Skip to main content
Version: okteto.com (1.2)

Installation Preparation

Requirements

In order to fully install Okteto, you'll need the following:

  • A domain to which you can add a wildcard DNS record
  • A Kubernetes cluster
  • A working installation of kubectl
  • A working installation of Helm v3
  • A Bitbucket, GitHub, or Google OAuth application, or an OpenID Connect application
  • Credentials of your Cloud Provider
  • A bucket (or equivalent block storage)
  • An Okteto License (optional)

Domain

You'll need to have access to a domain to which you can add a wildcard DNS record.

This can be a root domain (e.g. example.com) or a subdomain (e.g. dev.example.com). By default, Okteto creates a self-signed certificate to secure communication to the Okteto dashboard, the build service, the registry service, and to all the applications that use Automatic SSL Endpoints. Follow this guide if you want to bring your own certificates.

Deploy a Kubernetes cluster

We recommend that you follow your cloud provider's Kubernetes cluster creation guide. Okteto supports Kubernetes versions 1.21 through 1.23.

We recommend the following specs:

  • v1.23
  • A pool with at least 3 nodes with a minimum of 4CPUs and 16 GB of Memory
  • 100 GB per disk

You'll be using the cluster's API server endpoint when configuring Okteto.

Our installation guides assume Okteto will be running in a dedicated cluster. We recommend contacting our team if you plan on installing Okteto in a cluster with other workloads.

Installing kubectl

Follow the official Kubernetes documentation for installing kubectl.

Be sure to configure your kubectl to talk to your newly minted cluster.

Installing Helm v3

Follow the official documentation for installing the latest release of Helm v3.

Authentication

Okteto uses OAuth for user authentication. It currently supports GitHub, Google, and OpenID Connect.

Follow GitHub's official documentation on how to create an OAuth App.

When creating the OAuth App, you will need to provide the following values:

Homepage URL:

https://okteto.DOMAIN

Authorization callback URL:

https://okteto.DOMAIN/auth/callback

You'll use the client ID and client Secret when installing Okteto.

Cloud Provider Account

Okteto needs to perform the following actions on your cloud provider:

  1. Read and Write from block storage (this is used when pulling and pushing images to the registry)

Please refer to the following documents on how to create the credentials in the different cloud providers:

Registering your Domain

Follow these instructions to register your domain in Route53.

Register your domain using the same account used to create your EKS cluster.

Creating an S3 Bucket

Okteto uses S3 to store your private images. Follow Amazon's guide on how to create s3 buckets. Create the bucket in the region as your EKS cluster, and keep it private.

Creating an IAM

The Okteto Registry needs access to S3 for uploading and downloading your container images.

We recommend you follow AWS' official documentation on how to create and manage IAM Users for more information on this.

Create an IAM User with the following actions (replace YOUR_BUCKET with your s3 bucket name):

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET/*"
}
]
}

Once the IAM User is created, generate a set of Access keys and save them locally. You'll use the keys when installing Okteto.

You'll use the credentials when installing Okteto.

Deploying Okteto

With the environment set up and configuration generated, you can now proceed to the deployment of Okteto.