Skip to main content

DigitalOcean UI Prerequisites

Summary

This document walks through the prerequisites for installing Kubefirst using DigitalOcean and the Kubefirst UI. These prerequisites are valid for the UI installation for users who are starting with no cluster using the kubefirst launch up path, and users who have an existing cluster in DigitalOcean for installing with Helm.

Install Assumptions

Before getting started make sure you are aware of the following:

  • We assume that you already have a DigitalOcean account and credentials.
  • We assume you have a git organization (in either GitLab or GitHub) that is free to use for this installation.
  • We are assuming you have never installed Kubefirst before.
    • If you have previously installed Kubefirst or Kubefirst you will need to remove the ~/.k1 folder, the ~/.kubefirst file, and anything related to k3d in Docker for the steps, as they’re outlined here, to be successful.
  • We’re going to use your personal account for GitHub or GitLab as an admin and associate it with the bot that we use to build automation. This is faster but it also means that if you want to continue beyond just “testing it out” there are additional steps required to establish an independent bot account for the system to use.

Prerequisites

Before getting started with this installation there are several things you will need to have set up to successfully complete the installation.

Homebrew

The commands we provide here assume you are using Homebrew.

Kubectl

The instructions below also use kubectl. Run the following brew command to install

brew install kubernetes-cli

Kubefirst CLI

Run the following brew command to install the Kubefirst CLI

brew install konstructio/taps/kubefirst

Git Provider (GitHub or GitLab)

After provisioning your installer cluster you will need to have domain details for your preferred Git provider for your management cluster. We support GitHub and GitLab.

  • Organization name/Group name
  • Personal Access token
  • Username

Check out our instructions for details (including scopes/permissions) on creating your git token.

DNS

Kubefirst assumes that you will use your cloud provider for DNS. We also support Cloudflare, refer to the details below.

For information on DigitalOcean check out their documentation on adding DNS.

Cloudflare (Optional for DNS)

If you prefer to use Cloudflare as your DNS provider:

  • Create a dedicated Cloudflare user account
  • Create a user token with read and write access to your registered zone. This token will be required during installation.

Refer to the Cloudflare documentation for user token creation for additional details.

mkcert Certificate Authority

tip

This is not an optional step: the cluster creation will fail if you don't install the mkcert CA in your trusted store.

We use mkcert to generate local certificates and serve https with the Traefik Ingress Controller. During the installation, Kubefirst generates these certificates and pushes them to Kubernetes as secrets to attach to Ingress resources.

To allow the applications running in your Kubefirst platform, in addition to your browser, to trust the certificates generated by your Kubefirst install, you need to install the CA (Certificate Authority) of mkcert in your trusted store.

Run the following command to install mkcert.

brew install mkcert
mkcert -install

For Firefox, you will also need to install Network Security Services (NSS):

brew install nss

Known Limitations

Installation of Kubefirst using DigitalOcean marketplace has the following known limitations

Let's Encrypt Certificate Rate Limit

Kubefirst uses Let's encrypt to automatically create certificates for your domains. Let's encrypt is limited to 50 weekly certificates with an additional limitation of 5 per subdomain. In some scenarios you may reach that limit if you often create and destroy Kubefirst clusters using the same domain during a short period. You can use the Let's Debug Toolkit to check those, but note that the result isn't always valid.

Cloudflare DNS with origin certificates is an alternative method that allows unlimited certificate creation if this limit impacts you.

Getting Support

If you’re not sure this is the best method of installation for you, or you started the install and ran into issues, or if you have a question about the process and don’t see it mentioned here, we've got you covered. Join our Slack Community for support and get the answers you need!