Deploy your Okteto instance

Create the Okteto Namespace

Run the command below to create a namespace for okteto:

$ kubectl create namespace okteto

Configuration file

Before running helm install, we recommend that you create a yaml configuration file with your choices about how to install Okteto. This guide will walk you through the most common options. A complete list of configuration options is available here.

You can use this sample configuration file as a starting point. The different configuration settings are explained below.

Email

You'll need to provide the email of the application owner.

email: "admin@example.com"

Cluster Endpoint

This is the public endpoint of your Kubernetes cluster. It will be used by Okteto when generating Kubeconfig credentials for your users.

cluster:
  endpoint: "https://52.30.32.1"

Domain

The domain (or subdomain) managed by your Okteto installation.

Your users will be able to access your Okteto instance at okteto.$SUBDOMAIN. All ingresses created by okteto will be use it as well (e.g. https://app-$NAMESPACE.$SUBDOMAIN)

subdomain: "example.com"

License

Okteto is free for small teams. You get all the features of Okteto for up to 3 users.

license: XXXXX

Want to use Okteto with a bigger team? Let's talk

You can also use a secret to store the license.

Authentication

Okteto supports using Bitbucket, GitHub, Google, or OpenID Connect as authentication providers.

Use the clientId and clientSecret that you created in the previous step.

Bitbucket

auth:
  bitbucket:
    enabled: true
    clientId: OAuth Consumer Key
    clientSecret: OAuth Consumer Secret
    workspace: my-workspace

An empty workspace field allows any Bitbucket user to authenticate.

GitHub

auth:
  google:
    enabled: true
    clientId: clientid.apps.googleusercontent.com
    clientSecret: clientSecret

Google

auth:
  github:
    enabled: true
    clientId: clientID
    clientSecret: clientSecret
    organization: my-org

An empty organization field allows any GitHub user to authenticate.

OpenID Connect

auth:
  openid:
    enabled: true
    clientId: clientID
    clientSecret: clientSecret
    group: my-group
    endpoints:
      issuer: https://your-provider
      authorization: https://your-provider/authorization

An empty group field allows any user to authenticate.

The issuer and authorization endpoints must match the value returned in the provider config discovery.

Further configuration settings are described here.

You can also use a secret to store the sensitive part of these credentials.

Cloud Provider

Specify the cloud provider you'll use, as well as identity details.

Azure

cloud:
  provider:
    azure:
      enabled: true
      storage:
        container: "Storage Container Name"
        accountName: "Storage Account Name"

AWS

cloud:
  provider:
    aws:
      enabled: true
      bucket: "Bucket Name"
      region: "AWS region"
      iam:
        accessKeyID: "IAM Access Key"

Digital Ocean

cloud:
  provider:
    digitalocean:
      enabled: true
      region: "Region ID"
      space:
        name: "Space Name"
        accessKeyID: "Space Access Key ID"

Google Cloud

cloud:
  provider:
    gcp:
      enabled: true
      bucket: "Bucket Name"
      project: "Project ID"

Cloud Provider Secret

Create a secret named okteto-cloud-secret to store the Cloud Provider credentials created in the preparation step.

Azure

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=STORAGE_ACCOUNT_ACCESS_KEY

• STORAGE_ACCOUNT_ACCESS_KEY: A storage account access key with read/write permissions to the storage container specified in the configuration.

AWS

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=IAM_ACCESS_SECRET

• IAM_ACCESS_SECRET: The access secret of an IAM with read/write permissions to the bucket and Route53 zone specified in the configuration.

Digital Ocean

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-literal=key=ACCESS_KEY

• ACCESS_KEY: The access key of the storage space specified in the configuration.

Google Cloud

$ kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-file=key=key.json

• key.json: A file containing the key of a service account with read/write permissions to the storage bucket specified in the configuration.

Store Additional Values

You can also use the okteto-cloud-secret secret to store the following values instead of setting them in your helm configuration file:

• OKTETO_LICENSE: use this instead of .Values.license in your helm configuration file.
• GOOGLE_CLIENTSECRET: use this instead of .Values.auth.google.clientSecret in your helm configuration file.
• GITHUB_CLIENTSECRET: use this instead of .Values.auth.github.clientSecret in your helm configuration file.
• BITBUCKET_CLIENTSECRET: use this instead of .Values.auth.bitbucket.clientSecret in your helm configuration file.
• OPENID_CLIENTSECRET: use this instead of .Values.auth.openid.clientSecret in your helm configuration file.
• GITHUB_INTEGRATION_CLIENTSECRET: use this instead of .Values.github.clientSecret in your helm configuration file.
• GITHUB_APP_PRIVATE_KEY: use this instead of .Values.github.appPrivateKey in your helm configuration file.

Deploy the Okteto Chart

Run helm install to deploy your Okteto instance. In this example, we have named our Helm release okteto.

$ helm repo add okteto https://charts.okteto.com
$ helm repo update
$ helm install okteto okteto/okteto  -f config.yaml --namespace=okteto

You can also use --version version if you would like to install a specific version of Okteto.

Check the status of the deployment by running helm status okteto.

Post Install Configuration

Once the chart is installed, follow the onscreen instructions to finalize the configuration.

Initial login

You can access your Okteto instance by going to https://okteto.$SUBDOMAIN. An account will be automatically created for you as part of the login process.