Concepts

Delete application

Sometimes you're just testing something out, or an application life cycle has come to an end, and the need to clean up existing resources arise. Delete an application # Usage okctl delete application -f # Example okctl delete application -f app.yaml Delete an application manually okctl apply application creates a few

Cognito

Multi-factor authentication MFA is enabled by default in clusters created with okctl version 0.0.103 and up. If the cluster was created before that, follow the instructions below to enable. In the event of a compromised QR code / MFA secret, notify Kjøremiljø ASAP. Activate MFA for Cognito This can

Cluster Reference

The following attributes are available for modifying an Okctl environment Metadata Type: Object accountId required Type: String Example: 123456789123The AWS Account ID where your Okctl environment will live. This is the account that will own all resources that Okctl sets up.name required Type: String Example: kjoremiljo-prodName can be anything,

Application reference

WIP The following attributes are available for modifying an Okctl application. name A name that identifies your app. namespace The Kubernetes namespace where your app will live. uri he Docker image containing the application. image.uri and image.name is mutually exclusive. Either specify the URI or define a name

Virtual environment

To be able to use the Kubernetes cluster set up by Okctl you can run # Usage okctl venv -c # Example okctl venv -c cluster.yaml This will run a subshell with everything you need (hence a "virtual environment") to use  your Kubernetes cluster, such as kubectl. Verify that everything works

Monitoring

With Okctl we create an observability stack in the cluster that provides metrics, traces, and logs from the Kubernetes cluster, relevant AWS resources, and the applications running in the cluster. Observability stack The observability stack relies on Grafana [https://grafana.com/oss/grafana/] at its core. Using the data sources

Continuous integration and deployment

The following guide is to help set up continuous integration and deployment (CI/CD) for an application running on a cluster set up with Okctl. For this example and in the reference app we will be using GitHub actions Prerequisites It is assumed that you already have set up a

Database

To help manage the application lifecycle we provide add-ons that aim to make your life easier as a developer. While there aren't many of these available at the moment, we expect this to change as new requirements in the product teams surface. Postgres It is now possible to create an

Architecture

Okctl relies on services in AWS and GitHub to provide its functionality. In the following sections, we describe some core services we use from the cloud provider. Cloud components Cloud providers offer a vast array of functionality for: * Networking * Computation * DNS * Certificates * Databases * Block storage * Artificial intelligence In Okctl we

Upgrade applications

TL;DR: To upgrade an application, download the latest Okctl, run okctl apply application, do a git diff to see changes, and merge manually with your existing files. Motivation Sometimes newer versions of Okctl updates the way okctl apply application works. For example, the latest Okctl version may create an

Upgrade okctl environment

The Okctl team is continously updating the okctl command line tool in order to bring new features and bug fixes to the infrastructure and applications that Okctl sets up. Existing Okctl environments need to be upgraded in order to stay up to date with new versions of Okctl. This is

Secrets

Kubernetes External Secrets Kubernetes External Secrets [https://github.com/external-secrets/kubernetes-external-secrets/] allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes. We have installed external secrets and configured it to use SSM Parameter store [https://www.okctl.io/architecture/

Delete cluster

During testing, or maybe when a project has come to an end - there might be a necessity to delete a cluster created with Okctl. Delete a cluster # Usage okctl --cluster-declaration delete cluster # Example: okctl --cluster-declaration cluster.yaml delete cluster Delete a cluster manually The delete operation may have failed

Authenticating to AWS

Okctl provides three options for authentication to your AWS account: * Named AWS profile, including AWS Single Sign-On (SSO), (default) * IAM access key In addition to login to the AWS account, you can also give access to other users to your Kubernetes cluster. NB! This is also required if you use

Authenticating to Github

Authenticating to Github can be done either by using "device authentication flow" or using a service user. Using device authentication flow Okctl's default method for authenticating with Github, is using the device authentication flow. At the beginning of the cluster creation process, Okctl will ask you to enter a code
You've successfully subscribed to Okctl
Great! Next, complete checkout for full access to Okctl
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.