Google Kubernetes Engine (GKE)
This guide will show you how to install Okteto onto Google Kubernetes Engine (GKE). We'll be focusing exclusively on GKE in order to keep it as simple as possible.
Requirements
In order to fully install Okteto, you will need the following:
- A subdomain to which you can add a wildcard DNS record
- A Kubernetes cluster
- A working installation of kubectl
- A working installation of Helm v3 (v3.8 or higher)
- A Google (or GitHub) OAuth application
- A Google Cloud service account and a key
- A Google Cloud Storage bucket
- An Okteto License (optional)
Subdomain
You'll need access to a subdomain to which you can add a wildcard DNS record, such as dev.example.com.
This guide will assume that your domain is registered in Google's Cloud DNS. Other DNS services can be used as well, but are not covered by this guide.
Deploy a Kubernetes cluster
We recommend that you follow Google's GKE cluster creation guide. Okteto supports Kubernetes versions 1.21 through 1.23.
We recommend the following specs:
- v1.23
- A pool with at least 3
n1-standard-4nodes - 250 GB per disk
You'll be using the cluster's API server endpoint when configuring Okteto. Run the following command to obtain your cluster's API server endpoint:
kubectl config view --minify | grep server
Our installation guides assume Okteto will be running in a dedicated cluster. We recommend contacting our team if you plan on installing Okteto in a cluster with other workloads.
Installing kubectl
Follow the official documentation for installing kubectl. Once installed, configure kubectl to talk to your new cluster.
Installing Helm v3 (v3.8 or higher)
Follow the official documentation for installing the latest release of Helm v3 (v3.8 or higher).
Creating the Google OAuth application
Okteto supports OAuth providers like Google, GitHub, or OpenID Connect to handle user authentication. For this guide, we will focus on using Google. All the supported configuration settings are described here.
Follow Google's official documentation on how to create an OAuth 2.0 Client.
When creating the OAuth 2.0 Client, you will need to provide the following values:
Authorized javascript origin:
https://okteto.DOMAIN
Authorized redirect URIs:
https://okteto.DOMAIN
https://okteto.DOMAIN/auth/callback
You'll use the client ID and client Secret when installing Okteto.
Creating a Google Cloud Storage Bucket
Okteto uses Google Cloud Storage to store your private images. Follow Google's guide on how to create storage buckets. Create the bucket in the same project and region as your GKE cluster, and keep it private.
Creating a Google Cloud Service Account
The Okteto Registry needs access to Cloud Storage for uploading and downloading your container images.
We recommend you follow Google's official documentation on how to create and manage Service Accounts for more information on this.
You'll need to perform the following tasks:
- Create a
Service Accountin the same Google Cloud project as your GKE cluster. - Give it the
Storage Object Adminroles. - Create a
JSONkey and save it locally. We'll be using this when installing Okteto.
Adding the Okteto Helm repository
You'll need to add the Okteto repository in order to be able to install Okteto:
helm repo add okteto https://charts.okteto.com
helm repo update
Getting your Okteto License
Okteto is free for up to 3 users without a license. You can also sign on for the free trial to give access up to 100 users for a month.
Installing Okteto
Create the Okteto Namespace
Run the following command to create a namespace to install Okteto in:
$ kubectl create namespace okteto
Configuring your Okteto instance
Create a Kubernetes secret with the Service Account key you created before:
kubectl create secret generic okteto-cloud-secret --namespace=okteto --from-file=key=$PATH_TO_KEY_FILE
Download a copy of the Okteto GKE configuration file, open it, and set the following values:
- Your
email - Your
license(optional) - A
subdomain clientIdandclientSecretof the OAuth 2.0 Client you created- Your cluster's API server endpoint
- The name of the
bucketyou created - The
projectid of your cluster
For example:
email: admin@example.com
license: 1234567890ABCD==
subdomain: dev.example.com
auth:
google:
enabled: true
clientId: clientid.apps.googleusercontent.com
clientSecret: clientSecret
cluster:
endpoint: https://35.205.100.149
cloud:
provider:
gcp:
enabled: true
project: okteto-dev
bucket: okteto-private-images
buildkit:
ingress:
enabled: false
service:
type: LoadBalancer
Installing your Okteto instance
Install the latest version of Okteto by running:
helm install okteto okteto/okteto -f config.yaml --namespace=okteto
After a few seconds, all the resources will be created. The output will look something like this:
Release "okteto" has been installed. Happy Helming!
NAME: okteto
LAST DEPLOYED: Thu Mar 26 18:07:55 2020
NAMESPACE: okteto
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Create the following DNS record, pointing it to the NGINX controller service External-IP:
- "*.dev.example.com"
You can retrieve the External IP by running:
kubectl get service -l=app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/component=controller --namespace=okteto
2. Create the following DNS record, pointing it to the Buildkit service External-IP:
- "buildkit.dev.example.com"
You can retrieve the External IP by running:
kubectl get service -l=app.kubernetes.io/instance=okteto,app.kubernetes.io/component=buildkit --namespace=okteto
3. Once you create both DNS entries you can access your Okteto instance at this URL:
https://okteto.dev.example.com
You can also install a specific version by including the
--versionargument.
Retrieve the Ingress Controller IP address
We can use the instructions kubectl to fetch the address that has been dynamically allocated by GKE to the NGINX Ingress we've just installed and configured as a part of Okteto:
kubectl get service -l=app.kubernetes.io/name=ingress-nginx,app.kubernetes.io/component=controller --namespace=okteto
The output will look something like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
okteto-ingress-nginx-controller LoadBalancer 10.0.7.73 34.68.230.234 80:30795/TCP,443:32481/TCP,1234:30885/TCP 5m
You'll need to take the EXTERNAL-IP address, and add it to your DNS for the domain you have chosen to use. In Google Cloud DNS, this is done by creating an A record with the name *. We also suggest you set the TTL to 1 minute.
Retrieve the Buildkit IP address
You can use kubectl to fetch the address that has been dynamically allocated by GKE to the Buildkit instance you've just installed and configured as a part of Okteto:
kubectl get service -l=app.kubernetes.io/instance=okteto,app.kubernetes.io/component=buildkit --namespace=okteto
The output will look something like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
okteto-buildkit LoadBalancer 10.245.142.73 34.68.230.233 1234:32449/TCP 5m
You'll need to take the EXTERNAL-IP address, and add it to your DNS for the domain you have chosen to use. This is done by creating an A record with the name buildkit.
Sign in to your Okteto instance
Important: The default installation uses self-signed certificates. We strongly recommend that you configure Okteto to bring your own certificates before giving your team access to your instance.
You can access your Okteto instance at https://okteto.SUBDOMAIN. Your account will be automatically created as part of the login process. The first user to successfully log into the instance will be automatically assigned the administrator role.