by Okteto



Okteto installs everything that you and your team need to start using Kubernetes as your development platform with one click. Okteto automatically manages credentials, namespaces, roles, policies and quotas so you can provide self-service development environment to everyone in your team. The power of Okteto Cloud available on your own infrastructure. After installing this 1-Click App you will have a cluster with:

  1. A self-service portal to manage users, credentials, namespaces and policies on demand.
  2. An operator that automatically validates and creates ingresses for your kubernetes services.
  3. `nginx-ingress` for your cluster, fronted by a load balancer and configured with a valid wildcard certificate.
  4. `cert-manager` configured to generate and refresh the required certificates.

Software Included

Cert Manager0.8.0Apache 2
Nginx Ingress0.25.1Apache 2

Getting started after deploying Okteto

After you have downloaded your kubeconfig file, and are able to successfully connect to your DigitalOcean Kubernetes cluster (see https://cloud.digitalocean.com/kubernetes/clusters/ if you haven’t connected to your cluster) follow the instructions below to start using Okteto.

Initial Configuration

The first step is to configure your network so that https://okteto.local points to the external IP of the Load Balancer.

Run the following command in a terminal shell to get the External IP address of the Load Balancer.

kubectl get svc -n=okteto -l="app=nginx-ingress,component=controller"

You should see output like the following:

NAME                          TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
do-nginx-ingress-controller   LoadBalancer   80:30657/TCP,443:30482/TCP   16m

Add the following line - using your own EXTERNAL IP - to the bottom of the /etc/hosts file. okteto.local

Open your browser and go to https://okteto.local/#admin to load the configuration screen. Your team won't be able to use Okteto until you finish this step.

You'll need an admin token to login to the configuration screen. Run the following command in a terminal shell to retrieve it:

kubectl get sa -n=okteto do-okteto-enterprise -ojsonpath='{.metadata.labels.dev\.okteto\.com/token}'

Once you log in to the configuration page, you'll need to provide the following values to complete Okteto's initial configuration:

  1. The email of the owner of the application.
  2. A dedicated subdomain for your Okteto instance.
  3. Your Kubernetes cluster's public endpoint.
  4. The ClientID and Client Secret of a Github OAuth app.
  5. A list of the Github IDs that are allowed to login (leave it empty to allow everyone).
  6. A Digital Ocean personal access token.

Press Save once you're ready to apply the new configuration. It'll take about 30 seconds for the configuration to be applied.

Your Okteto instance is now fully configured. It will be available via https://okteto.$SUBDOMAIN (e.g. https://okteto.dev.example.com). The next section explains how to configure the DNS for this.

DNS configuration

Run the following command in a terminal shell to get the External IP address of the Load Balancer.

kubectl get svc -n=okteto -l="app=nginx-ingress,component=controller"

You should see output like the following:

NAME                          TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
do-nginx-ingress-controller   LoadBalancer   80:30657/TCP,443:30482/TCP   16m

Create a wildcard A record for the entire subdomain and point it to the external IP of the load balancer.

DNS configuration

More information


Okteto can automatically create HTTPS endpoints for the applications you deploy in your cluster. We recommend that you give Okteto a dedicated subdomain to prevent endpoint clashes with other applications.

The Okteto web UI will always be available at https://okteto.$SUBDOMAIN.

The subdomain must be registered with Digital Ocean.

Cluster Public Endpoint

This is the fully qualified url of your Kubernetes cluster's apiserver. You can get it from the kubeconfig file you downloaded from Digital Ocean, e.g.:

apiVersion: v1
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://0b84ec60-fe41-4994-8e76-b53e00859ef9.k8s.ondigitalocean.com
  name: do-sfo2-ramiro


Okteto uses Github OAuth as the authentication provider. You'll need to create a Github OAuth app with the following values:

Homepage URL: https://okteto.$SUBDOMAIN

Authorization callback URL: https://okteto.$SUBDOMAIN/auth/callback

Personal Access Token

Okteto requires a Digital Ocean personal access token with read/write permissions to be able to create DNS entries when responding to ACME DNS-01 challenges. The entries will be created in the subdomain you provided in the configuration. You can create your personal access token by going here.


If you get stuck, or have any questions, feel free to reach out to us at hello@okteto.com, Twitter or our Slack channel.

Support Details

Hours:24 x 7
Support URL:https://okteto.com/enterprise/
Support Email:hello@okteto.com

More DigitalOcean Links

Product Docs

Technical overviews, how-tos, release notes, and support material


DevOps and development guidelines

API Docs

Run your resources programmatically

Ask a question

Connect, share and learn