Installation Preparation

Requirements

In order to fully install Okteto Enterprise, you'll need the following:

• A domain to which you can add a wildcard DNS record.
• A Kubernetes cluster.
• A working installation of kubectl.
• A working installation of Helm v3.
• A Bitbucket, Github or Google OAuth application, or an OpenID Connect application.
• Credentials of your Cloud Provider.
• A bucket (or equivalent block storage).
• An Okteto Enterprise License (optional)

Domain

You'll need to have access to an domain to which you can add a wildcard DNS record.

This can be a root domain (e.g. example.com) or a subdomain (e.g. dev.example.com). Okteto Enterprise ues Let's Encrypt to generate valid TLS servers, so your domain needs to be available over the internet.

The domain needs to be registered with the same cloud provider you'll be using to store you private images.

Deploy a Kubernetes cluster

We recommend that you follow your cloud provider's Kubernetes cluster creation guide.

We recommend the following specs:

• v1.15 or newer.
• A pool with at least 3 nodes with a mininum of 4CPUs and 16GB of Memory
• 100 GB per disk

You'll be using the cluster's API server endpoint when configuring Okteto Enterprise.

Installing kubectl

Follow the official Kubernetes documention for installing kubectl.

Be sure to configure your kubectl to talk to your newly minted cluster.

Installing Helm v3

Follow the official documentation for installing the latest release of Helm v3.

Authentication

Okteto Enterprise uses OAuth for user authentication. It currently supports Github, Google, and OpenID Connect.

• Bitbucket
• Github
• Google
• OpenID Connect

Follow Github's official documentation on how to create an OAuth App.

When creating the OAuth App, you will need to provide the following values:

Homepage URL:

https://okteto.DOMAIN

Authorization callback URL:

https://okteto.DOMAIN/auth/callback

You'll use the client ID and client Secret when installing Okteto Enterprise.

Cloud Provider Account

Okteto Enterprise needs to perform the following actions on your cloud provider:

1. Create and list DNS entries (this is used when generating and renewing certificates)
2. Read and Write from block storage (this is used when pulling and pushing images to the registry)

Please refer to the following documents on how to create the credentials in the different cloud providers:

• Azure
• AWS
• Digital Ocean
• Google Cloud

Registering your Domain

Follow these instructions to register your domain in Route53.

Register your domain using the same account used to create your EKS cluster.

Creating an S3 Bucket

Okteto Enterprise uses S3 to store your private images. Follow Amazon's guide on how to create s3 buckets. Create the bucket in the region as your EKS cluster, and keep it private.

Creating an IAM

The Okteto Enterprise sub-components need access to Route 53 (to fulfill the ACME challenge for the certificates) and S3 (for uploading and downloading your container images).

We recommend you follow AWS' official documentation on how to create and manage IAM Users for more information on this.

Create an IAM User with the following actions (replace YOUR_BUCKET with your s3 bucket name):

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": "route53:GetChange",
          "Resource": "arn:aws:route53:::change/*"
      },
      {
          "Effect": "Allow",
          "Action": "route53:ChangeResourceRecordSets",
          "Resource": "arn:aws:route53:::hostedzone/*"
      },
      {
          "Effect": "Allow",
          "Action": "route53:ListHostedZonesByName",
          "Resource": "*"
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:ListBucket",
              "s3:GetBucketLocation",
              "s3:ListBucketMultipartUploads"
          ],
          "Resource": "arn:aws:s3:::YOUR_BUCKET"
      },
      {
          "Effect": "Allow",
          "Action": [
              "s3:PutObject",
              "s3:GetObject",
              "s3:DeleteObject",
              "s3:ListMultipartUploadParts",
              "s3:AbortMultipartUpload"
          ],
          "Resource": "arn:aws:s3:::YOUR_BUCKET/*"
      }
  ]
}

Once the IAM User is created, generate a set of Access keys and save them locally. You'll use the keys when installing Okteto Enterprise.

You'll use the credentials when installing Okteto Enterprise.

Deploying Okteto Enterprise

With the environment set up and configuration generated, you can now proceed to the deployment of Okteto Enterprise.