Delete application

Sometimes you're just testing something out, or an application life cycle has come to an end, and the need to clean up existing resources arise. Delete an application # Usage okctl delete application -f <application manifest> # Example okctl delete application -f app.yaml Delete an application manually okctl apply


Multi-factor authentication MFA is enabled by default in clusters created with okctl version 0.0.103 and up. If the cluster was created before that, follow the instructions below to enable. In the event of a compromised QR code / MFA secret, notify Kjøremiljø ASAP. Activate MFA for Cognito This can

Cluster Reference

The following attributes are available for modifying an Okctl environment MetadataType: Object accountIdrequired Type: String Example: 123456789123 The AWS Account ID where your Okctl environment will live. This is the account that will own all resources that Okctl sets up.namerequired Type: String Example: kjoremiljo-prod Name can be anything, but

Application reference

WIPThe following attributes are available for modifying an Okctl application. nameA name that identifies your app. namespaceThe Kubernetes namespace where your app will live. urihe Docker image containing the application. image.uri and is mutually exclusive. Either specify the URI or define a name of an ECR repository

Virtual environment

To be able to use the Kubernetes cluster set up by Okctl you can run # Usage okctl venv -c <path to cluster declaration> # Example okctl venv -c cluster.yaml This will run a subshell with everything you need (hence a "virtual environment") to use  your Kubernetes cluster, such


With Okctl we create an observability stack in the cluster that provides metrics, traces, and logs from the Kubernetes cluster, relevant AWS resources, and the applications running in the cluster. Observability stackThe observability stack relies on Grafana at its core. Using the data sources capability of Grafana we can easily

Continuous integration and deployment

The following guide is to help set up continuous integration and deployment (CI/CD) for an application running on a cluster set up with Okctl. For this example and in the reference app we will be using GitHub actions PrerequisitesIt is assumed that you already have set up a cluster


To help manage the application lifecycle we provide add-ons that aim to make your life easier as a developer. While there aren't many of these available at the moment, we expect this to change as new requirements in the product teams surface. PostgresIt is now possible to create an AWS


Okctl relies on services in AWS and GitHub to provide its functionality. In the following sections, we describe some core services we use from the cloud provider. Cloud componentsCloud providers offer a vast array of functionality for: NetworkingComputationDNSCertificatesDatabasesBlock storageArtificial intelligenceIn Okctl we use a subset of this functionality to provide

Upgrade applications

TL;DR: To upgrade an application, download the latest Okctl, run okctl apply application, do a git diff to see changes, and merge manually with your existing files. MotivationSometimes newer versions of Okctl updates the way okctl apply application works. For example, the latest Okctl version may create an application

Upgrade okctl environment

The Okctl team is continously updating the okctl command line tool in order to bring new features and bug fixes to the infrastructure and applications that Okctl sets up. Existing Okctl environments need to be upgraded in order to stay up to date with new versions of Okctl. This is


Kubernetes External SecretsKubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes. We have installed external secrets and configured it to use SSM Parameter store as a backend. This means that we can store secrets in

Delete cluster

During testing, or maybe when a project has come to an end - there might be a necessity to delete a cluster created with Okctl. Delete a cluster# Usage okctl --cluster-declaration <path to cluster declaration> delete cluster # Example: okctl --cluster-declaration cluster.yaml delete cluster Delete a cluster manuallyThe

Authenticating to AWS

Okctl provides three options for authentication to your AWS account: Named AWS profile, including AWS Single Sign-On (SSO), (default)IAM access keyIn addition to login to the AWS account, you can also give access to other users to your Kubernetes cluster. NB! This is also required if you use several

Authenticating to Github

Authenticating to Github can be done either by using "device authentication flow" or using a service user. Using device authentication flowOkctl's default method for authenticating with Github, is using the device authentication flow. At the beginning of the cluster creation process, Okctl will ask you to enter a code in
You've successfully subscribed to Okctl
Great! Next, complete checkout for full access to Okctl
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.