Quick Start with DigitalOcean

Deploy and manage your DigitalOcean infrastructure with Meshery. You can run Meshery on DigitalOcean in two ways: out-of-cluster using Docker on a Droplet, or in-cluster on a DigitalOcean Kubernetes (DOKS) cluster. Note: It is advisable to install Meshery in your DOKS cluster.

Prerequisites

Install the Meshery command line client, mesheryctl.
Install kubectl on your local machine.
Install the DigitalOcean CLI (doctl), authenticated for your account.
A DigitalOcean account with access to either a Droplet or an active DOKS cluster.

Also see: Install Meshery on Kubernetes

Available Deployment Methods

Option 1: Docker on a Droplet (Out-of-Cluster)

Run Meshery as a standalone management plane on a DigitalOcean Droplet using Docker. This out-of-cluster deployment is well suited for managing one or more remote clusters from a single, always-on host.

Provision a Droplet

Create an Ubuntu Droplet from the DigitalOcean Control Panel, or with doctl:

	
		doctl compute droplet create meshery --image ubuntu-22-04-x64 --size s-2vcpu-4gb --region nyc1 --ssh-keys [YOUR_SSH_KEY_FINGERPRINT]

Meshery runs comfortably on a Droplet with at least 2 vCPUs and 4 GB of memory. Once the Droplet is ready, connect to it over SSH:

	
		ssh root@[DROPLET_IP]

Install Docker and Docker Compose on the Droplet, followed by mesheryctl.

Install Meshery on Docker

On the Droplet, start Meshery on Docker:

	
		mesheryctl system start -p docker

To manage a remote cluster (for example, a DOKS cluster) from this out-of-cluster deployment, make the cluster’s kubeconfig available to Meshery. See Customizing Kubernetes Configuration Location.

Access Meshery UI

By default, Meshery UI is served on port 9081. To reach it from your browser, allow inbound traffic to that port using a DigitalOcean Cloud Firewall:

	
		doctl compute firewall create --name meshery-ui --inbound-rules "protocol:tcp,ports:9081,address:[YOUR_IP]/32" --droplet-ids [DROPLET_ID]

Open your browser and navigate to http://[DROPLET_IP]:9081.

Secure your Droplet

Avoid exposing Meshery UI to the public internet. Restrict the firewall rule to your own IP address, or keep port 9081 closed and reach the UI through an SSH tunnel instead: ssh -L 9081:localhost:9081 root@[DROPLET_IP].

Option 2: DigitalOcean Kubernetes (In-Cluster)

Follow the steps below to install Meshery into your DigitalOcean Kubernetes (DOKS) cluster.

Preflight: Cluster Connectivity

Authenticate doctl with your DigitalOcean account using a personal access token.

	
		doctl auth init

2. Download your cluster’s credentials and set it as the current kubectl context. Replace [CLUSTER_NAME] with the name or ID of your DOKS cluster.

	
		doctl kubernetes cluster kubeconfig save [CLUSTER_NAME]

3. Verify your kubeconfig’s current context.

	
		kubectl config current-context

Installation: Using `mesheryctl`

Ensure that the current platform is set to kubernetes in ~/.meshery/config.yaml, then execute mesheryctl system start to start Meshery.

	
		mesheryctl system start

If you encounter any authentication issues, you can use mesheryctl system login. For more information, click here to learn more.

Installation: Using Helm

For detailed instructions on installing Meshery using Helm V3, please refer to the Helm Installation guide.

Post-Installation Steps

Optionally, you can verify the health of your Meshery deployment using mesheryctl system check.

To expose Meshery UI outside the cluster, create a LoadBalancer service; DigitalOcean automatically provisions a DigitalOcean Load Balancer and assigns an external IP. Alternatively, use port-forwarding by following the mesheryctl system dashboard guide.

You’re ready to use Meshery! Open your browser and navigate to the Meshery UI.

Accessing Meshery UI

After successfully deploying Meshery, you can access Meshery's web-based user interface. Your default browser will automatically open and navigate to Meshery UI (default location is http://localhost:9081).

You can use the following command to open Meshery UI in your default browser:


mesheryctl system dashboard

If you have installed Meshery on Kubernetes or a remote host, you can access Meshery UI by exposing it as a Kubernetes service or by port forwarding to Meshery UI.


mesheryctl system dashboard --port-forward

Depending on how you have networking configured in Kubernetes, you can use kubectl to port forward to the Meshery UI.


kubectl port-forward svc/meshery 9081:9081 --namespace meshery

Verify Kubernetes Connection

After installing Meshery, regardless of the installation type, it is important to verify that your kubeconfig file has been uploaded correctly via the UI.

In the Meshery UI, navigate to Lifecycle from the menu on the left.
Click on Connections.
Ensure that your cluster appears in the list of connections and is marked as Connected.
Click on the cluster name to perform a ping test and confirm that Meshery can communicate with your cluster.

Customizing Your Meshery Provider Callback URL

Meshery Server supports customizing your Meshery Provider authentication flow callback URL. This is helpful when deploying Meshery behind multiple layers of networking infrastructure.

For production deployments, it is recommended to access the Meshery UI by setting up a reverse proxy or using a LoadBalancer. By specifying a custom redirect endpoint, you can ensure that authentication flows complete successfully, even when multiple routing layers are involved.

Note: For production deployments, it is important to select the Remote Provider in order to control which identity providers are authorized. Learn more about this in the Extensibility: Providers guide.

Define a custom callback URL by setting up the MESHERY_SERVER_CALLBACK_URL environment variable before installing Meshery.

To customize the authentication flow callback URL, use the following command:


MESHERY_SERVER_CALLBACK_URL=https://custom-host mesheryctl system start

Meshery should now be running in your Kubernetes cluster and the Meshery UI should be accessible at the EXTERNAL IP of the meshery service.

AKS

EKS