Minikube Virtual Machine

This documentation describes the legacy CDK implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to the current CDK implementation as soon as possible.

Minikube is a tool that runs a single-node Kubernetes cluster in a virtual machine.

The following configuration has been validated for building custom Docker images for the ForgeRock Identity Platform using Minikube:

  • Kubernetes version: 1.21.4.

  • Memory: 10 GB or more.

  • Disk space: 40 GB or more.

To set up Minikube:

  1. Use the minikube start command to create a Minikube VM. In this example, the Minikube VM is created with a Kubernetes cluster suitable for building custom Docker images for the ForgeRock Identity Platform:

    $ minikube start --memory=12288 --cpus=3 --disk-size=40g --cni=true --vm=true \
     --driver=virtualbox --bootstrapper kubeadm --kubernetes-version=1.21.4 
    😄  minikube v1.23.2 on Darwin 11.5.1
    ✨  Using the virtualbox driver based on user configuration
    💿  Downloading VM boot image …​
        > minikube-v1.23.1.iso.sha256: 65 B / 65 B [-------------] 100.00% ? p/s 0s
        > minikube-v1.23.1.iso: 225.22 MiB / 225.22 MiB [ 100.00% 4.00 MiB p/s 1m2s
    👍  Starting control plane node minikube in cluster minikube
    🔥  Creating virtualbox VM (CPUs=3, Memory=12288MB, Disk=40960MB) …​
    🐳  Preparing Kubernetes v1.21.4 on Docker 20.10.6 …​
        ▪ Generating certificates and keys …​
        ▪ Booting up control plane …​
        ▪ Configuring RBAC rules …​
    🔗  Configuring CNI (Container Networking Interface) …​
        ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
    🌟  Enabled addons: default-storageclass, storage-provisioner
    🔎  Verifying Kubernetes components. . .
    🏄  Done! kubectl is now configured to use "minikube" by default
  2. Run the following command to enable the ingress controller built into Minikube:

    $ minikube addons enable ingress
        ▪ Using image k8s.gcr.io/ingress-nginx/controller:v0.44.0
        ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
        ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
    🔎  Verifying ingress addon…​
    🌟  The 'ingress' addon is enabled
  3. Install the Secret Agent operator:

    $ kubectl apply -f https://github.com/ForgeRock/secret-agent/releases/latest/download/secret-agent.yaml
    namespace/secret-agent-system created
    customresourcedefinition.apiextensions.k8s.io/secretagentconfigurations.secret-agent.secrets.forgerock.io created
    serviceaccount/secret-agent-manager-service-account created
    role.rbac.authorization.k8s.io/secret-agent-leader-election-role created
    clusterrole.rbac.authorization.k8s.io/secret-agent-manager-role created
    rolebinding.rbac.authorization.k8s.io/secret-agent-leader-election-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/secret-agent-manager-rolebinding created
    service/secret-agent-webhook-service created
    deployment.apps/secret-agent-controller-manager created
    Warning: admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration
    mutatingwebhookconfiguration.admissionregistration.k8s.io/secret-agent-mutating-webhook-configuration created
    Warning: admissionregistration.k8s.io/v1beta1 ValidatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration
    validatingwebhookconfiguration.admissionregistration.k8s.io/secret-agent-validating-webhook-configuration created

Next Step