Deploy using Helm on Minikube
-
Verify that you have set up your environment and created a Kubernetes cluster as documented in the setup section.
-
Ensure that the
image.repositoryandimage.tagsettings for all the platform components are correct in your /path/to/forgeops/charts/identity-platform/values.yaml file. For example:-
The following lines pertain to the AM image:
… 149 am: 150 enabled: true 151 replicaCount: 1 152 153 image: 154 repository: us-docker.pkg.dev/forgeops-public/images/am 155 tag: "7.5.0" 156 pullPolicy: IfNotPresent 157 imagePullSecrets: [] 158 …
-
The following lines pertain to the IDM image:
… 319 idm: 320 enabled: true 321 replicaCount: 1 322 323 image: 324 repository: us-docker.pkg.dev/forgeops-public/images/idm 325 tag: "7.5.0" 326 pullPolicy: IfNotPresent 327 imagePullSecrets: [] …
-
-
Set up your Kubernetes context:
-
Create a Kubernetes namespace in the cluster for the ForgeRock Identity Platform pods:
$ kubectl create namespace my-namespace -
Set the active namespace in your Kubernetes context to the Kubernetes namespace you just created:
$ kubens my-namespace
-
-
Run the install-prereqs command:
$ cd /path/to/forgeops/charts/scripts $ ./install-prereqs
-
Run the helm-upgrade command:
$ cd ../identity-platform $ helm upgrade --install identity-platform \ oci://us-docker.pkg.dev/forgeops-public/charts/identity-platform \ --version 7.5 --namespace my-namespace \ --set 'ds_idrepo.volumeClaimSpec.storageClassName=standard' \ --set 'ds_cts.volumeClaimSpec.storageClassName=standard' \ --set 'platform.ingress.hosts={forgeops.example.com}'The preceding command creates a single-instance ForgeOps deployment. Only single-instance deployments are supported on Minikube.
For more information about single-instance deployments, refer to Cluster and deployment sizes.
ForgeRock only offers ForgeRock software or services to legal entities that have entered into a binding license agreement with ForgeRock. When you install ForgeRock’s Docker images, you agree either that: 1) you are an authorized user of a ForgeRock customer that has entered into a license agreement with ForgeRock governing your use of the ForgeRock software; or 2) your use of the ForgeRock software is subject to the ForgeRock Subscription License Agreement.
-
Check the status of the pods in the namespace in which you deployed the platform until all the pods are ready:
-
Run the kubectl get pods command.
-
Review the output. Deployment is complete when:
-
All entries in the
STATUScolumn indicateRunningorCompleted. -
The
READYcolumn indicates all running containers are available. The entry in theREADYcolumn represents [total number of containers/number of available containers].
-
-
If necessary, continue to query your deployment’s status until all the pods are ready.
-
-
Perform this step only if you are running Minikube on an ARM-based macOS system[1] :
In a separate terminal tab or window, run the minikube tunnel command, and enter your system’s superuser password when prompted:
$ minikube tunnel ✅ Tunnel successfully started 📌 NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible … ❗ The service/ingress forgerock requires privileged ports to be exposed: [80 443] 🔑 sudo permission will be asked for it. ❗ The service/ingress ig requires privileged ports to be exposed: [80 443] 🏃 Starting tunnel for service forgerock. 🔑 sudo permission will be asked for it. 🏃 Starting tunnel for service ig. Password:
The tunnel creates networking that lets you access the Minikube cluster’s ingress on the localhost IP address (127.0.0.1). Leave the tab or window that started the tunnel open for as long as you run the ForgeOps deployment.
Refer to this post for an explanation about why a Minikube tunnel is required to access ingress resources when running Minikube on an ARM-based macOS system.
-
(Optional) Install a TLS certificate instead of using the default self-signed certificate in your ForgeOps deployment. Refer to TLS certificate for details.