Installation Preparation
Requirements
In order to fully install Okteto Enterprise, you'll need the following:
- A domain to which you can add a wildcard DNS record.
- A Kubernetes cluster.
- A working installation of kubectl.
- A working installation of Helm v3.
- A Bitbucket, Github or Google OAuth application, or an OpenID Connect application.
- Credentials of your Cloud Provider.
- A bucket (or equivalent block storage).
- An Okteto Enterprise License (optional)
Domain
You'll need to have access to an domain to which you can add a wildcard DNS record.
This can be a root domain (e.g. example.com) or a subdomain (e.g. dev.example.com). Okteto Enterprise ues Let's Encrypt to generate valid TLS servers, so your domain needs to be available over the internet.
The domain needs to be registered with the same cloud provider you'll be using to store you private images.
Deploy a Kubernetes cluster
We recommend that you follow your cloud provider's Kubernetes cluster creation guide.
We recommend the following specs:
- v1.15 or newer.
- A pool with at least 3 nodes with a mininum of 4CPUs and 16GB of Memory
- 100 GB per disk
You'll be using the cluster's API server endpoint when configuring Okteto Enterprise.
Installing kubectl
Follow the official Kubernetes documention for installing kubectl.
Be sure to configure your kubectl to talk to your newly minted cluster.
Installing Helm v3
Follow the official documentation for installing the latest release of Helm v3.
Authentication
Okteto Enterprise uses OAuth for user authentication. It currently supports Github, Google, and OpenID Connect.
- Bitbucket
- Github
- OpenID Connect
Follow Github's official documentation on how to create an OAuth App.
When creating the OAuth App, you will need to provide the following values:
Homepage URL:
https://okteto.DOMAIN
Authorization callback URL:
https://okteto.DOMAIN/auth/callback
You'll use the client ID
and client Secret
when installing Okteto Enterprise.
Cloud Provider Account
Okteto Enterprise needs to perform the following actions on your cloud provider:
- Create and list DNS entries (this is used when generating and renewing certificates)
- Read and Write from block storage (this is used when pulling and pushing images to the registry)
Please refer to the following documents on how to create the credentials in the different cloud providers:
- Azure
- AWS
- Digital Ocean
- Google Cloud
Registering your Domain
Follow these instructions to register your domain in Route53.
Register your domain using the same account used to create your EKS cluster.
Creating an S3 Bucket
Okteto Enterprise uses S3 to store your private images. Follow Amazon's guide on how to create s3 buckets. Create the bucket in the region as your EKS cluster, and keep it private.
Creating an IAM
The Okteto Enterprise sub-components need access to Route 53 (to fulfill the ACME challenge for the certificates) and S3 (for uploading and downloading your container images).
We recommend you follow AWS' official documentation on how to create and manage IAM Users for more information on this.
Create an IAM User
with the following actions (replace YOUR_BUCKET
with your s3
bucket name):
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "route53:GetChange", "Resource": "arn:aws:route53:::change/*" }, { "Effect": "Allow", "Action": "route53:ChangeResourceRecordSets", "Resource": "arn:aws:route53:::hostedzone/*" }, { "Effect": "Allow", "Action": "route53:ListHostedZonesByName", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": "arn:aws:s3:::YOUR_BUCKET" }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": "arn:aws:s3:::YOUR_BUCKET/*" } ]}
Once the IAM User
is created, generate a set of Access keys and save them locally. You'll use the keys when installing Okteto Enterprise.
You'll use the credentials when installing Okteto Enterprise.
Deploying Okteto Enterprise
With the environment set up and configuration generated, you can now proceed to the deployment of Okteto Enterprise.