMAIN
https://okteto.SUBDOMAIN/auth/callback

The client id and client secret will be provided as part of the configuration.

1.4.2. Github OAuth Credentials

You need to provide a set of OAuth 2 credentials for authentication.

The credentials should be configured as follows: Homepage URL:

https://okteto.SUBDOMAIN

Authorization callback URL:

https://okteto.SUBDOMAIN/auth/callback

The client id and client secret will be provided as part of the configuration.

2. Configuration

2.1. Required settings

To start, copy https://charts.okteto.com/config.yaml and save it locally. This will be your configuration file for the Okteto Enterprise Helm chart.

Fill in the settings in config.yaml.

You'll need to provide the email of the application owner, the OAuth client and secret, the public endpoint of your Kubernetes cluster, the subdomain that the application will use and, optionally, your license key.

auth:
google:
enabled: true
clientId: clientid.apps.googleusercontent.com
clientSecret: clientSecret
cluster:
endpoint: "https://10.10.10.1"
subdomain: "example.com"

If you are using Github:

auth:
github:
enabled: true
clientId: clientID
clientSecret: clientSecret
whitelist:
- githubID-1
- githubID-2
- ...
- githubID-N

An empty whitelist field authorizes all github users.

You also need to add settings and credentials for the cloud provider you'll be using.

GCP:

cloud:
provider:
gcp:
enabled: true
project: "project-id"

AWS:

cloud:
provider:
aws:
enabled: true
region: "us-west-2"
iam:
enabled: true
accessKeyID: "IAM_ACCESS_KEY"

Digital Ocean:

cloud:
provider:
digitalocean:
enabled: true

2.2. Configuration settings

The full list of supported configuration setting and their default values is available here.

If you are using hard multitenancy, you need to activate the following admission controllers:

  • LimitRanger and ResourceQuota for supporting quotas. Enabled by default.
  • PodSecurityPolicy for limiting the security context of containers. Not enabled by default.
  • Network policies are implemented by the network plugin, so you must be using a networking solution which supports NetworkPolicy.

2.3. License

Okteto Enterprise is free to try. Without a license, you'll be limited to managing 3 users with 3 namespaces each.

Once you’ve received your license from Okteto, you can add it to your config.yaml at installation or upgrade time:

license: licenseKey
auth:
google:
...

Don't have a license? Talk to us and start you free trial today.

3. Install

3.1. Create namespace and CRDs

Run the command below to create a namespace for the application and the necessary CRDs. You only need to do this once per cluster.

$ kubectl apply -f https://charts.okteto.com/namespace.yaml
$ kubectl apply --validate=false -f https://charts.okteto.com/crds.yaml

The namespace.yaml manifest assumes you'll be installing the application into the okteto namespace. If you are not doing this, you'll need to update the file before creating the namespace.

Note: If you are running Kubernetes v1.15 or below, you will need to add the --validate=false flag to your kubectl apply command above else you will receive a validation error relating to the x-kubernetes-preserve-unknown-fields field in cert-manager’s CustomResourceDefinition resources. This is a benign error and occurs due to the way kubectl performs resource validation.

3.2. Cloud secret

You'll need to create a secret named okteto-cloud-secret to store your Cloud Provider secret.

For AWS:

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=IAM_ACCESS_SECRET

For GCP:

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-file=key=key.json

For Digital Ocean:

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=YOUR_PERSONAL_TOKEN

3.3. Install Okteto Enterprise

After adding the Okteto repo (see section 1.2) you can install Okteto Enterprise by running:

$ helm repo add okteto https://charts.okteto.com
$ helm repo update
$ helm install <your-release-name> okteto/okteto-enterprise -f config.yaml --namespace=okteto

For example:

$ helm repo add okteto https://charts.okteto.com
$ helm repo update
$ helm install enterprise okteto/okteto-enterprise -f config.yaml --namespace=okteto

If no Helm Chart version is specified the latest version will be installed.

Once the chart is installed, follow the onscreen instructions to finalize the configuration.

3.4. Upgrading Okteto Enterprise

To upgrade an existing release, modify the config.yaml with your desired changes and then use:

$ helm repo update
$ helm upgrade <your-release-name> okteto/okteto-enterprise -f config.yaml --namespace=okteto --version <version_number>

For example:

$ helm repo update
$ helm upgrade enterprise okteto/okteto-enterprise -f config.yaml --namespace=okteto --version 0.3.0

You can use helm ls to find the name of your release.

3.5. Uninstalling Okteto Enterprise

To delete an existing release use:

helm delete <your-release-name>

This will delete Okteto Enterprise, but not the resources created when using it (e.g. namespaces, accounts, deployments, etc...).